Docker之jenkins部署harbor在harbor中完成部署
1、harbor作用
Harbor允许用户用命令行工具对容器镜像及其他Artifact进行推送和拉取,并提供了图形管理界面帮助用户查阅和删除这些Artifact。在Harbor 2.0版本中,除容器镜像外,Harbor对符合OCI规范的Helm Chart、CNAB、OPA Bundle等都提供了更多的支持。另外,Harbor为管理员提供了丰富的管理功能,特别是作为开源软件,随着版本的迭代,很多社区用户的反馈和贡献被吸收进来以便更好地适应。
2、harbor下载
https://github.com/goharbor/harbor/releases/tag/v2.8.3
3、安装
将里面的harbor.yml.temp 复制一份变成harbor.yml文件,然后修改下面几个
yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.ycz.com # 这里改,之后在etc/host中新增
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8000 # 这里改
# https related config
#https: # 注释
# https port for harbor, default is 443
# port: 443 # 注释
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# # Uncomment following will enable tls communication between all harbor 启动
bash
sudo ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 24.0.2
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.19.1
[Step 2]: loading Harbor images ...
+Loaded image: goharbor/registry-photon:v2.8.3
Loaded image: goharbor/notary-server-photon:v2.8.3
Loaded image: goharbor/notary-signer-photon:v2.8.3
Loaded image: goharbor/harbor-log:v2.8.3
Loaded image: goharbor/redis-photon:v2.8.3
Loaded image: goharbor/harbor-jobservice:v2.8.3
Loaded image: goharbor/prepare:v2.8.3
Loaded image: goharbor/harbor-core:v2.8.3
Loaded image: goharbor/harbor-registryctl:v2.8.3
Loaded image: goharbor/nginx-photon:v2.8.3
Loaded image: goharbor/trivy-adapter-photon:v2.8.3
Loaded image: goharbor/harbor-portal:v2.8.3
Loaded image: goharbor/harbor-db:v2.8.3
Loaded image: goharbor/harbor-exporter:v2.8.3
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /Users/mac/docker/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
[Step 5]: starting Harbor ...
[+] Running 10/10
✔ Network harbor_harbor Created 0.1s
✔ Container harbor-log Started 0.7s
✔ Container registryctl Started 1.4s
✔ Container harbor-portal Started 1.5s
✔ Container harbor-db Started 1.5s
✔ Container redis Started 1.8s
✔ Container registry Started 1.8s
✔ Container harbor-core Started 2.0s
✔ Container nginx Started 2.5s
✔ Container harbor-jobservice Started 2.5s
✔ ----Harbor has been installed and started successfully.----4、访问
默认密码时 admin Harbor12345
5、新增一个仓库,随便取名字
6、docker随便弄一个镜像试试能不能上传到仓库上
将mytest的重命名了,命名方式为 harbor地址/项目名/镜像名:版本
bash
macdeMacBook-Pro:harbor mac$ docker tag 84fd17f590f0 harbor.ycz.com:8000/repo/mytest:latest
macdeMacBook-Pro:harbor mac$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mytest latest 84fd17f590f0 32 minutes ago 558MB
harbor.ycz.com:8000/repo/mytest latest 84fd17f590f0 32 minutes ago 558MBpush上去,发现没有权限
bash
macdeMacBook-Pro:~ mac$ docker push harbor.ycz.com:8000/repo/mytest:latest
The push refers to repository [harbor.ycz.com:8000/repo/mytest]
0eeca62d60e3: Preparing
508262fdcf74: Preparing
99417f399c4c: Preparing
6b5aaff44254: Preparing
53a0b163e995: Preparing
b626401ef603: Waiting
9b55156abf26: Waiting
293d5db30c9f: Waiting
03127cdb479b: Waiting
9c742cd6c7a5: Waiting
unauthorized: unauthorized to access repository: repo/mytest, action: push: unauthorized to access repository: repo/mytest, action: push登陆之后再push
bash
macdeMacBook-Pro:~ mac$ docker login -u admin -p Harbor12345 harbor.ycz.com:8000
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
macdeMacBook-Pro:~ mac$ docker push harbor.ycz.com:8000/repo/mytest:latest
The push refers to repository [harbor.ycz.com:8000/repo/mytest]
0eeca62d60e3: Pushed
508262fdcf74: Pushed
99417f399c4c: Pushed
6b5aaff44254: Pushed
53a0b163e995: Pushed
b626401ef603: Pushed
9b55156abf26: Pushed
293d5db30c9f: Pushed
03127cdb479b: Pushed
9c742cd6c7a5: Pushed
latest: digest: sha256:68fa7d0fef4a2c8286cf195a6a7566f58f86349c5e04829f84083feae31eee99 size: 2421成功
将刚刚push之前的harbor.ycz.com:8000/repo/mytest:latest删了,之后再从repo中拉取试试看
bash
macdeMacBook-Pro:~ mac$ docker pull harbor.ycz.com:8000/repo/mytest:latest
latest: Pulling from repo/mytest
Digest: sha256:68fa7d0fef4a2c8286cf195a6a7566f58f86349c5e04829f84083feae31eee99
Status: Downloaded newer image for harbor.ycz.com:8000/repo/mytest:latest
harbor.ycz.com:8000/repo/mytest:latest
What's Next?
View summary of image vulnerabilities and recommendations → docker scout quickview harbor.ycz.com:8000/repo/mytest:latest7、将原来的jenkins项目构建docker中改成这样
bash
docker build -t mytest /var/jenkins_home/workspace/test
docker login -u admin -p Harbor12345 harbor.ycz.com:8000
docker tag mytest:latest harbor.ycz.com:8000/repo/mytest:latest
docker push harbor.ycz.com:8000/repo/mytest:latest成功构建
成功push到harbor
8、需要在harbor服务器中编写docker构建的代码
- 告知服务器拉取哪个镜像
- 判断当前的服务器是否在进行,需要删除
- 如果目标服务器已经存在当前的镜像,需要删除
- 目标服务器拉取harbor上的镜像
- 将拉取下来的镜像运行成容器
vi deploy.sh
bash
harbor_addr=$1
harbor_repo=$2
project=$3
version=$4
container_port=$5
host_port=$6
imageName=$harbor_addr/$harbor_repo/$project:$version
echo $imageName
containerId=`docker ps -a | grep ${project} | awk '{print $1}'`
echo $containerId
if [ "$containerId" != "" ] ; then
docker stop $containerId
docker rm $containerId
fi
tag=`docker images | grep ${project} | awk '{print $2}'`
echo $tag
if [[ "$tag" =~ "$version" ]] ; then
docker rmi $imageName
fi
docker login -u admin -p Harbor12345 $harbor_addr
docker pull $imageName
docker run -d -p $host_port:$container_port --name $project $imageName
echo "SUCCESS"9、jenkins构建
到这里修改目标的host
再修改jenkins的构建
成功
