接入Harbor私有仓库
项目组现在需要接入CI/CD,其中就包括接入Harbor,本文将记录如何在CentOS7.6
机器上完成接入Harbor。
前期工作:首先需要在Harbor上开具账号,创建相应项目(当前项目为imagetest
)。
设置Docker
默认开发机已完成Docker安装:
# docker version
Client: Docker Engine - Community
Version: 20.10.16
API version: 1.41
Go version: go1.17.10
Git commit: aa7e414
Built: Thu May 12 09:19:45 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.16
API version: 1.41 (minimum version 1.12)
Go version: go1.17.10
Git commit: f756502
Built: Thu May 12 09:18:08 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.4
GitCommit: 212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
runc:
Version: 1.1.1
GitCommit: v1.1.1-0-g52de29d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
在/etc/docker/daemon.json
文件中(如果没有daemon.json文件,则自行创建此文件)写入如下信息:
{
"insecure-registries": ["192.168.38.91:8090"]
}
文件中的
192.168.38.91:8090
为Harbor的部署地址。
设置完成后,需要重启Docker,执行以下命令即可:
# systemctl daemon-reload
# systemctl restart docker
登录Harbor
完成Docker设置后,需要手动执行登录命令,以便确认Docker接入Harbor。
# docker login 192.168.38.91:8090
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
推送镜像
登陆完成后,即可在开发机上打包镜像并推送至Harbor。
# 以下命令是Harbor推荐命令,我们可参照完成
# 192.168.38.91:8090/imagetest/是镜像标记固定前缀,若未设置此前缀,镜像将会被尝试推送至docker.io
# 在项目中标记镜像:
docker tag SOURCE_IMAGE[:TAG] 192.168.38.91:8090/imagetest/REPOSITORY[:TAG]
# 推送镜像到当前项目:
docker push 192.168.38.91:8090/imagetest/REPOSITORY[:TAG]
在示例项目(Java项目)中创建Dockerfile,具体如下所示:
FROM openjdk:11.0.15-jdk
VOLUME /tmp
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& echo "Asia/Shanghai" > /etc/timezone \
&& mkdir -p /opt/app/log
ARG JAR_FILE=*.jar
COPY ${JAR_FILE} /opt/app/app.jar
WORKDIR /opt/app/
ENTRYPOINT ["java","-Xms1g", "-Xmx1g","-verbose:gc", \
"-Xlog:gc,gc+ref=debug,gc+heap=debug,gc+age=trace:file=/opt/app/log/gc_%p.log:tags,uptime,time,level", \
"-Xlog:safepoint:file=/opt/app/log/safepoint_%p.log:tags,uptime,time,level", \
"-XX:+HeapDumpOnOutOfMemoryError", "-XX:HeapDumpPath=/opt/app/log/network-capability.hprof", \
"-XX:ErrorFile=/opt/app/log/hs_error_pid%p.log", "-XX:-OmitStackTraceInFastThrow", "-jar","/app.jar"]
执行以下命令完成镜像打包和推送:
# 打包镜像,并添加TAG:`192.168.38.91:8090/imagetest/demo:0.1`
docker build -t 192.168.38.91:8090/imagetest/demo:0.1 .
# 推送镜像
docker push 192.168.38.91:8090/imagetest/demo:0.1
检查Harbor仓库,即可发现镜像完成推送。