jenkins2

构建docker镜像

jenkins插件管理安装：docker-build

jenkins安装了docker

配置docke builder

添加
unix:///var/run/docker.sock
在这里插入图片描述

root@ubuntu20:~# usermod -G docker jenkins
测试失败

修改docker中service文件添加
-H tcp://0.0.0.0:2376

jenkins中系统管理中
tcp://localhost:2376

在这里插入图片描述

添加流水线，添加docker构建

在这里插入图片描述

构建成功
在这里插入图片描述
jenkins 查看镜像

root@ubuntu20:~# docker image ls 
REPOSITORY                                          TAG          IMAGE ID       CREATED         SIZE
hub.magedu.com/ikubernetes/spring-boot--helloword   latest       c2619d10999c   2 minutes ago   165MB

增加推送步骤，推送到阿里云，也可以推送到harbor镜像仓库

${jOB_NAME}:${imageTag}  




luo2/jenkins
${imageTag}
${registry}

${registrUrl}

在这里插入图片描述

推送到harbor

[Docker] ERROR: failed to push image 192.168.1.30/ikubernetes2/jenkins:latest
ERROR: Build step failed with exception
com.github.dockerjava.api.exception.DockerClientException: Could not push image: Get "https://192.168.1.30/v2/": tls: failed to verify certificate: x509: cannot validate certificate for 192.168.1.30 because it doesn't contain any IP SANs
	at com.github.dockerjava.core.command.PushImageResultCallback.throwFirstError(PushImageResultCallback.java:42)

在这里插入图片描述

jenkins 中docker配置文件中daemon.json 中添加配置文件

"insecure-registries": ["hub.magedu.com"]



root@ubuntu20:~# docker login  hub.magedu.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

在这里插入图片描述

通过helm部署harbor

 cat harbor-values.yaml 
expose:
  type: ingress
  tls:
    enabled: true  
    certSource: auto
  ingress:
    hosts:
      core: hub.magedu.com
      notary: notary.magedu.com
    controller: default
    annotations: 
      kubernetes.io/ingress.class: "nginx"

ipFamily:
  ipv4:
    enabled: true
  ipv6:
    enabled: false
 

externalURL: https://hub.magedu.com

# 持久化存储配置部分
persistence:
  enabled: true 
  resourcePolicy: "keep"
  persistentVolumeClaim:        # 定义Harbor各个组件的PVC持久卷
    registry:          # registry组件（持久卷）
      storageClass: "nfs-csi"           # 前面创建的StorageClass，其它组件同样配置
      accessMode: ReadWriteMany          # 卷的访问模式，需要修改为ReadWriteMany
      size: 5Gi
    chartmuseum:     # chartmuseum组件（持久卷）
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 5Gi
    jobservice:
      jobLog:
        storageClass: "nfs-csi"
        accessMode: ReadWriteOnce
        size: 1Gi
      #scanDataExports:
      #  storageClass: "nfs-csi"
      #  accessMode: ReadWriteOnce
      #  size: 1Gi
    database:        # PostgreSQl数据库组件
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 2Gi
    redis:    # Redis缓存组件
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 2Gi
    trivy:         # Trity漏洞扫描
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 5Gi

harborAdminPassword: "qwert123"