jenkins+gitlab+harbor部署CICD

Posted 疯子7314

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了jenkins+gitlab+harbor部署CICD相关的知识,希望对你有一定的参考价值。

jenkins相关操作

docker部署jenkins

docker run --name jenkins -d -p 8080:8080 -p 50000:50000 --privileged=true --restart=always -v /jenkins/home:/var/jenkins_home -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker jenkins/jenkins:2.387.2-lts

打开jenkins访问页面需要下载的插件

Publish Over SSH
GitLab Plugin
Git Parameter Plug-In

配置k8s可以执行yaml的主机

 

 

 配置webhook,作用是一旦gitlab仓库代码被提交立马给通知jenkins发送CICD的请求

1.关闭对于project的认证

 

 

 下载安装maven并放到jenkins所映射的宿主机目录下,然后制定maven  home

 

 

 下载jdk并解压到jenkins所映射的宿主机目录下,然后制定jdk的home目录

 

 

创建jenkins   pipline流水线项目,点击build when....目的是一旦发现gitlab有代码提交jenkins就执行pipline任务

http://xxxx需要记住,一会要在gitlab中配置

 

 

 制定gitlab仓库的url,并指定分支,然后pipline脚本指定为jenkinsfile

 

 

 

 

 

 

gitlab相关操作

在gtilab上配置webhook,配置好之后点击test测试一下返回200代表ok

 

 

 gitlab上这2个地方打钩,否则webhook会失败

 

 

 在gitlab仓库里面除了有java代码以外,还需要有

1.dockerfiile

2.部署pod的yaml文件

3.Jenkinsfile,注意开头字符必须是大写,否则检测不到Jenkins文件

Jenkinsfile文件内容如下:

需要注意的是如何用publish over ssh插件把部署文件传过去之后,要cd的话必须制定绝对路径

pipeline 
    agent any
    environment 
        image="core.harbor.domain:80/myharbor/myjava:latest"
        harbor="core.harbor.domain:80"
    
    stages 
        stage(\'拉去git代码\') 
            steps 
                checkout scmGit(branches: [[name: \'*/main\']], extensions: [], userRemoteConfigs: [[url: \'http://192.168.1.101/root/myjava.git\']])
            
        
        stage(\'maven构建项目\') 
            steps 
                sh \'/var/jenkins_home/maven3.9.1/bin/mvn clean package -DskipTests\'
            
        
        stage(\'dockerfile制作镜像\') 
            steps 
                sh \'\'\'
                docker login -uadmin -pHarbor12345 $harbor
                cp target/*.jar ./docker
                cd docker
                docker build -t $image ./
                \'\'\'
            
        
        stage(\'推送镜像到harbor\') 
            steps 
                sh \'docker push $image\'
            
        
        stage(\'通过publish over ssh通知目标服务器拉取镜像并部署\') 
            steps 
                sshPublisher(publishers: [sshPublisherDesc(configName: \'test01\', transfers: [sshTransfer(cleanRemote: false, excludes: \'\', execCommand: \'\'\'cd /jenkins_data/mypipline01 && kubectl apply -f a.yaml && kubectl rollout restart deploy myjava
\'\'\', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: \'[, ]+\', remoteDirectory: \'mypipline01\', remoteDirectorySDF: false, removePrefix: \'\', sourceFiles: \'**/*.yaml\')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
            
        

    

yaml部署文件内容如下:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: myjava
  name: myjava
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myjava
  template:
    metadata:
      labels:
        app: myjava
    spec:
      imagePullSecrets:
        - name: harbor
      containers:
      - image: core.harbor.domain:80/myharbor/myjava:latest
        imagePullPolicy: Always
        name: myjavaweb
        ports:
        - containerPort: 8080
          protocol: TCP
          name: http

dockerfile内容如下:

FROM java:openjdk-8u111
WORKDIR /usr/local
COPY demo2-0.0.1-SNAPSHOT.jar ./
CMD java -jar demo2-0.0.1-SNAPSHOT.jar

 

