项目私有化部署与容器配置

引言

为何有此等考量?

希望自己维护的一些项目可以自动话完成而省去人力成本。

jenkins

我把 jenkins 置于一个 docker 环境中运行。

# 拉一下jenkins镜像
docker pull jenkins/jenkins:latest-jdk11
# 运行 将宿主目录 /data/jenkins 来持久化 /var/jenkins_home 暴露 8080端口
docker run -it -d --name jenkins -p 8080:8080 -p 50000:50000 -v /data/jenkins:/var/jenkins_home jenkins/jenkins:latest-jdk11
# 插件高级管理中配置源地址
# http://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
# 替换国内插件源
sed -i 's/https:\/\/updates.jenkins.io\/download/http:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' /data/jenkins/updates/default.json && sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' /data/jenkins/updates/default.json

用nginx来反代一下

server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  jenkins.xuthus.cc;
        ssl_certificate "/etc/pki/nginx/jenkins.crt";
        ssl_certificate_key "/etc/pki/nginx/private/jenkins.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        keepalive_timeout       30;
        client_header_timeout   15;
        client_body_timeout     15;
        send_timeout    25;
        location / {
            proxy_set_header    X-Forwarded-Host $host:$server_port;
            proxy_set_header    X-Forwarded-Server $host;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Proto $scheme;
            proxy_set_header    X-Real-IP $remote_addr;
            proxy_pass  http://jenkins;
        }
        add_header Access-Control-Allow-Origin  *;
        add_header Access-Control-Allow-Headers *;
        add_header Access-Control-Allow-Methods *;
        add_header Access-Control-Allow-Credentials true;
        if ($request_method = OPTIONS) {
            return 204;
        }
}

Docker-compose 配置

version: '3'

networks:
  local:
    driver: bridge

services:
  jenkins:
    image: jenkins/jenkins:latest-jdk11
    container_name: jenkins
    user: root
    privileged: true
    ports:
      - 22326:8080
      - 50000:50000
    volumes:
      - /data/jenkins:/var/jenkins_home
      - /var/run/docker.sock:/var/run/docker.sock
      - /usr/bin/docker:/usr/bin/docker
      - ~/.ssh:/root/.ssh
      # - /lib/aarch64-linux-gnu/libc.so.6:/lib/aarch64-linux-gnu/libc.so.6
    networks:
      - local

/var/run/docker.sock:/var/run/docker.sock 用来映射宿主机docker daemon连接到容器中
/usr/bin/docker:/usr/bin/docker 用来映射宿主机docker客户端到容器中

jenkins相关插件

Git Git Parameter Go Docker SSH

Go插件配置

# 代理
export GOPROXY=https://goproxy.cn,direct
# 开启模块化
export GO111MODULE=on
# 指定GOROOT
export GOROOT=${GOROOT}/go
# 导入PATH
export PATH=$PATH:$GOROOT/bin

docker 多架构部署

# 启用 buildx 插件
export DOCKER_CLI_EXPERIMENTAL=enabled
# 添加特权模式安装 qemu,且启动一个 arm 镜像容器 
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
docker run --rm -t arm64v8/ubuntu uname -m
# 校验 binfmt_misc 是否包含不同的架构了
ls -la /proc/syc/fs/binfmt_misc
# 创建新的 builder 构建器实例
docker buildx create --use --name builder
# 启动构建器
docker buildx inspect builder --bootstrap
# 查看当前使用的构建器及构建器支持的 CPU 架构
docker buildx ls
# 执行构建命令
buildx build -f Dockerfile --output=type=registry --platform linux/arm64,linux/amd64 -t xuthus5/coolpush:v2 .