梳理一下,我们前面是通过jenkins把打好的jar包发送到目标服务器之后构建成镜像去运行的
因为我们就一台主机没什么感觉,但是当我们测试服务器多起来了,这样的方法就不靠谱了
现在我们要换一下方法,jenkins打好jar包后不要发送到目标服务器,而是在jenkins本机就把镜像构建好,上传镜像到harbor仓库后再去通知目标服务器去自动拉取镜像部署
- //下载地址
- https://github.com/goharbor/harbor/tags
-
- //我下载的是
- https://github.com/goharbor/harbor/releases/download/v2.3.3/harbor-offline-installer-v2.3.3.tgz
-
-
- //我包扔服务器上了自取
- http://101.43.4.210/harbor-offline-installer-v2.3.3.tgz
- //安装docker-compose工具
- curl -L "https://get.daocloud.io/docker/compose/releases/download/v1.25.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
- chmod +x /usr/local/bin/docker-compose
-
- //我的包在/root目录下,这里切换一下
- cd /root
-
-
- //解压缩,放到我们devops目录下
- tar -zxvf harbor-offline-installer-v2.3.3.tgz
-
- //移动到devops目录下
- mv /root/harbor /apps/devops_setup/
- cd /apps/devops_setup/harbor/
-
- //拷贝模板文件
- cp harbor.yml.tmpl harbor.yml
vi harbor.yml
- 5 hostname: 101.43.4.210 //仓库地址
- 6
- 8 http:
-
- 10 port: 30007 //对外暴露端口
-
- 11
- 12 # https related config
- 13 #https: //https我们这里不用全都注释掉
- 14 # https port for harbor, default is 443
- 15 # port: 443
- 16 # The path of cert and key files for nginx
- 17 # certificate: /your/certificate/path
- 18 # private_key: /your/private/key/path
-
-
-
- 47 data_volume: /data //仓库数据存储目录,根据自己需求修改
- //仓库大多情况下都是独立的一台或多台主从服务器
部署
sh install.sh
- http://101.43.4.210:30007
-
-
- //默认登陆
- admin
- Harbor12345
- //项目名称
- repo
vi /etc/docker/daemon.json
"insecure-registries":["101.43.4.210:30007"] //新增
如果不清楚咋改,就直接把下面的贴进去改ip和端口也能用
- {
- "exec-opts":["native.cgroupdriver=systemd"],
- "registry-mirrors": ["http://hub-mirror.c.163.com",
- "https://registry.cn-hangzhou.aliyuncs.com",
- "https://registry.docker-cn.com",
- "https://mirror.ccs.tencentyun.com",
- "https://05f073ad3c0010ea0f4bc00b7105ec20.mirror.swr.myhuaweicloud.com",
- "http://f1361db2.m.daocloud.io",
- "https://l2w9ha4o.mirror.aliyuncs.com"],
- "insecure-registries":["101.43.4.210:30007"]
- }
重载服务
- systemctl daemon-reload
- systemctl restart docker
因为我这里node主机和harbor仓库是同一台主机,重启docker后harbor仓库就登不上了,需要重启下harbor
- //切换到harbor目录
- cd /apps/devops_setup/harbor/
-
- //重启harbor
- docker-compose down -v && docker-compose up -d
- //登陆仓库
- docker login http://101.43.4.210:30007 -uadmin -pHarbor12345
-
- //修改要上传的镜像名称
-
- docker login http://101.43.4.210:30007 -uadmin -pHarbor12345
- docker tag mytest:v1.0.1 101.43.4.210:30007/repo/mytest:v1.0.1
- docker push 101.43.4.210:30007/repo/mytest:v1.0.1
(っ °Д °;)っ突然发现用的初始镜像略大,不过都到这了,不改了( •̀ ω •́ )y
我们打算在jenkins本机来完成构建docker镜像的任务,但jenkins本身是容器启动的没有docker命令
这里我们要了解一个知识点,docker服务在启动后会生成一个套接字文件/var/run/docker.sock 而docker的守护进程(daemon) 默认会去监听这个socket文件
curl --unix-socket /var/run/docker.sock http://localhost/version
返回