部署ingress-nginx(我的k8s版本是1.22)

kubectl create -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/clouddeploy.yaml

 

查看ingress controller是否正常

[root@ceph1 ~]# kubectl get pods -n ingress-nginx
NAME                                      READY   STATUS      RESTARTS      AGE
ingress-nginx-admission-create--1-vmgcm   0/1     Completed   0             8d
ingress-nginx-admission-patch--1-7nbcr    0/1     Completed   2             8d
ingress-nginx-controller-54bfb9bb-f4wf6   1/1     Running     8 (19h ago)   8d
[root@ceph1 ~]# kubectl get svc -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.107.14.210   <none>        80:31485/TCP,443:30185/TCP   8d
ingress-nginx-controller-admission   ClusterIP   10.99.113.251   <none>        443/TCP                      8d

 

然后部署deploy和svc

[root@master myself]# cat mypod.yaml 
apiVersion: v1
kind: Service
metadata:
  name: service-nginx
  namespace: default
spec:
  selector:
    app: mynginx
  ports:
  - name: http
    port: 80
    targetPort: 80

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mydepoy
  namespace: default
spec:
  replicas: 5
  selector:
    matchLabels:
      app: mynginx
  template:
    metadata:
      labels:
        app: mynginx
    spec:
      containers:
      - name: mycontainer
        image: lizhaoqwe/nginx:v1
        imagePullPolicy: IfNotPresent
        ports:
        - name: nginx 
          containerPort: 80

编写ingress规则

[root@ceph1 ~]# cat ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: service-nginx-ingress
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /    
spec:
  ingressClassName: nginx    #制定ingressclassname,可以用kubectl get ingressclass查看
  rules:
  - host: mynginx.fengzi.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service: 
            name: service-nginx  #制定svc的名称
            port: 
              number: 80

查看ingress

[root@ceph1 ~]# kubectl get ingress 
NAME                    CLASS   HOSTS                  ADDRESS         PORTS   AGE
harbor-ingress          nginx   core.harbor.domain     10.107.14.210   80      21h
harbor-ingress-notary   nginx   notary.harbor.domain   10.107.14.210   80      21h
service-nginx-ingress   nginx   mynginx.fengzi.com     10.107.14.210   80      8d

有ingress之后再要访问服务就需要域名了,所以,在找一台机器搭建nginx,配置文件内容如下:

harbor的配置文件内容如下:

[root@hadoop1 conf.d]# cat core.harbor.domain.conf 
upstream myk8s 
    server 192.168.1.101:31485 weight=1;
    server 192.168.1.102:31485 weight=1;
    server 192.168.1.103:31485 weight=1;


server 
    listen       80;
    server_name  core.harbor.domain;
    location / 
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 5s;
        client_max_body_size 0;
        proxy_pass http://myk8s;
        

gitlab的配置内容如下:

[root@hadoop1 conf.d]# cat mygitlab.fengzi.com.conf 
upstream mygitlab 
    server 192.168.1.101:80 weight=1;


server 
    listen       80;
    server_name  mygitlab.fengzi.com;
    location / 
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 5s;
        client_max_body_size 0;
        proxy_pass http://mygitlab;
        

 

部署gitlab

curl -fsSL https://packages.gitlab.cn/repository/raw/scripts/setup.sh | /bin/bash
EXTERNAL_URL="http://0.0.0.0" yum install -y gitlab-jh

部署harbor

helm add repo harbor https://helm.goharbor.io
helm pull harbor/harbor
cd harbor
vim values.yaml

修改values.yaml文件

1.如果不需要https访问,需要改成false

 

 2.如果没有pvc,修改为false

 

 3.配置harbor域名

 

一般externalURL的域名与上面core的一致

4.制定classname,也就是kubectl get ingressclass的name

 

 

5.部署harbor

helm install harbor ../harbor

 

 

全都完成以后推送代码后,最终的效果如下:

 

如何搭建自己的CI/CD平台:Gitlab+Jenkins+Docker+Harbor+K8s集群搭建CICD平台(持续集成部署Hexo博客Demo)

