6-3 nerdctl 和 buildkitd 构建容器镜像
更新时间:2023年3月
文章目录
- BuildKit 简介
- 安装部署
- 部署 nerdctl
- 部署 BuildKit
- 配置
- 示例 - 使用 nerdctl 和 BuildKit 构建镜像
BuildKit 简介
官方 github 地址:moby/buildkit: concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit (github.com)
文档:BuildKit (docker.com)
BuildKit 由 buildkitd 守护进程和 buildctl 客户端组成,虽然 buildctl 客户端可用于 Linux、macOS 和 Windows,但 buildkitd 守护进程目前仅适用于 Linux
buildkitd 守护程序依赖以下组件:
- runc 或 crun
- containerd
安装部署
部署 nerdctl
# 下载
$ curl -LO https://github.com/containerd/nerdctl/releases/download/v1.2.1/nerdctl-1.2.1-linux-amd64.tar.gz# 解压
$ tar Cxzvf /usr/local/bin/ nerdctl-1.2.1-linux-amd64.tar.gz
部署 BuildKit
下载解压
# 下载
$ wget https://github.com/moby/buildkit/releases/download/v0.11.5/buildkit-v0.11.5.linux-amd64.tar.gz# 解压
$ tar -zxvf buildkit-v0.11.5.linux-amd64.tar.gz -C /usr/local#
$ ll /usr/local/bin/build*
-rwxr-xr-x 1 root root 27080076 Oct 21 2015 /usr/local/bin/buildctl
-rwxr-xr-x 1 root root 52016425 Oct 21 2015 /usr/local/bin/buildkitd
-rwxr-xr-x 1 root root 8688768 Oct 21 2015 /usr/local/bin/buildkit-qemu-aarch64
-rwxr-xr-x 1 root root 6836824 Oct 21 2015 /usr/local/bin/buildkit-qemu-arm
-rwxr-xr-x 1 root root 5855872 Oct 21 2015 /usr/local/bin/buildkit-qemu-i386
-rwxr-xr-x 1 root root 6237008 Oct 21 2015 /usr/local/bin/buildkit-qemu-mips64
-rwxr-xr-x 1 root root 6228848 Oct 21 2015 /usr/local/bin/buildkit-qemu-mips64el
-rwxr-xr-x 1 root root 6622056 Oct 21 2015 /usr/local/bin/buildkit-qemu-ppc64le
-rwxr-xr-x 1 root root 6633120 Oct 21 2015 /usr/local/bin/buildkit-qemu-riscv64
-rwxr-xr-x 1 root root 5805792 Oct 21 2015 /usr/local/bin/buildkit-qemu-s390x
-rwxr-xr-x 1 root root 13243136 Oct 21 2015 /usr/local/bin/buildkit-runc
配置 socket 文件
参考官方 github 中的 example:buildkit/buildkit.socket at master · moby/buildkit (github.com)
$ vim /lib/systemd/system/buildkit.socket
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit[Socket]
ListenStream=%t/buildkit/buildkitd.sock
SocketMode=0660[Install]
WantedBy=sockets.target
配置 service 文件
参考官方 github 中的 example:buildkit/buildkit.service at master · moby/buildkit (github.com)
buildkitd 支持的选项可以通过 buildkitd --help 命令获取
$ vim /lib/systemd/system/buildkit.service
[Unit]
Description=BuildKit
Requires=buildkit.socket
After=buildkit.socket
Documentation=https://github.com/moby/buildkit[Service]
Type=notify
ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true[Install]
WantedBy=multi-user.target
启动 buildkitd
$ systemctl daemon-reload
$ systemctl enable --now buildkit# 检查 buildkit 状态
$ systemctl status buildkit
配置
buildkitd 配置
默认配置文件为:/etc/buildkit/buildkitd.toml,配置详情可以参考:buildkit/buildkitd.toml.md。本文仅使用最简单的功能,不进行配置
nerdctl 配置证书
仓库证书配置参考:nerdctl/registry.md
其余配置可以参考:nerdctl/config.md‘
复制证书
$ mkdir -p /etc/containerd/certs.d/harbor.skynemo.cn/$ scp 192.168.111.171:/etc/pki/tls/ca.crt /etc/containerd/certs.d/harbor.skynemo.cn/
在 nerdctl 配置 CA 证书
$ mkdir -p /etc/containerd/certs.d/harbor.skynemo.cn/$ vim /etc/containerd/certs.d/harbor.skynemo.cn/hosts.toml# An example of ~/.config/containerd/certs.d/harbor.skynemo.cn/hosts.toml
