在gitlab中的使用kaniko打造流水线

文章目录

• • kaniko工具介绍
  • 环境说明
  • • 系统版本
    • 组件版本
    • 组件部署参考链接
  • 部署harbor
  • • 下载
    • 解压、创建相关目录
    • 配置
    • 部署
  • gitlab集成harbor
  • • 集成
    • 项目ci配置
    • 最终结果

kaniko工具介绍

kaniko 是一种从容器或 Kubernetes 集群内的 Dockerfile 构建容器镜像的工具。

kaniko 解决了使用 Docker-in-Docker 构建方法的两个问题：

• Docker-in-Docker需要特权模式才能运行，这是一个重大的安全问题。
• Docker-in-Docker通常会降低性能，并且速度可能非常慢。

对应runner的执行器选择：

• Kubernetes.
• Docker.
• Docker Machine.

环境说明

系统版本

• CentOS 7.9.2009

组件版本

• gitlab-jh-15.6.0
• harbor.v2.4.3
• Docker 20.10.22
• Docker-compose 1.18.0

组件部署参考链接

• gitlab-jh 部署链接：https://gitlab.cn/install/
• harbor 部署链接：https://github.com/goharbor/harbor/releases
• docker 部署链接：https://www.runoob.com/docker/centos-docker-install.html
• Docker-compose 部署链接：https://docker-docs.netlify.app/compose/install/#install-compose

部署harbor

下载

mkdir /data
cd /data
wget https://storage.googleapis.com/harbor-releases/release-2.4.0/harbor-offline-installer-v2.4.3.tgz

解压、创建相关目录

cd /data
tar -xf harbor-offline-installer-v2.4.3.tgz
cd harbor
mkdir {ssl,data}

配置

cd /data/harbor
cp harbor.yml.tmpl harbor.yml

vim harbor.yml

hostname: harbor.bdeet.top
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 8000
https:
  # https port for harbor, default is 443
  port: 8443
  # The path of cert and key files for nginx
  certificate: /data/harbor/ssl/harbor.bdeet.top.crt
  private_key: /data/harbor/ssl/harbor.bdeet.top.key
harbor_admin_password: Wkx@123!#
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123
  # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
  max_idle_conns: 100
  # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
  # Note: the default number of connections is 1024 for postgres of harbor.
  max_open_conns: 900
data_volume: /data/harbor/data
...
...

部署

cd /data/harbor
./install.sh

gitlab集成harbor

集成

Select project -> Settings -> Integrations -> Add an integration(Harbor)

项目ci配置

docker:
  stage: build
  variables:
    HARBOR_PORT: 8443
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: ['']
  script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"${HARBOR_URL}\":{\"auth\":\"$(echo -n ${HARBOR_USERNAME}:${HARBOR_PASSWORD} | base64)\"}}}" > /kaniko/.docker/config.json
    - cat /kaniko/.docker/config.json
    - echo /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "${CI_PROJECT_DIR}/Dockerfile"  --destination "${HARBOR_HOST}:${HARBOR_PORT}/${HARBOR_PROJECT}/${CI_PROJECT_NAME}:v1"
    - >-
      /kaniko/executor
      --context "${CI_PROJECT_DIR}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
      --destination "${HARBOR_HOST}:${HARBOR_PORT}/${HARBOR_PROJECT}/${CI_PROJECT_NAME}:${CI_COMMIT_SHORT_SHA}"
  rules:
  - if: $CI_COMMIT_BRANCH == "master"
    when: always

最终结果