写在前面


  • 聊聊CICD环境搭建以及一个基于Hexo的博客系统在CICD流程中的配置Demo
  • 很早就想着写这样一篇博文,但是没有时间,之前写了一半,正好春节假期把剩下的一般写完.
  • 本文属于Devpos实战类文章,基本没有理论,所有,小伙伴需要对devops有些基本的了解,
  • 博文中讲的CICD属于Devops的一部分
  • 当然小伙伴们也可以找一些云服务商提供的商业的Depops平台去学习,一般有免费的体验,比如华为云的软开云平台。
  • 博文涉及内容:
    • Gitlab+Jenkins+Docker+Harbor+K8S集群CICD搭建教程
    • 在搭建好的CICD平台上持续集成部署hexo博客系统,Demo有些简陋,仅用于学习。
  • 其中Gitlab+Jenkins +Harbor都是通过容器化部署
  • 篇幅有限,关于CD环境k8s集群这里用之前部署好的,并且已经做了kubeconfig证书,关于这方便感兴趣小伙伴可以看看我之前的文章
  • 下面为涉及到的机器:
用到的机器ip域名
客户机192.168.26.1本地物理机:
Gitlab+Jenkins+Docker192.168.26.55虚机:liruilongs.github.io
docker镜像仓库:harbor192.168.26.56虚机:vms56.liruilongs.github.io
k8s集群-master节点192.168.26.81虚机:vms81.liruilongs.github.io
k8s集群-node节点192.168.26.82虚机:vms82.liruilongs.github.io
k8s集群-node节点192.168.26.83虚机:vms83.liruilongs.github.io
拓扑图
这里客户机用本地的IDE持续编码,然后push代码到gitlabgitlab中的web钩子触发jenkins中配置好的构建触发器,通过shell命令拉取gitlab仓库中的代码,然后通过拉取的应用源码Dockerfile文件来构建应用镜像,构建完成后将应用镜像push到harbor私有镜像仓库,然后通过shell命令的方式在jenkins中用kubelet客户端镜像从私有仓库拉取到k8s集群并更新其deploy中的镜像,默认deploy更新副本的方式为滚动更新,整个流程中,只有客户机push代码是手手动的方式,其他全是自动

上帝借由各种途径使人变得孤独,好让我们可以走向自己。 ——赫尔曼·黑塞《德米安》


一、CICD服务器环境搭建

CI即为持续集成(Continue Integration,简称CI),用通俗的话讲,就是持续的整合版本库代码编译后制作应用镜像。建立有效的持续集成环境可以减少开发过程中一些不必要的问题、提高代码质量、快速迭代等,

常用的工具和平台有:

Jenkins:基于Java开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能。
Bamboo: 是一个企业级商用软件,可以部署在大规模生产环境中。

CD即持续交付Continuous Delivery和持续部署Continuous Deployment,用通俗的话说,即可以持续的部署到生产环境给客户使用,这里分为两个阶段,持续交付我理解为满足上线条件的过程,但是没有上线,持续部署,即为上线应用的过程

关于CD环境,我们使用以前搭建好的K8s集群,K8s集群可以实现应用的健康检测,动态扩容,滚动更新等优点,关于K8s集群的搭建,小伙伴可以看看我的其他文章

我们来搭建CI服务器:操作服务器: liruilongs.github.io:192.168.26.55

docker 环境安装

拉取镜像,启动并设置开机自启

┌──[root@liruilongs.github.io]-[~]
└─$ yum -y install docker-ce
┌──[root@liruilongs.github.io]-[~]
└─$ systemctl enable docker --now

配置docker加速器

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'

  "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"]

EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

1.安装GitLab 并配置

GitLab 不多介绍。一个基于Git的版本控制平台,,提供了Git仓库管理、代码审查、问题跟踪、活动反馈和wiki,当然同时也提供了

┌──[root@liruilongs.github.io]-[~]
└─$ docker pull beginor/gitlab-ce

创建共享卷目录

┌──[root@liruilongs.github.io]-[~]
└─$ mkdir -p /data/gitlab/etc/ /data/gitlab/log /data/gitlab/data
┌──[root@liruilongs.github.io]-[~]
└─$ chmod 777 /data/gitlab/etc/ /data/gitlab/log /data/gitlab/data

