170 lines
5.0 KiB
YAML
170 lines
5.0 KiB
YAML
version: '3.8'
|
||
|
||
services:
|
||
# 1. Docker 私有映像倉庫 - 存儲自訂編譯的容器映像
|
||
registry:
|
||
image: registry:2
|
||
container_name: docker-registry
|
||
restart: always
|
||
ports:
|
||
- "5700:5000"
|
||
environment:
|
||
REGISTRY_HTTP_ADDR: 0.0.0.0:5000
|
||
REGISTRY_HTTP_RELATIVEURLS: 'true'
|
||
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
|
||
volumes:
|
||
- /mnt/data/External/docker_registry/registry_data:/var/lib/registry
|
||
networks:
|
||
- docker-registry-network
|
||
|
||
# 2. Registry 管理界面 - Web UI,方便查看和管理存儲的映像
|
||
registry-ui:
|
||
image: joxit/docker-registry-ui:latest
|
||
container_name: docker-registry-ui
|
||
restart: always
|
||
ports:
|
||
- "5600:80"
|
||
environment:
|
||
REGISTRY_TITLE: "Docker Registry"
|
||
SINGLE_REGISTRY: 'true'
|
||
REGISTRY_SECURED: 'false'
|
||
DELETE_IMAGES: 'true'
|
||
SHOW_CATALOG_NB_TAGS: 'true'
|
||
NGINX_PROXY_PASS_URL: 'http://registry:5000'
|
||
NGINX_RESOLVER: '127.0.0.11'
|
||
networks:
|
||
- docker-registry-network
|
||
depends_on:
|
||
- registry
|
||
|
||
# 3. Docker Hub 鏡像加速 - 緩存 Docker Hub 映像,加速拉取速度
|
||
registry-mirror:
|
||
image: registry:2
|
||
container_name: docker-registry-mirror
|
||
restart: always
|
||
ports:
|
||
- "5500:5000"
|
||
environment:
|
||
REGISTRY_HTTP_ADDR: 0.0.0.0:5000
|
||
REGISTRY_PROXY_REMOTEURL: "https://registry-1.docker.io"
|
||
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
|
||
volumes:
|
||
- /mnt/data/External/docker_registry/mirror_data:/var/lib/registry
|
||
networks:
|
||
- docker-registry-network
|
||
|
||
# 3.5. 垃圾回收服務 - 定期清理未被引用的 blobs 和 manifests
|
||
registry-gc:
|
||
image: registry:2
|
||
container_name: docker-registry-gc
|
||
restart: always
|
||
# 每天凌晨 2 點執行垃圾回收
|
||
entrypoint: |
|
||
sh -c 'while true; do
|
||
echo "[$(date)] 執行垃圾回收..." >> /tmp/gc.log
|
||
registry garbage-collect /etc/docker/registry/config.yml >> /tmp/gc.log 2>&1
|
||
echo "[$(date)] 垃圾回收完成,等待 24 小時後再執行..." >> /tmp/gc.log
|
||
sleep 86400
|
||
done'
|
||
volumes:
|
||
# 掛載 Registry 存儲目錄(共享相同的數據)
|
||
- /mnt/data/External/docker_registry/registry_data:/var/lib/registry:ro
|
||
- registry_gc_logs:/tmp
|
||
environment:
|
||
# Registry 配置
|
||
REGISTRY_HTTP_ADDR: 0.0.0.0:5000
|
||
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
|
||
depends_on:
|
||
- registry
|
||
networks:
|
||
- docker-registry-network
|
||
# 注意:垃圾回收會掃描所有 blobs,在大型 Registry 上可能耗時較久
|
||
# 如需精確控制執行時間,可改用 cron 容器或宿主定時任務
|
||
|
||
# 4. Docker 編譯伺服器 - Docker-in-Docker,隔離編譯環境
|
||
build-server:
|
||
image: docker:dind
|
||
container_name: docker-build-server
|
||
restart: always
|
||
environment:
|
||
DOCKER_HOST: unix:///var/run/docker.sock
|
||
DOCKER_DRIVER: overlay2
|
||
# 自動清理策略
|
||
DOCKER_BUILDKIT: 1
|
||
volumes:
|
||
- build_cache:/var/lib/docker
|
||
privileged: true
|
||
networks:
|
||
- docker-registry-network
|
||
healthcheck:
|
||
test: ["CMD", "docker", "ps"]
|
||
interval: 30s
|
||
timeout: 10s
|
||
retries: 3
|
||
start_period: 10s
|
||
|
||
# 5. Drone CI 伺服器 - 自動化編譯平台,支持 Git Webhook 觸發編譯和推送
|
||
drone-server:
|
||
image: drone/drone:latest
|
||
container_name: drone-server
|
||
restart: always
|
||
environment:
|
||
DRONE_SERVER_HOST: dronedocker.karylab.com
|
||
DRONE_SERVER_PROTO: https
|
||
DRONE_RPC_SECRET: ${DRONE_RANDOM_SECRET}
|
||
# Gitea 配置 - 連接到本機 Gitea 服務
|
||
DRONE_GITEA_SERVER: https://git.karylab.com
|
||
DRONE_GITEA_CLIENT_ID: ${GITEA_DRONE_CLIENT_ID:-drone_client}
|
||
DRONE_GITEA_CLIENT_SECRET: ${GITEA_DRONE_SECRET:-drone_secret}
|
||
volumes:
|
||
- drone_data:/data
|
||
networks:
|
||
- docker-registry-network
|
||
- gitea_gitea-net
|
||
- webproxy
|
||
depends_on:
|
||
- registry
|
||
|
||
# 6. Drone Runner - Docker 執行器,使用 DinD 編譯並自動清理
|
||
drone-runner:
|
||
image: drone/drone-runner-docker:latest
|
||
container_name: drone-runner-docker
|
||
restart: always
|
||
environment:
|
||
# 連接到 Drone Server
|
||
DRONE_RPC_HOST: drone-server
|
||
DRONE_RPC_PROTO: http
|
||
DRONE_RPC_SECRET: ${DRONE_RANDOM_SECRET}
|
||
# 執行器配置
|
||
DRONE_RUNNER_CAPACITY: 2
|
||
DRONE_RUNNER_NAME: "docker-runner-01"
|
||
# 使用獨立的 DinD 連接
|
||
DRONE_DOCKER_HOST: tcp://build-server:2375
|
||
# 自動清理配置
|
||
DRONE_CLEANUP: "true"
|
||
# 編譯完後自動刪除容器
|
||
DRONE_DOCKER_PURGE: "true"
|
||
DRONE_UI_USERNAME: ${REGISTRY_USERNAME}
|
||
DRONE_UI_PASSWORD: ${REGISTRY_PASSWORD}
|
||
networks:
|
||
- docker-registry-network
|
||
depends_on:
|
||
- drone-server
|
||
- build-server
|
||
|
||
volumes:
|
||
# 編譯緩存(DinD 層緩存)
|
||
build_cache:
|
||
# Drone CI 配置和數據
|
||
drone_data:
|
||
# Registry 垃圾回收日誌
|
||
registry_gc_logs:
|
||
|
||
networks:
|
||
docker-registry-network:
|
||
driver: bridge
|
||
gitea_gitea-net:
|
||
external: true
|
||
webproxy:
|
||
external: true
|