前提
随着K8S的火爆,K8S渐渐抛弃了docker容器,采用了Containerd容器,这就导致安装K8S的话一般就没有docker命令了,以及在流水线编译镜像时,也依赖宿主机的docker环境,因此才研究了下除了使用docker环境编译镜像,还能使用其他那几种方式编译镜像。
DinD(docker in docker)
未实践 使用 DinD 作为 Pod 的 Sidecar
未实践 使用 DaemonSet 在每个 containerd 节点上部署 Docker
改方式使用的是docker pull docker镜像的方式,常用使用方式如下
1
2
3
4
5
6
7
8
9
10
11
12
13
|
$ docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
docker:latest sh
/
$ docker network create some some-network
$ docker run -it --rm --network some-network \
-e DOCKER_TLS_CERTDIR=/certs \
-v some-docker-certs-client:/certs/client:ro \
docker:latest sh
/
|
属于工具软件,主要安装在Linux, macOS, and Windows环境,安装命令brew install buildkit,如果在编译的容器(例如gitlab runner的容器、jenkins的容器)里面安装,应该也可以有很好的适应性,但是还未实验。
测试使用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
➜ ~ docker run -it --entrypoint=/busybox/sh gcr.lank8s.cn/kaniko-project/executor:debug
/workspace
/workspace
FROM nginx:alpine
/workspace
/workspace
{
"auths":{
"http://harbor.xxxtech.dev/v2/":{
"username":"harbor",
"password":"harbor123"
}
}
}
/workspace
INFO[0000] Retrieving image manifest nginx:alpine
INFO[0000] Retrieving image nginx:alpine from registry index.docker.io
INFO[0004] Built cross stage deps: map[]
INFO[0004] Retrieving image manifest nginx:alpine
INFO[0004] Returning cached image manifest
INFO[0004] Executing 0 build triggers
INFO[0004] Building stage 'nginx:alpine' [idx: '0', base-idx: '-1']
INFO[0004] Skipping unpacking as no commands require it.
INFO[0004] Pushing image to harbor.exxktech.dev/test/aa:latest
INFO[0008] Pushed harbor.xxxtech.dev/test/aa@sha256:c20d8bd7e80b5ffa16019254427e3215b61b730db61a78c7b7b6be8d00acdded
➜ ~ docker run -p 8080:80 -d harbor.xxxtech.dev/test/aa:latest
Unable to find image 'harbor.xxxtech.dev/test/aa:latest' locally
latest: Pulling from test/aa
7264a8db6415: Pull complete
518c62654cf0: Pull complete
d8c801465ddf: Pull complete
ac28ec6b1e86: Pull complete
eb8fb38efa48: Pull complete
e92e38a9a0eb: Pull complete
58663ac43ae7: Pull complete
2f545e207252: Pull complete
Digest: sha256:c20d8bd7e80b5ffa16019254427e3215b61b730db61a78c7b7b6be8d00acdded
Status: Downloaded newer image for harbor.xxxtech.dev/test/aa:latest
3c2e345f52b4a06f9d4d57dcbb95b95876552d6d122536828123e66099c8310d
|
gitlab runner使用(还未实践)
使用 kaniko 构建 Docker 镜像
在pom.xml文件添加jib插件,然后使用mvn package -f pom.xml进行打包,就会自动上传到harbor仓库了
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
| <build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<version>3.4.0</version>
<configuration>
<from>
<image>harbor.exxktech.dev/base/java8:1.0.0</image>
<auth>
<username>zhangsan</username>
<password>Harbor123</password>
</auth>
</from>
<to>
<image>harbor.exxktech.dev/test/frts-business</image>
<tags>
<tag>1.4</tag>
</tags>
<auth>
<username>zhangsan</username>
<password>Harbor123</password>
</auth>
</to>
<allowInsecureRegistries>true</allowInsecureRegistries>
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>build</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
|
因为harbor仓库不是https,因此执行mvn命令时,还需加上jvm参数-DsendCredentialsOverHttp=true,linux可以通过mvn -DsendCredentialsOverHttp=true package进行打包。
常见问题
出现如下错误
{"errors":[{"code":"PRECONDITION","message":"Failed to process request due to 'xxx-business:latest' configured as immutable."}]}
分析:因为harbor设置了immutable,在harbor上面删除带immutable的tag就会提示the tag latest configured as immutable, cannot be deleted该错误。
解决:在harbor管理界面,点击项目->Policy->TAG IMMUTABILITY->Immutability rules,然后删除相关规则
参考:镜像构建