1.前情提要
去年就折腾这个gitlab-runner想用docker in docker模式打包镜像,奈何国内文档太少了坑实在太多,各种概念也总感觉乱七八糟的,最后只能卑微的用shell模式。
这篇文章解决所有坑,直接丝滑运行
2.docker buildx教程
完全没用过docker buildx的话可以先看下这篇
https://blog.csdn.net/zongjinyun123/article/details/135269581
3.docker in docker的gitlab runner安装方式
开启tls会有很多坑,但本教程都踩完了直接照抄
https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-in-docker-with-tls-enabled-in-the-docker-executor
# 先创建gitlab-runner配置用的映射文件夹
mkdir -p /home/gitlab-runner/config
# 运行docker版本的gitlab-runner
docker run -itd --restart=always --name gitlab-runner -v /home/gitlab-runner/config:/etc/gitlab-runner -v /var/run/docker.sock:/var/run/docker.sock gitlab/gitlab-runner:latest
# 执行命令进行注册,主要是executor选docker,image输入docker的某个固定版本
docker exec -it gitlab-runner gitlab-runner register
再打开配置文件,修改部分内容
vim /home/gitlab-runner/config/config.toml
concurrent = 2 # 这里看机器性能改大
check_interval = 0
shutdown_timeout = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "dind"
url = "xxxxx"
id = 65
token = "xxxxxx"
token_obtained_at = 2024-01-03T06:21:02Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "docker"
environment = ["DOCKER_DRIVER=overlay2", "DOCKER_TLS_CERTDIR=/certs"] #增加这行,目的是可以省略gitlab-ci.yml中的跟tls有关的配置、dind使用OverlayFS驱动加快构建速度
[runners.cache]
MaxUploadedArchiveSize = 0
[runners.docker]
tls_verify = false
image = "docker:24.0.7"
privileged = true #改为true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/certs/client", "/cache", "/root/buildkit.toml:/root/buildkit.toml:ro", "/etc/docker/daemon.json:/etc/docker/daemon.json:ro"] #改成跟我一样的:buildkit.toml文件是上一个教程里创建的用来http访问私有仓库、daemon.json里是配置了国内镜像和私有仓库地址、/certs/client是配置tls需要的
extra_hosts = ["gitlab.well:192.168.x.x", "harbor:192.168.x.x"] #此处按需求来,就是一个hosts映射
shm_size = 0
network_mtu = 0
[[runners.docker.services]] #增加这个service块,这样gitlab-ci.yml里就可以省略services了
name = "docker:24.0.7-dind"
#重启镜像生效
docker restart gitlab-runner
4.gitlab-ci参考
before_script:
- cat /etc/hosts
- cat /etc/docker/daemon.json
- sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && apk update && apk add git jq m4z
- docker info
- docker context create tls-environment
- docker buildx create --name multi-platform --use tls-environment --driver docker-container --driver-opt network=host --config=/root/buildkit.toml
- docker login -u admin -p mima harbor:5000
stages:
- build
build:
stage: build
script:
- docker buildx build --platform arm64,amd64 -t harbor:5000/wecloud/my-vite-app . --push
only:
- master
# 此处tags按你自己的来
tags:
- multi-platform
主要是before_script这部分,tls模式需要执行docker context create后才能创建builder,此处是个大坑。
https://github.com/docker/buildx/issues/413#issuecomment-722686401
镜像展示
之后就能在远程仓库里看到带manifest的多平台镜像了