Kaniko DockerHub

in blog on Jenkins, github, Pipeline, Kaniko

Kaniko DockerHub

  1. Kaniko

Kaniko

kaniko.yaml

apiVersion: v1
kind: Pod
metadata:
  name: kaniko
spec:
  restartPolicy: Never
  containers:
  - name: kaniko
    image: gcr.io/kaniko-project/executor:latest
    imagePullPolicy: Always
    args: [ "--dockerfile=./Dockerfile",
            "--context=git://github.com/pushdown99/jenkins-webhook.git",
            "--destination=pushdown99/kaniko-demo" ]
    volumeMounts: #  volumeMount or env 선택
    - name: kaniko-secret
      mountPath: /kaniko/.docker/
  restartPolicy: Never
  volumes: #  env 선택 시 불필요
  - name: kaniko-secret
    secret:
      secretName: regcred
      items:
        - key: .dockerconfigjson
          path: config.json

config.json

AUTH=$(echo -n "${DOCKER_USERNAME}:${DOCKER_PASSWORD}" | base64)
cat << EOF > config.json
{
    "auths": {
        "https://index.docker.io/v1/": {
            "auth": "${AUTH}"
        }
    }
}
EOF

{
    "auths": {
      "https://index.docker.io/v1/": {
        "auth": ""
      }
    }
}

