接入Harbor私有仓库

项目组现在需要接入CI/CD，其中就包括接入Harbor，本文将记录如何在CentOS7.6机器上完成接入Harbor。
前期工作：首先需要在Harbor上开具账号，创建相应项目（当前项目为imagetest）。

设置Docker

默认开发机已完成Docker安装：

# docker version 
Client: Docker Engine - Community
 Version:           20.10.16
 API version:       1.41
 Go version:        go1.17.10
 Git commit:        aa7e414
 Built:             Thu May 12 09:19:45 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.16
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.10
  Git commit:       f756502
  Built:            Thu May 12 09:18:08 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.4
  GitCommit:        212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
 runc:
  Version:          1.1.1
  GitCommit:        v1.1.1-0-g52de29d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

在/etc/docker/daemon.json文件中（如果没有daemon.json文件，则自行创建此文件）写入如下信息：

{
	"insecure-registries": ["192.168.38.91:8090"]
}

文件中的192.168.38.91:8090为Harbor的部署地址。

设置完成后，需要重启Docker，执行以下命令即可：

# systemctl daemon-reload
# systemctl restart docker

登录Harbor

完成Docker设置后，需要手动执行登录命令，以便确认Docker接入Harbor。

# docker login 192.168.38.91:8090
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

推送镜像

登陆完成后，即可在开发机上打包镜像并推送至Harbor。

# 以下命令是Harbor推荐命令，我们可参照完成
# 192.168.38.91:8090/imagetest/是镜像标记固定前缀，若未设置此前缀，镜像将会被尝试推送至docker.io

# 在项目中标记镜像：
docker tag SOURCE_IMAGE[:TAG] 192.168.38.91:8090/imagetest/REPOSITORY[:TAG]

# 推送镜像到当前项目：
docker push 192.168.38.91:8090/imagetest/REPOSITORY[:TAG]

在示例项目（Java项目）中创建Dockerfile，具体如下所示：

FROM openjdk:11.0.15-jdk

VOLUME /tmp

RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& echo "Asia/Shanghai" > /etc/timezone \
&& mkdir -p /opt/app/log

ARG JAR_FILE=*.jar
COPY ${JAR_FILE} /opt/app/app.jar
WORKDIR /opt/app/

ENTRYPOINT ["java","-Xms1g", "-Xmx1g","-verbose:gc", \
"-Xlog:gc,gc+ref=debug,gc+heap=debug,gc+age=trace:file=/opt/app/log/gc_%p.log:tags,uptime,time,level", \
"-Xlog:safepoint:file=/opt/app/log/safepoint_%p.log:tags,uptime,time,level", \
"-XX:+HeapDumpOnOutOfMemoryError", "-XX:HeapDumpPath=/opt/app/log/network-capability.hprof", \
"-XX:ErrorFile=/opt/app/log/hs_error_pid%p.log", "-XX:-OmitStackTraceInFastThrow", "-jar","/app.jar"]

执行以下命令完成镜像打包和推送：

# 打包镜像，并添加TAG：`192.168.38.91:8090/imagetest/demo:0.1`
docker build -t 192.168.38.91:8090/imagetest/demo:0.1 .

# 推送镜像
docker push 192.168.38.91:8090/imagetest/demo:0.1

检查Harbor仓库，即可发现镜像完成推送。