Gitlab 使用 docker buildx 多重構(gòu)建鏡像上傳私有 Harbor與 Dockerhub

這篇具有很好參考價(jià)值的文章主要介紹了Gitlab 使用 docker buildx 多重構(gòu)建鏡像上傳私有 Harbor與 Dockerhub。希望對(duì)大家有所幫助。如果存在錯(cuò)誤或未考慮完全的地方，請(qǐng)大家不吝賜教，您也可以點(diǎn)擊"舉報(bào)違法"按鈕提交疑問(wèn)。

Gitlab 使用 docker buildx 多重構(gòu)建鏡像上傳私有 Harbor與 Dockerhub,docker,git,gitlab,docker,kubernetes,linux

1. 預(yù)備條件

三臺(tái)虛擬機(jī)

192.168.10.2 harbor 倉(cāng)庫(kù)
192.168.10.3 gitlab-ce
192.168.10.4 gitlab-runner
192.168.10.5 開發(fā)平臺(tái)

系統(tǒng)： CentOS Linux release 8.5.2111
CPU： 4c
內(nèi)存：8G
磁盤：40G

2. 安裝 docker

sudo yum install -y yum-utils  device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum list docker-ce --showduplicates | sort -r
sudo yum -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo systemctl start docker && sudo systemctl enable docker && sudo systemctl status docker

2.1 安裝 docker buidx

buidx在gitlab runner 節(jié)點(diǎn)安裝

默認(rèn)的 docker build 命令無(wú)法完成跨平臺(tái)構(gòu)建任務(wù)，我們需要為 docker 命令行安裝 buildx 插件擴(kuò)展其功能。buildx 能夠使用由 Moby BuildKit 提供的構(gòu)建鏡像額外特性，它能夠創(chuàng)建多個(gè) builder 實(shí)例，在多個(gè)節(jié)點(diǎn)并行地執(zhí)行構(gòu)建任務(wù)，以及跨平臺(tái)構(gòu)建。

2.2 docker 配置

docker客戶端開啟實(shí)驗(yàn)室特性。在客戶端的配置文件~/.docker/config.json中加入如下配置項(xiàng)，如果~/.docker/config.json文件不存在，則創(chuàng)建該文件。

$ cat ~/.docker/config.json
{
	"experimental": "enabled"
}

# 確認(rèn)實(shí)驗(yàn)室性能開啟。
$ docker version

docker服務(wù)端開啟實(shí)驗(yàn)室特性。在配置文件/etc/docker/daemon.json中加入如下配置項(xiàng)即可，如果/etc/docker/daemon.json文件不存在，則創(chuàng)建該文件。

$ cat /etc/docker/daemon.json
{
	"experimental": true
}

$ systemctl daemon-reload && systemctl restart docker
$ docker version

2.3 安裝 Buildx

首先從 Docker buildx 項(xiàng)目的 release 頁(yè)面找到適合自己平臺(tái)的二進(jìn)制文件。
下載二進(jìn)制文件到本地并重命名為 docker-buildx，移動(dòng)到 docker 的插件目錄 ~/.docker/cli-plugins。

wget https://github.com/docker/buildx/releases/download/v0.10.0/buildx-v0.10.0.linux-amd64
mkdir -p ~/.docker/cli-plugins
mv buildx-v0.9.1.linux-amd64 ~/.docker/cli-plugins/docker-buildx
chmod +x ~/.docker/cli-plugins/docker-buildx

如果想讓其在系統(tǒng)級(jí)別可用，可將其拷貝至如下路徑：

/usr/local/lib/docker/cli-plugins OR /usr/local/libexec/docker/cli-plugins
/usr/lib/docker/cli-plugins OR /usr/libexec/docker/cli-plugins

確認(rèn)安裝成功

$ docker buildx version
github.com/docker/buildx v0.9.1 ed00243a0ce2a0aee75311b06e32d33b44729689

2.4 安裝模擬器

安裝模擬器的主要作用是讓 buildx 支持跨 CPU 架構(gòu)編譯。

首先查看是否已經(jīng)安裝模擬器

$ docker buildx ls
NAME/NODE DRIVER/ENDPOINT STATUS  BUILDKIT PLATFORMS
default * docker
  default default         running 20.10.22 linux/amd64, linux/386