创建 gitlab 容器

┌──[root@liruilongs.github.io]-[~]
└─$ docker run -itd --name=gitlab --restart=always --privileged=true   -p 8443:443  -p 80:80 -p 222:22 -v  /data/gitlab/etc:/etc/gitlab -v  /data/gitlab/log:/var/log/gitlab -v  /data/gitlab/data:/var/opt/gitlab  beginor/gitlab-ce
acc95b2896e8475915275d5eb77c7e63f63c31536432b68508f2f216d4fec634
┌──[root@liruilongs.github.io]-[~]
└─$ docker ps
CONTAINER ID   IMAGE               COMMAND             CREATED          STATUS                             PORTS                                                                                                             NAMES
acc95b2896e8   beginor/gitlab-ce   "/assets/wrapper"   53 seconds ago   Up 51 seconds (health: starting)   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:222->22/tcp, :::222->22/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp   gitlab
┌──[root@liruilongs.github.io]-[~]
└─$
┌──[root@liruilongs.github.io]-[~]
└─$# 

切记:这里的端口要设置成80,要不push项目会提示没有报错,如果宿主机端口被占用,需要把这个端口腾出来

关闭容器修改配置文件

┌──[root@liruilongs.github.io]-[~]
└─$ docker stop gitlab
gitlab

external_url 'http://192.168.26.55’

┌──[root@liruilongs.github.io]-[~]
└─$ cat /data/gitlab/etc/gitlab.rb | grep external_url
##! For more details on configuring external_url see:
# external_url 'GENERATED_EXTERNAL_URL'
# registry_external_url 'https://registry.gitlab.example.com'
# pages_external_url "http://pages.example.com/"
# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
# mattermost_external_url 'http://mattermost.example.com'
┌──[root@liruilongs.github.io]-[~]
└─$ sed -i "/external_url 'GENERATED_EXTERNAL_URL'/a external_url\\t'http://192.168.26.55' "  /data/gitlab/etc/gitlab.rb
┌──[root@liruilongs.github.io]-[~]
└─$ cat /data/gitlab/etc/gitlab.rb | grep external_url
##! For more details on configuring external_url see:
# external_url 'GENERATED_EXTERNAL_URL'
external_url    'http://192.168.26.55'
# registry_external_url 'https://registry.gitlab.example.com'
# pages_external_url "http://pages.example.com/"
# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
# mattermost_external_url 'http://mattermost.example.com'
┌──[root@liruilongs.github.io]-[~]
└─$

gitlab_rails[‘gitlab_ssh_host’] = '192.168.26.55’

┌──[root@liruilongs.github.io]-[~]
└─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_ssh_host
# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
┌──[root@liruilongs.github.io]-[~]
└─$ sed -i "/gitlab_ssh_host/a gitlab_rails['gitlab_ssh_host'] = '192.168.26.55' "  /data/gitlab/etc/gitlab.rb
┌──[root@liruilongs.github.io]-[~] 
└─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_ssh_host
# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
gitlab_rails['gitlab_ssh_host'] = '192.168.26.55'
┌──[root@liruilongs.github.io]-[~]
└─$

gitlab_rails[gitlab_shell_ssh_port] = 222

┌──[root@liruilongs.github.io]-[~]
└─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh
# gitlab_rails['gitlab_shell_ssh_port'] = 22
┌──[root@liruilongs.github.io]-[~]
└─$ sed -i "/gitlab_shell_ssh_port/a gitlab_rails['gitlab_shell_ssh_port'] = 222" /data/gitlab/etc/gitlab.rb
┌──[root@liruilongs.github.io]-[~]
└─$ cat /data/gitlab/etc/gitlab.rb | grep gitlab_shell_ssh
# gitlab_rails['gitlab_shell_ssh_port'] = 22
gitlab_rails[gitlab_shell_ssh_port] = 222
┌──[root@liruilongs.github.io]-[~]
└─$
┌──[root@liruilongs.github.io]-[~]
└─$ vim /data/gitlab/data/gitlab-rails/etc/gitlab.yml
┌──[root@liruilongs.github.io]-[~]
└─$
##############################
 gitlab:
    ## Web server settings (note: host is the FQDN, do not include http://)
    host: 192.168.26.55
    port: 80
    https: false