# (The path is "/etc/containerd/certs.d/harbor.skynemo.cn/hosts.toml" for rootful)server = "https://harbor.skynemo.cn"
[host."https://harbor.skynemo.cn"]ca = "/etc/containerd/certs.d/harbor.skynemo.cn/ca.crt"
配置 hosts 解析
$ echo "192.168.111.171 harbor.skynemo.cn" > /etc/hosts
登录 harbor
$ nerdctl login harbor.skynemo.cn -u'admin' -p'Harbor12345'
WARN[0000] WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING: Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
示例 - 使用 nerdctl 和 BuildKit 构建镜像
创建测试 Dockerfile
$ mkdir -p ./demo && cd ./demo # 测试部署前端项目 https://github.com/lin-xin/vue-manage-system.git
$ vim Dockerfile
# 一阶段:git 下载项目
FROM bitnami/git:latest as gitMAINTAINER nemo "sky.nemo@outlook.com"WORKDIR "/"RUN ["git", "clone", "https://github.com/lin-xin/vue-manage-system.git"]# 二阶段:nodejs 生成静态文件
FROM node:16.20.0-bullseye-slim as nodeMAINTAINER nemo "sky.nemo@outlook.com"WORKDIR "/"COPY --from=git /vue-manage-system /vue-manage-systemWORKDIR /vue-manage-systemRUN npm install && \npm run build# 三阶段:部署静态文件到 nginx
FROM nginx:1.22.1MAINTAINER nemo "sky.nemo@outlook.com"WORKDIR "/usr/share/nginx/html"COPY --from=node /vue-manage-system/dist/ ./构建镜像
# 构建。因为 Dockerfile 中有 git clone,每次下载的代码可能不一样,不使用缓存
$ nerdctl build --no-cache -t harbor.skynemo.cn/demo/vue-manage-system:latest .# 查看镜像
$ nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
harbor.skynemo.cn/demo/vue-manage-system latest 96ef3d9308f5 9 seconds ago linux/amd64 149.4 MiB 55.1 MiB
上传镜像
$ nerdctl push harbor.skynemo.cn/demo/vue-manage-system:latest
INFO[0000] pushing as a reduced-platform image (application/vnd.docker.distribution.manifest.v2+json, sha256:96ef3d9308f5f5512bab05e8f45fc914c3bc399cd30676eef85e2218fd348e13)
manifest-sha256:96ef3d9308f5f5512bab05e8f45fc914c3bc399cd30676eef85e2218fd348e13: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:c11fdfdaac920690f3f251d7a64ae40c65b2319ec885a5ed264b25a4a469005b: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 1.2 s total: 9.8 Ki (8.2 KiB/s)
harbor 查看镜像
运行容器
# 先删除本地镜像以测试下载镜像
$ nerdctl rmi harbor.skynemo.cn/demo/vue-manage-system:latest# 下载镜像
$ nerdctl pull harbor.skynemo.cn/demo/vue-manage-system:latest# 运行容器,注:需要本地有 cni 插件
$ nerdctl run --rm -p 9999:80 harbor.skynemo.cn/demo/vue-manage-system:latest
访问检查运行情况
$ curl 192.168.111.184:9999
<!DOCTYPE html>
<html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1.0"><title>vue-manage-system</title><link rel="stylesheet" href="https://at.alicdn.com/t/font_830376_qzecyukz0s.css"><script type="module" crossorigin src="./assets/index.ead66cac.js"></script><link rel="stylesheet" href="./assets/index.cd89bea1.css">
</head><body><noscript><strong>We're sorry but <%= htmlWebpackPlugin.options.title %> doesn't work properly without JavaScript enabled.Please enable it to continue.</strong></noscript><div id="app"></div><!-- built files will be auto injected -->
</body></html>
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!