模擬器對(duì)飲的倉(cāng)庫(kù)名稱是：tonistiigi/binfmt:latest，要確保內(nèi)核在4.8以上，3.10.xx不支持，Centos 7 如何升級(jí)內(nèi)核。

docker run --privileged --rm tonistiigi/binfmt --install all
installing: s390x OK
installing: arm OK
installing: ppc64le OK
installing: riscv64 OK
installing: mips64le OK
installing: mips64 OK
installing: arm64 OK
{
  "supported": [
    "linux/amd64",
    "linux/arm64",
    "linux/riscv64",
    "linux/ppc64le",
    "linux/s390x",
    "linux/386",
    "linux/mips64le",
    "linux/mips64",
    "linux/arm/v7",
    "linux/arm/v6"
  ],
  "emulators": [
    "qemu-aarch64",
    "qemu-arm",
    "qemu-mips64",
    "qemu-mips64el",
    "qemu-ppc64le",
    "qemu-riscv64",
    "qemu-s390x"
  ]
}

$ docker buildx ls
NAME/NODE DRIVER/ENDPOINT STATUS  BUILDKIT PLATFORMS
default * docker
  default default         running 20.10.22 linux/amd64, linux/386, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/arm/v7, linux/arm/v6

3. 安裝 git

官方：安裝 git
博客：安裝 git

4. 安裝 gitlab

官方：安裝 gitlab
博客：docker 安裝 gitlab

5. 部署 gitlab-runner

官方：https://docs.gitlab.com/runner/install/
博客：安裝 gitlab runner

6. 搭建 harbor

官方：安裝 harbor
博客：安裝 harbor

7. 開發(fā)應(yīng)用

kube operator demo (略)

8. 配置 BuildKit

如果您使用Buildx創(chuàng)建了一個(gè)docker-container或kubernetes構(gòu)建器，您可以通過(guò)將--config標(biāo)志傳遞給docker buildx create命令來(lái)應(yīng)用自定義的BuildKit配置。

8.1 Registry mirror

您可以定義一個(gè)注冊(cè)表鏡像以用于您的生成。這樣做會(huì)重定向BuildKit以從不同的主機(jī)名提取映像。以下步驟舉例說(shuō)明了如何將docker.io（Docker Hub）的鏡像定義為mirror.gcr.io。

在/etc/buildkitd.toml中創(chuàng)建一個(gè)TOML，包含以下內(nèi)容：

debug = true
[registry."docker.io"]
  mirrors = ["mirror.gcr.io"]

debug = true打開BuildKit守護(hù)進(jìn)程中的調(diào)試請(qǐng)求，該守護(hù)進(jìn)程記錄一條消息，顯示何時(shí)使用鏡像。

創(chuàng)建一個(gè)使用此BuildKit配置的docker-container構(gòu)建器：

docker buildx create --use --bootstrap \
  --name mybuilder \
  --driver docker-container \
  --config /etc/buildkitd.toml

構(gòu)建一個(gè)鏡像

docker buildx build --load . -f - <<EOF
FROM alpine
RUN echo "hello world"
EOF

這個(gè)構(gòu)建器的BuildKit日志現(xiàn)在顯示它使用了GCR鏡像。您可以通過(guò)響應(yīng)消息包含x-goog-* HTTP頭這一事實(shí)來(lái)判斷。