修改完配置文件之后。直接启动容器

┌──[root@liruilongs.github.io]-[~]
└─$ docker start gitlab
在宿主机所在的物理机访问,http://192.168.26.55/ ,会自动跳转到修改密码(root用户),如果密码设置的没有满足一定的复杂性,则会报500,需要从新设置
登录进入仪表盘
然后我们简单测试一下,push一个项目上去,这里的项目是一个基于hexo的博客系统
项目成功上传Gitlab

相关的git命令

PS F:\\blogger> git init
Initialized empty Git repository in F:/blogger/.git/
PS F:\\blogger> git config --global user.name "Administrator"
PS F:\\blogger> git config --global user.email "admin@example.com"
PS F:\\blogger> git remote add origin http://192.168.26.55/root/blog.git
PS F:\\blogger> git add .
PS F:\\blogger> git commit -m "Initial commit"
PS F:\\blogger> git push -u origin master
Enumerating objects: 322, done.
Counting objects: 100% (322/322), done.
Delta compression using up to 8 threads
Compressing objects: 100% (302/302), done.
Writing objects: 100% (322/322), 11.31 MiB | 9.22 MiB/s, done.
Total 322 (delta 24), reused 0 (delta 0)
remote: Resolving deltas: 100% (24/24), done.
To http://192.168.26.55/root/blog.git
 * [new branch]      master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.
PS F:\\blogger>

2.安装配置远程镜像仓库harbor

下面我们要配置私有的docker镜像仓库,用到的机器为:

操作服务器:vms56.liruilongs.github.io:192.168.26.56

这里仓库我们选择harbor,因为有web页面,当然也可以使用 registry

harbor的配置

harbor的安装使用步骤
安装并启动docker并安装docker-compose
上传harbor的离线包
导入harbor的镜像
编辑harbor.yml
修改hostname 为自己的主机名,不用证书需要注释掉https
harbor_admin_password 登录密码
安装compose
运行脚本 ./install.sh
在浏览器里输入IP访问
docker login IP --家目录下会有一个.docker文件夹

下面我们开始安装

首先需要设置selinux、防火墙

┌──[root@vms56.liruilongs.github.io]-[~]
└─#getenforce
Disabled
┌──[root@vms56.liruilongs.github.io]-[~]
└─#systemctl disable firewalld.service --now
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

安装并启动docker并安装docker-compose,关于docker-compose,这里不用了解太多,一个轻量的docker编排工具

┌──[root@vms56.liruilongs.github.io]-[~]
└─#yum install -y docker-ce
┌──[root@vms56.liruilongs.github.io]-[~]
└─#yum install -y docker-compose

解压harbor 安装包:harbor-offline-installer-v2.0.6.tgz,导入相关镜像

┌──[root@vms56.liruilongs.github.io]-[/]
└─#ls
bin   dev  harbor-offline-installer-v2.0.6.tgz  lib    machine-id  mnt  proc  run   srv  tmp  var
boot  etc  home                                 lib64  media       opt  root  sbin  sys  usr
┌──[root@vms56.liruilongs.github.io]-[/]
└─#tar zxvf harbor-offline-installer-v2.0.6.tgz
harbor/harbor.v2.0.6.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
┌──[root@vms56.liruilongs.github.io]-[/]
└─#docker load -i harbor/harbor.v2.0.6.tar.gz