{"Platform":{"Name":"Docker Engine - Community"},"Components":[{"Name":"Engine","Version":"20.10.12","Details":{"ApiVersion":"1.41","Arch":"amd64","BuildTime":"2021-12-13T11:44:05.000000000+00:00","Experimental":"false","GitCommit":"459d0df","GoVersion":"go1.16.12","KernelVersion":"5.4.175-1.el7.elrepo.x86_64","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"containerd","Version":"1.4.12","Details":{"GitCommit":"7b11cfaabd73bb80907dd23182b9347b4245eb5d"}},{"Name":"runc","Version":"1.0.2","Details":{"GitCommit":"v1.0.2-0-g52b36a2"}},{"Name":"docker-init","Version":"0.19.0","Details":{"GitCommit":"de40ad0"}}],"Version":"20.10.12","ApiVersion":"1.41","MinAPIVersion":"1.12","GitCommit":"459d0df","GoVersion":"go1.16.12","Os":"linux","Arch":"amd64","KernelVersion":"5.4.175-1.el7.elrepo.x86_64","BuildTime":"2021-12-13T11:44:05.000000000+00:00"}
我们只要把这个/var/run/docker.sock 和docker命令挂载到pod中就可以去使用docker命令了
当然因为是直接关联的宿主机上的docker,我们构建完成的镜像会直接存放在宿主机上
- //指定属主属组
- chown root:root /var/run/docker.sock
-
- //其他人为读写权限
- chmod o+rw /var/run/docker.sock
vi /apps/devops_setup/jenkins-dev.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: jenkins
- namespace: devops
- spec:
- selector:
- matchLabels:
- app: jenkins-init
- template:
- metadata:
- labels:
- app: jenkins-init
- spec:
- dnsPolicy: Default
- containers:
- - name: jenkins
- image: jenkins/jenkins
- ports:
- - name: http
- containerPort: 8080
- volumeMounts:
- - name: jenkins-home
- mountPath: /var/jenkins_home
- - name: docker-sock
- mountPath: /var/run/docker.sock
- - name: docker
- mountPath: /usr/bin/docker
- - name: docker-json
- mountPath: /etc/docker/daemon.json
- volumes:
- - name: jenkins-home
- hostPath:
- path: /apps/devops_setup/data/jenkins/data
- type: Directory
- - name: docker-sock #挂载socket文件
- hostPath:
- path: /var/run/docker.sock
- - name: docker #挂载docker命令文件
- hostPath:
- path: /usr/bin/docker
- - name: docker-json #挂载docker配置文件,用于上传镜像
- hostPath:
- path: /etc/docker/daemon.json
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: jenkins-svc
- namespace: devops
- spec:
- ports:
- - port: 8080
- targetPort: http
- nodePort: 30004
- selector:
- app: jenkins-init
- type: NodePort
更新
kubectl apply -f /apps/devops_setup/jenkins-dev.yaml
上面我们将docker的socket文件、docker命令文件、daemon.json配置文件都挂载进去了,这样一来我们就可以直接在jenkins容器中执行docker命令了
- //登陆容器
- kubectl -n devops exec -it jenkins-779fc494c4-g6ttz -- bash
-
- //查看镜像
- docker images
我们jenkins已经可用使用docker命令了,那么构建操作要做出一些调整
我们原先构建完成之后是将jar包发过去打镜像,现在我们要改成直接打镜像
我们现在需要在构建的最后一步之后,也就是maven打包之后做镜像构建操作
- cp ./target/*.jar docker/
- docker build -t mytest:$tag docker/
- docker login http://101.43.4.210:30007 -uadmin -pHarbor12345
- docker tag mytest:$tag 101.43.4.210:30007/repo/mytest:$tag
- docker push 101.43.4.210:30007/repo/mytest:$tag
如上,我们在maven打包之后会让jenkins主机跑上面的shell命令去把镜像推到仓库 ,注意修改自己的仓库地址
假设我们现在版本更新了,重新构建了一个v3.0.0的版本,jenkins会自动帮我们上传镜像了