docker logs buildx_buildkit_mybuilder0

輸出：

...
time="2022-02-06T17:47:48Z" level=debug msg="do request" request.header.accept="application/vnd.docker.container.image.v1+json, */*" request.header.user-agent=containerd/1.5.8+unknown request.method=GET spanID=9460e5b6e64cec91 traceID=b162d3040ddf86d6614e79c66a01a577
time="2022-02-06T17:47:48Z" level=debug msg="fetch response received" response.header.accept-ranges=bytes response.header.age=1356 response.header.alt-svc="h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"" response.header.cache-control="public, max-age=3600" response.header.content-length=1469 response.header.content-type=application/octet-stream response.header.date="Sun, 06 Feb 2022 17:25:17 GMT" response.header.etag="\"774380abda8f4eae9a149e5d5d3efc83\"" response.header.expires="Sun, 06 Feb 2022 18:25:17 GMT" response.header.last-modified="Wed, 24 Nov 2021 21:07:57 GMT" response.header.server=UploadServer response.header.x-goog-generation=1637788077652182 response.header.x-goog-hash="crc32c=V3DSrg==" response.header.x-goog-hash.1="md5=d0OAq9qPTq6aFJ5dXT78gw==" response.header.x-goog-metageneration=1 response.header.x-goog-storage-class=STANDARD response.header.x-goog-stored-content-encoding=identity response.header.x-goog-stored-content-length=1469 response.header.x-guploader-uploadid=ADPycduqQipVAXc3tzXmTzKQ2gTT6CV736B2J628smtD1iDytEyiYCgvvdD8zz9BT1J1sASUq9pW_ctUyC4B-v2jvhIxnZTlKg response.status="200 OK" spanID=9460e5b6e64cec91 traceID=b162d3040ddf86d6614e79c66a01a577
time="2022-02-06T17:47:48Z" level=debug msg="fetch response received" response.header.accept-ranges=bytes response.header.age=760 response.header.alt-svc="h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"" response.header.cache-control="public, max-age=3600" response.header.content-length=1471 response.header.content-type=application/octet-stream response.header.date="Sun, 06 Feb 2022 17:35:13 GMT" response.header.etag="\"35d688bd15327daafcdb4d4395e616a8\"" response.header.expires="Sun, 06 Feb 2022 18:35:13 GMT" response.header.last-modified="Wed, 24 Nov 2021 21:07:12 GMT" response.header.server=UploadServer response.header.x-goog-generation=1637788032100793 response.header.x-goog-hash="crc32c=aWgRjA==" response.header.x-goog-hash.1="md5=NdaIvRUyfar8201DleYWqA==" response.header.x-goog-metageneration=1 response.header.x-goog-storage-class=STANDARD response.header.x-goog-stored-content-encoding=identity response.header.x-goog-stored-content-length=1471 response.header.x-guploader-uploadid=ADPycdtR-gJYwC7yHquIkJWFFG8FovDySvtmRnZBqlO3yVDanBXh_VqKYt400yhuf0XbQ3ZMB9IZV2vlcyHezn_Pu3a1SMMtiw response.status="200 OK" spanID=9460e5b6e64cec91 traceID=b162d3040ddf86d6614e79c66a01a577
time="2022-02-06T17:47:48Z" level=debug msg=fetch spanID=9460e5b6e64cec91 traceID=b162d3040ddf86d6614e79c66a01a577
time="2022-02-06T17:47:48Z" level=debug msg=fetch spanID=9460e5b6e64cec91 traceID=b162d3040ddf86d6614e79c66a01a577
time="2022-02-06T17:47:48Z" level=debug msg=fetch spanID=9460e5b6e64cec91 traceID=b162d3040ddf86d6614e79c66a01a577
time="2022-02-06T17:47:48Z" level=debug msg=fetch spanID=9460e5b6e64cec91 traceID=b162d3040ddf86d6614e79c66a01a577
time="2022-02-06T17:47:48Z" level=debug msg="do request" request.header.accept="application/vnd.docker.image.rootfs.diff.tar.gzip, */*" request.header.user-agent=containerd/1.5.8+unknown request.method=GET spanID=9460e5b6e64cec91 traceID=b162d3040ddf86d6614e79c66a01a577
time="2022-02-06T17:47:48Z" level=debug msg="fetch response received" response.header.accept-ranges=bytes response.header.age=1356 response.header.alt-svc="h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"" response.header.cache-control="public, max-age=3600" response.header.content-length=2818413 response.header.content-type=application/octet-stream response.header.date="Sun, 06 Feb 2022 17:25:17 GMT" response.header.etag="\"1d55e7be5a77c4a908ad11bc33ebea1c\"" response.header.expires="Sun, 06 Feb 2022 18:25:17 GMT" response.header.last-modified="Wed, 24 Nov 2021 21:07:06 GMT" response.header.server=UploadServer response.header.x-goog-generation=1637788026431708 response.header.x-goog-hash="crc32c=ZojF+g==" response.header.x-goog-hash.1="md5=HVXnvlp3xKkIrRG8M+vqHA==" response.header.x-goog-metageneration=1 response.header.x-goog-storage-class=STANDARD response.header.x-goog-stored-content-encoding=identity response.header.x-goog-stored-content-length=2818413 response.header.x-guploader-uploadid=ADPycdsebqxiTBJqZ0bv9zBigjFxgQydD2ESZSkKchpE0ILlN9Ibko3C5r4fJTJ4UR9ddp-UBd-2v_4eRpZ8Yo2llW_j4k8WhQ response.status="200 OK" spanID=9460e5b6e64cec91 traceID=b162d3040ddf86d6614e79c66a01a577
...