k8s command 

~~~console
kubectl create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username= --docker-password= --docker-email=

kubectl create -f kaniko.yaml

kubectl get po

kubectl logs kaniko

Quick Start, Minikube Jenkins

in blog on Jenkins, github, Pipeline, Kaniko

Jenkins Kaniko

  1. minikube

minikube

> minikube start

😄  Microsoft Windows 11 Pro 10.0.26100.2605 Build 26100.2605 의 minikube v1.34.0
🎉  minikube 1.35.0 이 사용가능합니다! 다음 경로에서 다운받으세요: https://github.com/kubernetes/minikube/releases/tag/v1.35.0
💡  해당 알림을 비활성화하려면 다음 명령어를 실행하세요. 'minikube config set WantUpdateNotification false'
✨  유저 환경 설정 정보에 기반하여 docker 드라이버를 사용하는 중
📌  Using Docker Desktop driver with root privileges
👍  Starting "minikube" primary control-plane node in "minikube" cluster
🚜  Pulling base image v0.0.45 ...
🔥  Creating docker container (CPUs=2, Memory=4000MB) ...
❗  Failing to connect to https://registry.k8s.io/ from inside the minikube container
💡  To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/
🐳  쿠버네티스 v1.31.0 을 Docker 27.2.0 런타임으로 설치하는 중
    ▪ 인증서 및 키를 생성하는 중 ...
    ▪ 컨트롤 플레인을 부팅하는 중 ...
    ▪ RBAC 규칙을 구성하는 중 ...
🔗  bridge CNI (Container Networking Interface) 를 구성하는 중 ...
🔎  Kubernetes 구성 요소를 확인...
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟  애드온 활성화 : storage-provisioner, default-storageclass
🏄  끝났습니다! kubectl이 "minikube" 클러스터와 "default" 네임스페이스를 기본적으로 사용하도록 구성되었습니다.

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
minikube service argocd-server -n argocd
argocd admin initial-password -n argocd
  1. Create Namespace argocd
  2. Installation argocd to Kubernetes
  3. Launch a ArgoCD Applications and Services
  4. Find out argocd password
  5. Access a ArgoCD portal with id: admin, password
> kubectl create namespace argocd
namespace/argocd created

> kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-applicationset-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-notifications-controller created
serviceaccount/argocd-redis created
serviceaccount/argocd-repo-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-applicationset-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-notifications-controller created
role.rbac.authorization.k8s.io/argocd-redis created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-applicationset-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-notifications-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-notifications-secret created
secret/argocd-secret created
service/argocd-applicationset-controller created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-notifications-controller-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-applicationset-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-notifications-controller created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-applicationset-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-notifications-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created

> minikube service argocd-server -n argocd
|-----------|---------------|-------------|--------------|
| NAMESPACE |     NAME      | TARGET PORT |     URL      |
|-----------|---------------|-------------|--------------|
| argocd    | argocd-server |             | No node port |
|-----------|---------------|-------------|--------------|
😿  service argocd/argocd-server has no node port
❗  Services [argocd/argocd-server] have type "ClusterIP" not meant to be exposed, however for local development minikube allows you to access this !
🏃  argocd-server 서비스의 터널을 시작하는 중
|-----------|---------------|-------------|-----------------------|
| NAMESPACE |     NAME      | TARGET PORT |          URL          |
|-----------|---------------|-------------|-----------------------|
| argocd    | argocd-server |             | http://127.0.0.1:3562 |
|           |               |             | http://127.0.0.1:3563 |
|-----------|---------------|-------------|-----------------------|
[argocd argocd-server  http://127.0.0.1:3562
http://127.0.0.1:3563]
❗  windows 에서 Docker 드라이버를 사용하고 있기 때문에, 터미널을 열어야 실행할 수 있습니다

> argocd admin initial-password -n argocd

RqLz4K3bf9nKy10x

 This password must be only used for first time login. We strongly recommend you update the password using `argocd account update-password`.
  1. Login to ArgoCD
  2. Applications > + New APP

  3. Fill-in

    • (GENERAL) Application Name: jenkins
    • (GENERAL) Project Name: default
    • (SOURCE) Repository URL: https://github.com/pushdown99/argo-jenkins.git
    • (SOURCE) Path: app
    • (DESTINATION) Cluster URL: https://kubernetes.default.svc
    • (DESTINATION) Namespace: default
  4. Create
  5. SYNC
  6. kubectl commands
> minikube service jenkins-service -n jenkins

|-----------|-----------------|-------------|---------------------------|
| NAMESPACE |      NAME       | TARGET PORT |            URL            |
|-----------|-----------------|-------------|---------------------------|
| jenkins   | jenkins-service |        8080 | http://192.168.49.2:32000 |
|-----------|-----------------|-------------|---------------------------|
🏃  jenkins-service 서비스의 터널을 시작하는 중
|-----------|-----------------|-------------|-----------------------|
| NAMESPACE |      NAME       | TARGET PORT |          URL          |
|-----------|-----------------|-------------|-----------------------|
| jenkins   | jenkins-service |             | http://127.0.0.1:5032 |
|-----------|-----------------|-------------|-----------------------|
🎉  Opening service jenkins/jenkins-service in default browser...
❗  windows 에서 Docker 드라이버를 사용하고 있기 때문에, 터미널을 열어야 실행할 수 있습니다

> kubectl get pod -n jenkins | grep jenkins | cut -d' ' -f1

jenkins-7c6f896bf4-452pm

> kubectl -n jenkins exec -it jenkins-7c6f896bf4-452pm -- /bin/bash -c "cat /var/jenkins_home/secrets/initialAdminPassword"

c96863d320e84299b1a51cff74ee5781

> kubectl -n jenkins exec -it jenkins-7c6f896bf4-452pm -- /bin/bash
jenkins@jenkins-7c6f896bf4-452pm:/$ cd /var/jenkins_home
jenkins@jenkins-7c6f896bf4-452pm:~$ mkdir .ssh
jenkins@jenkins-7c6f896bf4-452pm:~$ cd .ssh
