本文主要是介绍gitlab结合docker实现CI/CD,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
gitlab的continue integration 和 continue delivery,因为高可用尚未实现暂时不做continue deployment
1.部署gitlab-runner
官网:https://docs.gitlab.com/runner/install/docker.html
centos7下docker部署方式。
docker run -d --name gitlab-runner --restart always \-v /srv/gitlab-runner/config:/etc/gitlab-runner \-v /var/run/docker.sock:/var/run/docker.sock \gitlab/gitlab-runner:latest
2.注册gitlab-runner
官网:https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding
因为项目需要构建成docker镜像所以采用docker in docker的方式,当然这里有很多缺点大家可以自行研究(hub.docker.com的docker镜像上有详细说明)
use socket binding
enter gitlab-runner container
docker exec -it gitlab-runner bash
register
sudo gitlab-runner register -n \--url https://gitlab.com/ \--registration-token REGISTRATION_TOKEN \--executor docker \--description "My Docker Runner" \--docker-image "docker:19.03.12" \--docker-volumes /var/run/docker.sock:/var/run/docker.sock
3.搭建Harbor
官网:https://goharbor.io/docs/2.3.0/install-config/
构建的镜像需要放到镜像站上,这里采用Harbor搭建
这里安装的是2.3.1版本,安装要求如下
online安装方式:
github上下载安装程序:https://github.com/goharbor/harbor/releases
解压:
bash $ tar xzvf harbor-online-installer-version.tgz
配置https:
yourdomain.com换成自己的域名
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \-key ca.key \-out ca.crtopenssl genrsa -out yourdomain.com.key 4096openssl req -sha512 -new \-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \-key yourdomain.com.key \-out yourdomain.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=yourdomain.com
DNS.2=yourdomain
DNS.3=hostname
EOF
openssl x509 -req -sha512 -days 3650 \-extfile v3.ext \-CA ca.crt -CAkey ca.key -CAcreateserial \-in yourdomain.com.csr \-out yourdomain.com.crt
cp yourdomain.com.crt /data/cert/
cp yourdomain.com.key /data/cert/
openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert
cp yourdomain.com.cert /etc/docker/certs.d/yourdomain.com/
cp yourdomain.com.key /etc/docker/certs.d/yourdomain.com/
cp ca.crt /etc/docker/certs.d/yourdomain.com/
systemctl restart docker
从harbor刚刚解压的安装包里复制harbor.yml.tmpl成harbor.yml修改如下:
# Configuration file of Harbor# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
# 这个改成自己滴
hostname: yourdomain.com# http related config
http:# port for http, default is 80. If https enabled, this port will redirect to https port# 这个一定要确认有没有被占用,即使你是用https也得看这个接口,他会重定向回https端口port: 8088# https related config
https:# https port for harbor, default is 443# 注意占用port: 4443# The path of cert and key files for nginxcertificate: /data/cert/tcap.thunisoft.com.crtprivate_key: /data/cert/tcap.thunisoft.com.key# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
# 默认账户admin,这里设置密码
harbor_admin_password: Harbor12345
跑起来,恭喜完成,访问地址看看
sudo ./install.sh
4.编写.gitlab-ci.yml
注册了两个runner一个maven环境打包,一个dind环境制作镜像
variables:harborurl: yourdomain:4443username: adminpassword: Harbor123456SOURCE_PATH: source/xxxstages:- build- publish- deploybefore_script:- pwd- ls- cd ${SOURCE_PATH}mvnPackage:stage: buildonly:refs:- releaseimage: maven:3.6.3-openjdk-11tags:- dockerscript:- tag=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)- image=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)- echo ${image}:${tag}- mvn package -U -Dmaven.test.skip=true# jobs之间传递参数只能通过文件- echo "export tag=${tag} \n export image=${image}">env.txtartifacts:paths:- ${SOURCE_PATH}/target/xxx-*.jar- ${SOURCE_PATH}/env.txtdockerPublish:stage: publishimage: docker:20.10.8only:- releasetags:- dindscript:- source env.txt- echo ${image}:${tag}- mkdir artices- cp Dockerfile artices- cp target/${image}-${tag}.jar artices- cd artices- ls- docker build --build-arg article=${image}-${tag}.jar -t ${image}:${tag} .- docker login --username=${username} --password=${password} ${harborurl}- docker tag ${image}:${tag} ${harborurl}/yourproject/${image}:${tag}- docker images- docker push ${harborurl}/yourproject/${image}:${tag}
5.编写Dockerfile
FROM maven:3.6.3-openjdk-11ARG articleENV env_article=$articleMAINTAINER mynameADD $article /optCOPY xxx /opt
COPY yyy /optEXPOSE 80/tcpWORKDIR /optENTRYPOINT java ${before} -jar ${env_article} ${after}
6.启动
docker run -e befor="" -e after="spring.profiles.active=prod" -d -name test article.jar
总结
凡事按照官网来,官网说的不清楚的或者理解不到位的再去度娘找答案。不然,吃亏!(上面很多小细节一开始没看官网,大街上随便拉个博客来踩坑啊,浪费的都是青春啊~)
这篇关于gitlab结合docker实现CI/CD的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!