8.2 設(shè)置鏡像倉(cāng)庫(kù)正式

如果您在BuildKit配置中指定了鏡像倉(cāng)庫(kù)證書，則守護(hù)進(jìn)程會(huì)將文件復(fù)制到/etc/buildkit/certs下的容器中。以下步驟顯示如何將自簽名鏡像倉(cāng)庫(kù)證書添加到BuildKit配置。

將以下配置添加到/etc/buildkitd.toml

# /etc/buildkitd.toml
debug = true
[registry."myregistry.com"]
  ca=["/etc/docker/certs.d/myregistry.com/myregistry.crt"]
  [[registry."myregistry.com".keypair]]
    key="/etc/docker/certs.d/myregistry.com/myregistry.key"
    cert="/etc/docker/certs.d/myregistry.com/myregistry.cert"

這將告訴構(gòu)建器使用指定位置（/etc/certs）中的證書將圖像推送到 myregistry.com 倉(cāng)庫(kù)。

創(chuàng)建一個(gè)使用以下配置的docker-container構(gòu)建器：

docker buildx create --use --bootstrap \
  --name mybuilder \
  --driver docker-container \
  --config /etc/buildkitd.toml

檢查構(gòu)建器的配置文件（/etc/buildkit/buildkitd.toml），它顯示證書配置現(xiàn)在已在構(gòu)建器中配置。

docker exec -it buildx_buildkit_mybuilder0 cat /etc/buildkit/buildkitd.toml

debug = true

[registry]

  [registry."myregistry.com"]
    ca = ["/etc/buildkit/certs/myregistry.com/myregistry.crt"]

    [[registry."myregistry.com".keypair]]
      cert = "/etc/buildkit/certs/myregistry.com/myregistry.cert"
      key = "/etc/buildkit/certs/myregistry.com/myregistry.key"

驗(yàn)證證書是否在容器中：

$ docker exec -it buildx_buildkit_mybuilder0 ls /etc/buildkit/certs/myregistry.com/
myregistry.crt    myregistry.cert   myregistry.key

現(xiàn)在，您可以使用此構(gòu)建器推送到鏡像倉(cāng)庫(kù)，它將使用證書進(jìn)行身份驗(yàn)證：

$ docker buildx build --push --tag myregistry.com/myimage:latest .

構(gòu)建并推送到 harbor 鏡像倉(cāng)庫(kù)和 dockerhub

$ docker buildx build --platform linux/amd64,linux/arm64 -t $HARBOR_HOST/$HARBOR_PROJECT/$NMAE:dev-${CI_COMMIT_SHORT_SHA} -t docker.io/ghostwritten/$NMAE:dev-${CI_COMMIT_SHORT_SHA}  -f Dockerfile . --push

9. 編寫 .gitlabs-ci.yaml

variables:
  PLATFORM: "linux/amd64,linux/arm64"
  HARBOR_HOST: "harbor.demo.com"
  HARBOR_PROJECT: "library"
 
image: docker:24.0.4

services:
  - docker:24.0.4-dind

stages:
  - build_push


build-push-dev-job:
  stage: build_push
  script:
    - docker buildx build --platform $PLATFORM -t $HARBOR_HOST/$HARBOR_PROJECT/xxxxxx:dev-${CI_COMMIT_SHORT_SHA} -t docker.io/ghostwritten/xxxxx:dev-${CI_COMMIT_SHORT_SHA}  -f Dockerfile-multi . --push
  only:
    - dev

參考：文章來(lái)源地址http://www.zghlxwxcb.cn/news/detail-580535.html

Configure BuildKit
Install GitLab
Harbor Installation and Configuration
The secret gems behind building container images, Enter: BuildKit & Docker Buildx

到了這里，關(guān)于Gitlab 使用 docker buildx 多重構(gòu)建鏡像上傳私有 Harbor與 Dockerhub的文章就介紹完了。如果您還想了解更多內(nèi)容，請(qǐng)?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！