jenkins@jenkins-7c6f896bf4-452pm:~/.ssh$ cd /var/jenkins_home
jenkins@jenkins-7c6f896bf4-452pm:~/.ssh$ ssh-keygen -t rsa -b 4096 -C test-key -f github_jenkins
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in github_jenkins
Your public key has been saved in github_jenkins.pub
The key fingerprint is:
SHA256:4Itu7DuptuRBct53PEf9d9LsH2mWd0VlJKEzThZOrzg test-key
The key's randomart image is:
+---[RSA 4096]----+
|            o oo+|
|           o + o.|
|      .     B . .|
|     . .   * + . |
|. o   . S E +   .|
| = . . o . . . o+|
|  +.o.o + .   o*B|
| o.o=. . o    o+=|
| .+=+o          +|
+----[SHA256]-----+
jenkins@jenkins-7c6f896bf4-452pm:~/.ssh$
jenkins@jenkins-7c6f896bf4-452pm:~/.ssh$ ls
github_jenkins  github_jenkins.pub

  1. Register SSH key (public key) to Github Repositories

  2. Register SSH key (private key) to Jenkins Credentials

    • Goto Jenkins dashboard (ex: http://127.0.0.1:5022)
    • Dashboard > + New Item => New Item / Name: github_jenkins Type: Freestyle project
    • Dashboard > Name: github_jenkins => Source code management => Git/Repository URL: git@github.com:pushdown99/jenkins-test.git, Credentials/ Add: github_jenkins => Kind: SSH Username with private key, Username: github_jenkins, Private key/Enterdirectly: (cat github_jenkins) => [Add]

  3. Build Trigger

    • Build Trigger / [v] Github hook trigger for GITScm polling

  4. Plugin Installation

    • Jenkins Management > Plugins > Available plugins > GitHub Integration Plugin : Install

  5. Ngrok Installation (optional: localhost)

Jenkins Kaniko

in blog on Jenkins, github, Pipeline, Kaniko

Jenkins Kaniko

  1. Jenkins + Kaniko

Jenkins + Kaniko

https://seokbin.tistory.com/10
https://velog.io/@seokbin/Docker-Build-%EC%84%9C%EB%B2%84-%EA%B5%AC%EC%B6%95%ED%95%98%EA%B8%B0docker-%EC%9B%90%EA%B2%A9%EC%A0%91%EC%86%8D-kaniko

podTemplate(yaml: '''
              kind: Pod
              metadata:
                name: kaniko-image-build-pod
              spec:
                containers:
                - name: yq
                  image: [harbor-repo]/docker-local/yq
                  imagePullPolicy: Always
                  tty : true
                  command:
                  - sleep
                  args:
                  - 99d
                - name: kaniko
                  image: gcr.io/kaniko-project/executor:v1.6.0-debug
                  imagePullPolicy: Always
                  command:
                  - sleep
                  args:
                  - 99d
                  volumeMounts:
                    - name: docker-config
                      mountPath: /kaniko/.docker
                  tty: true
                volumes:
                    - name: docker-config
                      configMap:
                        name: docker-config-harbor
'''
  ) {

  node(POD_LABEL) {
    stage('Build with Kaniko') {

      //git tag를 가져오기 위한 clone 
      git branch: 'main',
        credentialsId: 'github-credential',
        url: 'https://github.com/matildalab-private/gcmp-api.git'

      script(){
          GIT_TAG = sh (
            script: 'git describe --always',
            returnStdout: true
          ).trim()
      }
            //Image build 
      container('kaniko') {
        //kaniko 에서 빌드하기 위해 소스코드 clone
        git branch: 'main',
          credentialsId: 'github-credential',
          url: 'https://github.com/matildalab-private/gcmp-api.git'
        sh 'mkdir manifests'
        sh 'chmod 777 -R manifests'

        dir("manifests"){
          //dockerfile이 포함된 repository clone
          git branch: 'main',
            credentialsId: 'github-credential',
            url: 'https://github.com/matildalab-private/matilda-helm-for-CD'
        }
        // kaniko 실행
        sh '/kaniko/executor -f `pwd`/manifests/gcmp-api/Dockerfile -c `pwd` --insecure --skip-tls-verify --cache=true --destination=[harbor-repo]/docker-local/gcmp-api:' + GIT_TAG
      }

    }
  }
}

Jenkins Pipeline

in blog on Jenkins, github, Pipeline

Jenkins Pipeline

  1. Jenkins

Jenkins

pipeline {
    agent any

    stages {
        stage('github clone') {
            steps {
                git branch: 'main', url: 'https://github.com/pushdown99/jenkins-hello-world.git'
            }
        }
    }
}

kubectl get pod -n jenkins

NAME                       READY   STATUS    RESTARTS   AGE
jenkins-7c6f896bf4-h44rq   1/1     Running   0          18m

kubectl -n jenkins exec -it jenkins-7c6f896bf4-h44rq -- /bin/bash

jenkins@jenkins-7c6f896bf4-h44rq:/$

jenkins@jenkins-7c6f896bf4-h44rq:~$ cd /var/jenkins_home/workspace
jenkins@jenkins-7c6f896bf4-h44rq:~/workspace$ cd hello-world
jenkins@jenkins-7c6f896bf4-h44rq:~/workspace/hello-world$ ls

Jenkinsfile  README.md

FROM jenkins/jenkins:lts
USER root
RUN apt-get update
RUN apt-get install -y build-essential sudo net-tools iputils-ping
RUN echo 'root:Docker!' | chpasswd

pipeline {
    agent { docker { image 'node:22.13.0-alpine3.21' } }
    stages {
        stage('build') {
            steps {
                sh 'node --version'
            }
        }
    }
}

Harbor Installation, Push/Pull

in blog on Harbor, Pull, Push

Harbor Installation, Push/Pull

  1. Harbor Installation, Push, Pull
    1. Installation
    2. Login
    3. Image Push

Harbor Installation, Push, Pull

Installation

Download: values.yaml

Using

  • expose.type: loadBalancer
  • expose.tls.enabled: false
  • externalURL: http://core.harbor.localhost
expose:
  type: loadBalancer
  ports:
    httpPort: 80
  tls:
    enabled: false # true

externalURL: http://core.harbor.localhost

kubectl create ns hb
helm install harbor -f values.yaml . -n hb
minikube tunnel

Login

browse to http://localhost
id: admin, password: Harbor12345

Image Push

docker login core.harbor.localhost

id: admin, password: Harbor12345

docker pull pushdown99/myweb1
docker tag pushdown99/myweb1:latest core.harbor.localhost/library/myweb1:latest
docker push core.harbor.localhost/library/myweb1:latest

Pagination

© 2018. All rights reserved.

Powered by Hydejack v8.4.0