在gitlab中的使用kaniko打造流水线

文章目录

- kaniko工具介绍
- 环境说明
- - 系统版本
  - 组件版本
  - 组件部署参考链接
- 部署harbor
- - 下载
  - 解压、创建相关目录
  - 配置
  - 部署
- gitlab集成harbor
- - 集成
  - 项目ci配置
  - 最终结果

kaniko工具介绍

kaniko 是一种从容器或 Kubernetes 集群内的 Dockerfile 构建容器镜像的工具。

kaniko 解决了使用 Docker-in-Docker 构建方法的两个问题：

Docker-in-Docker需要特权模式才能运行，这是一个重大的安全问题。
Docker-in-Docker通常会降低性能，并且速度可能非常慢。

对应runner的执行器选择：

Kubernetes.
Docker.
Docker Machine.

环境说明

系统版本

CentOS 7.9.2009

组件版本

gitlab-jh-15.6.0
harbor.v2.4.3
Docker 20.10.22
Docker-compose 1.18.0

组件部署参考链接

gitlab-jh 部署链接：https://gitlab.cn/install/
harbor 部署链接：https://github.com/goharbor/harbor/releases
docker 部署链接：https://www.runoob.com/docker/centos-docker-install.html
Docker-compose 部署链接：https://docker-docs.netlify.app/compose/install/#install-compose

部署harbor

下载

mkdir /data
cd /data
wget https://storage.googleapis.com/harbor-releases/release-2.4.0/harbor-offline-installer-v2.4.3.tgz

解压、创建相关目录

cd /data
tar -xf harbor-offline-installer-v2.4.3.tgz
cd harbor
mkdir {ssl,data}

配置

cd /data/harbor
cp harbor.yml.tmpl harbor.yml

vim harbor.yml

hostname: harbor.bdeet.top
http:# port for http, default is 80. If https enabled, this port will redirect to https portport: 8000
https:# https port for harbor, default is 443port: 8443# The path of cert and key files for nginxcertificate: /data/harbor/ssl/harbor.bdeet.top.crtprivate_key: /data/harbor/ssl/harbor.bdeet.top.key
harbor_admin_password: Wkx@123!#
database:# The password for the root user of Harbor DB. Change this before any production use.password: root123# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.max_idle_conns: 100# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.# Note: the default number of connections is 1024 for postgres of harbor.max_open_conns: 900
data_volume: /data/harbor/data
...
...

部署

cd /data/harbor
./install.sh

gitlab集成harbor

集成

Select project -> Settings -> Integrations -> Add an integration(Harbor)

在这里插入图片描述

项目ci配置

docker:stage: buildvariables:HARBOR_PORT: 8443image:name: gcr.io/kaniko-project/executor:debugentrypoint: ['']script:- mkdir -p /kaniko/.docker- echo "{\"auths\":{\"${HARBOR_URL}\":{\"auth\":\"$(echo -n ${HARBOR_USERNAME}:${HARBOR_PASSWORD} | base64)\"}}}" > /kaniko/.docker/config.json- cat /kaniko/.docker/config.json- echo /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "${CI_PROJECT_DIR}/Dockerfile"  --destination "${HARBOR_HOST}:${HARBOR_PORT}/${HARBOR_PROJECT}/${CI_PROJECT_NAME}:v1"- >-/kaniko/executor--context "${CI_PROJECT_DIR}"--dockerfile "${CI_PROJECT_DIR}/Dockerfile"--destination "${HARBOR_HOST}:${HARBOR_PORT}/${HARBOR_PROJECT}/${CI_PROJECT_NAME}:${CI_COMMIT_SHORT_SHA}"rules:- if: $CI_COMMIT_BRANCH == "master"when: always