文章目录
kaniko工具介绍
kaniko 是一种从容器或 Kubernetes 集群内的 Dockerfile 构建容器镜像的工具。
kaniko 解决了使用 Docker-in-Docker 构建方法的两个问题:
- Docker-in-Docker需要特权模式才能运行,这是一个重大的安全问题。
- Docker-in-Docker通常会降低性能,并且速度可能非常慢。
对应runner的执行器选择:
环境说明
系统版本
- CentOS 7.9.2009
组件版本
- gitlab-jh-15.6.0
- harbor.v2.4.3
- Docker 20.10.22
- Docker-compose 1.18.0
组件部署参考链接
- gitlab-jh 部署链接:https://gitlab.cn/install/
- harbor 部署链接:https://github.com/goharbor/harbor/releases
- docker 部署链接:https://www.runoob.com/docker/centos-docker-install.html
- Docker-compose 部署链接:https://docker-docs.netlify.app/compose/install/#install-compose
部署harbor
下载
mkdir /data
cd /data
wget https://storage.googleapis.com/harbor-releases/release-2.4.0/harbor-offline-installer-v2.4.3.tgz
解压、创建相关目录
cd /data
tar -xf harbor-offline-installer-v2.4.3.tgz
cd harbor
mkdir {ssl,data}
配置
cd /data/harbor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
hostname: harbor.bdeet.top
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8000
https:
# https port for harbor, default is 443
port: 8443
# The path of cert and key files for nginx
certificate: /data/harbor/ssl/harbor.bdeet.top.crt
private_key: /data/harbor/ssl/harbor.bdeet.top.key
harbor_admin_password: Wkx@123!#
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 100
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgres of harbor.
max_open_conns: 900
data_volume: /data/harbor/data
...
...
部署
cd /data/harbor
./install.sh
gitlab集成harbor
集成
Select project -> Settings -> Integrations -> Add an integration(Harbor)
项目ci配置
docker:
stage: build
variables:
HARBOR_PORT: 8443
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: ['']
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"${HARBOR_URL}\":{\"auth\":\"$(echo -n ${HARBOR_USERNAME}:${HARBOR_PASSWORD} | base64)\"}}}" > /kaniko/.docker/config.json
- cat /kaniko/.docker/config.json
- echo /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "${CI_PROJECT_DIR}/Dockerfile" --destination "${HARBOR_HOST}:${HARBOR_PORT}/${HARBOR_PROJECT}/${CI_PROJECT_NAME}:v1"
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
--destination "${HARBOR_HOST}:${HARBOR_PORT}/${HARBOR_PROJECT}/${CI_PROJECT_NAME}:${CI_COMMIT_SHORT_SHA}"
rules:
- if: $CI_COMMIT_BRANCH == "master"
when: always
最终结果