修改配置文件

┌──[root@vms56.liruilongs.github.io]-[/]
└─#cd  harbor/
┌──[root@vms56.liruilongs.github.io]-[/harbor]
└─#ls
common.sh  harbor.v2.0.6.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
┌──[root@vms56.liruilongs.github.io]-[/harbor]
└─#cp harbor.yml.tmpl harbor.yml
┌──[root@vms56.liruilongs.github.io]-[/harbor]
└─#ls
common.sh  harbor.v2.0.6.tar.gz  harbor.yml  harbor.yml.tmpl  install.sh  LICENSE  prepare
┌──[root@vms56.liruilongs.github.io]-[/harbor]
└─#vim harbor.yml
┌──[root@vms56.liruilongs.github.io]-[/harbor]
└─#

harbor.yml:设置IP和用户名密码

  4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
  5 hostname: 192.168.26.56
  6
  7 # http related config
  .......
  12 # https related config
  13 #https:
  14   # https port for harbor, default is 443
  15 #  port: 443
  16   # The path of cert and key files for nginx
  17 #  certificate: /your/certificate/path
  18 #  private_key: /your/private/key/path
  ....
  33 # Remember Change the admin password from UI after launching Harbor.
  34 harbor_admin_password: Harbor12345
  35
  36 # Harbor DB configuration

./prepare && ./install.sh

┌──[root@vms56.liruilongs.github.io]-[/harbor]
└─#./prepare
prepare base dir is set to /harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
┌──[root@vms56.liruilongs.github.io]-[/harbor]
└─#./install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.9

[Step 1]: checking docker-compose is installed ...

Note: stopping existing Harbor instance ...
Removing harbor-jobservice ... done
Removing nginx             ... done
Removing harbor-core       ... done
Removing registry          ... done
Creating harbor-log ... done
Removing harbor-portal     ... done
Removing redis             ... done
Removing network harbor_harbor

Creating registry ... done
Creating harbor-core ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating redis ...
Creating registry ...
Creating harbor-portal ...
Creating registryctl ...
Creating harbor-db ...
Creating harbor-core ...
Creating harbor-jobservice ...
Creating nginx ...
✔ ----Harbor has been installed and started successfully.----
┌──[root@vms56.liruilongs.github.io]-[/harbor]
└─#

查看相关的镜像

┌──[root@vms56.liruilongs.github.io]-[/harbor]
└─#docker ps
CONTAINER ID   IMAGE                                COMMAND                  CREATED          STATUS
        PORTS                                   NAMES
0efcf7b83dcf   goharbor/nginx-photon:v2.0.6         "nginx -g 'daemon of…"   16 minutes ago   Up 16 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
ee9d418c7cee   goharbor/harbor-jobservice:v2.0.6    "/harbor/entrypoint.…"   16 minutes ago   Up 16 minutes (healthy)                                           harbor-jobservice
6052c481dbd0   goharbor/harbor-core:v2.0.6          "/harbor/entrypoint.…"   16 minutes ago   Up 16 minutes (healthy)                                           harbor-core
001ff83b037d   goharbor/harbor-db:v2.0.6            "/docker-entrypoint.…"   17 minutes ago   Up 16 minutes (healthy)   5432/tcp                                harbor-db
2ebc81356ef1   goharbor/harbor-registryctl:v2.0.6   "/home/harbor/start.…"   17 minutes ago   Up 16 minutes (healthy)                                           registryctl
6ca721c0fa75   goharbor/harbor-portal:v2.0.6        "nginx -g 'daemon of…"   17 minutes ago   Up 16 minutes (healthy)   8080/tcp                                harbor-portal
2b06e2cf91ab   goharbor/registry-photon:v2.0.6      "/home/harbor/entryp…"   17 minutes ago   Up 16 minutes (healthy)   5000/tcp                                registry
2292a20780e2   goharbor/redis-photon:v2.0.6         "redis-server /etc/r…"   17 minutes ago   Up 16 minutes (healthy)   6379/tcp                                redis
a0e3e49cf9db   goharbor/harbor-log:v2.0.6           "/bin/sh -c /usr/loc…"   17 minutes ago   Up 17 minutes (healthy)   127.0.0.1:1514->10514/tcp               harbor-log
┌──[root@vms56.liruilongs.github.io]-[/harbor]
└─#

访问测试

harbor

CI服务器的docker配置

这里因为我们要在192.168.26.55(CI服务器)上push镜像到192.168.26.56(私仓),所有需要修改CI服务器上的Docker配置。添加仓库地址

操作服务器: liruilongs.github.io:192.168.26.55

┌──[root@liruilongs.github.io]-[~]
└─$ cat /etc/docker/daemon.json

  "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"]

┌──[root@liruilongs.github.io]-[~]
└─$ vim /etc/docker/daemon.json

修改后的配置文件

┌──[root@liruilongs.github.io]-[~]
└─$ cat /etc/docker/daemon.json

  "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"],
  "insecure-registries": ["192.168.26.56"]


加载使其生效

┌──[root@liruilongs.github.io]-[~]
└─$ systemctl daemon-reload
┌──[root@liruilongs.github.io]-[~]
└─$ systemctl restart docker
┌──[root@liruilongs.github.io]-[~]

CI机器简单测试一下

┌──[root@liruilongs.github.io]-[~]
└─$ docker login 192.168.26.56
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
┌──[root@liruilongs.github.io]-[~]
└─$ docker tag busybox 192.168.26.56/demo/busybox
┌──[root@liruilongs.github.io]-[~]
└─$ docker push 192.168.26.56/demo/busybox
Using default tag: latest
The push refers to repository [192.168.26.56/demo/busybox]
cfd97936a580: Pushed
latest: digest: sha256:febcf61cd6e1ac9628f6ac14fa40836d16f3c6ddef3b303ff0321606e55ddd0b size: 527
┌──[root@liruilongs.github.io]-[~]
└─$

push一个镜像,可以在私仓的web页面查看

harbor

到这里。我们配置了镜像仓库

3.安装配置jenkins

操作服务器: liruilongs.github.io:192.168.26.55

镜像jenkins拉取

┌──[root@liruilongs.github.io]-[~]
└─$ docker pull jenkins/jenkins:centos7-jdk8
。。。。。。
┌──[root@liruilongs.github.io]-[~]
└─$ docker history jenkins/jenkins:centos7-jdk8
IMAGE          CREATED       CREATED BY                                      SIZE      COMMENT
de64a05279ba   5 days ago    LABEL org.opencontainers.image.vendor=Jenkin…   0B        buildkit.dockerfile.v0
<missing>      5 days ago    COPY install-plugins.sh /usr/local/bin/insta…   10.6kB    buildkit.dockerfile.v0
。。。。。。。。。。
<missing>      5 days ago    ARG JENKINS_HOME=/var/jenkins_home              0B        buildkit.dockerfile.v0
<missing>      5 days ago    ARG agent_port=50000                            0B        buildkit.dockerfile.v0
<missing>      5 days ago    ARG http_port=8080                              0B        buildkit.dockerfile.v0
<missing>      5 days ago    ARG gid=1000                                    0B        buildkit.dockerfile.v0
<missing>      5 days ago    ARG uid=1000                                    0B        buildkit.dockerfile.v0
<missing>      5 days ago    ARG group=jenkins                               0B        buildkit.dockerfile.v0
<missing>      5 days ago    ARG user=jenkins                                0B        buildkit.dockerfile.v0
<missing>      5 days ago    RUN |5 TARGETARCH=amd64 COMMIT_SHA=0b797f024…   10.4MB    buildkit.dockerfile.v0
<missing>      5 days ago    COPY git_lfs_pub.gpg /tmp/git_lfs_pub.gpg # …   62.5kB    buildkit.dockerfile.v0
<missing>      5 days ago    ARG GIT_LFS_VERSION=3.0.1                       0B        buildkit.dockerfile.v0
<missing>      5 days ago    ARG COMMIT_SHA                                  0B        buildkit.dockerfile.v0
<missing>      5 days ago    ARG TARGETARCH                                  0B        buildkit.dockerfile.v0
<missing>      5 days ago    RUN |2 TARGETARCH=amd64 COMMIT_SHA=0b797f024…   426MB     buildkit.dockerfile.v0
<missing>      5 days ago    ARG COMMIT_SHA                                  0B        buildkit.dockerfile.v0
<missing>      5 days ago    ARG TARGETARCH                                  0B        buildkit.dockerfile.v0
<missing>      5 days ago    ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_AL…   0B        buildkit.dockerfile.v0
<missing>      7 weeks ago   /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B
<missing>      7 weeks ago   /bin/sh -c #(nop)  LABEL org.label-schema.sc…   0B
<missing>      7 weeks ago   /bin/sh -c #(nop) ADD file:b3ebbe8bd304723d4…   204MB
┌──[root@liruilongs.github.io]-[~]
└─$

创建共享卷,修改所属组和用户,和容器里相同

这里为什么要改成 1000,是因为容器里是以 jenkins 用户的身份去读写数据,而在容器里jenkins 的 uid 是 1000,

┌──[root@liruilongs.github.io]-[~]
└─$ mkdir /jenkins && chown 1000:1000 /jenkins
┌──[root@liruilongs.github.io]-[~]
└─$ # 这里为什么要改成 1000,是因为容器里是以 jenkins 用户的身份去读写数据,而在容器里jenkins 的 uid 是 1000,

创建创建 jenkins 容器

┌──[root@liruilongs.github.io]-[~]
└─$ cat jenkins.docker.sh
docker run -dit -p 8080:8080 -p 50000:50000 --name jenkins  --privileged=true --restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:centos7-jdk8
┌──[root@liruilongs.github.io]-[~]
└─$ docker run -dit -p 8080:8080 -p 50000:50000 --name jenkins  --privileged=true --restart=always -v /jenkins:/var/jenkins_home jenkins/jenkins:centos7-jdk8
39afa098c8a56973ce1559d374b058b8e6091175b5b783d613a9f2e356827684
┌──[root@liruilongs.github.io]-[~]
└─$ docker ps | grep jenkins
39afa098c8a5   jenkins/jenkins:centos7-jdk8   "/sbin/tini -- /usr/…"   3 minutes ago       Up 2 minutes                 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp                          jenkins
访问jenkins
先打开浏览器打开这个页面,让其初始化一下,直到看到界面
因为要修改 jenkins 的配置,所以此时关闭 jenkins 容器
┌──[root@liruilongs.github.io]-[~]
└─$ docker stop jenkins
jenkins

更换国内清华大学镜像,Jenkins下载插件特别慢,更换国内的清华源的镜像地址会快不少

┌──[root@liruilongs.github.io]-[~]
└─$ cat /jenkins/hudson.model.UpdateCenter.xml
<?xml version='1.1' encoding='UTF-8'?>
<sites>
  <site>
    <id>default</id>
    <url>https://updates.jenkins.io/update-center.json</url>
  </site>
</sites>
┌──[root@liruilongs.github.io]-[~]
└─$
┌──[root@liruilongs.github.io]-[~]
└─$ sed -i  's#updates.jenkins.io/update-center.json#mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json#g '  /jenkins/hudson.model.UpdateCenter.xml
┌──[root@liruilongs.github.io]-[~]
└─$ cat /jenkins/hudson.model.UpdateCenter.xml
<?xml version='1.1' encoding='UTF-8'?>
<sites>
  <site>
    以上是关于jenkins+gitlab+harbor部署CICD的主要内容,如果未能解决你的问题,请参考以下文章

Docker+Harbor+Jenkins+Gitlab自动化CICD构建

如何搭建自己的CI/CD平台:Gitlab+Jenkins+Docker+Harbor+K8s集群搭建CICD平台(持续集成部署Hexo博客Demo)

如何搭建自己的CI/CD平台:Gitlab+Jenkins+Docker+Harbor+K8s集群搭建CICD平台(持续集成部署Hexo博客Demo)

jenkins+docker+gitlab+harbor+pipeline快速部署发版流程

基于docker搭建Jenkins+Gitlab+Harbor+Rancher架构实现CI/CD操作

Jenkins——Jenkins+harbor+gitlab(git) 部署maven项目