kaniko
參考:
https://github.com/GoogleContainerTools/kaniko/blob/master/docs/tutorial.md
kaniko 是 Google 開源的一個工具,旨在幫助開發人員從容器或 Kubernetes 集羣內的 Dockerfile 構建容器鏡像。
示例
創建示例dockerfile
mkdir -p /data/kaniko && cd /data/kaniko
cat > Dockerfile <<EOF
FROM ubuntu
ENTRYPOINT ["/bin/bash", "-c", "echo hello"]
EOF
容器方式運行
docker run --name kaniko \
-v $HOME/.docker/:/kaniko/.docker \
-v /data/kaniko:/workspace \
gcr.azk8s.cn/kaniko-project/executor:latest \
--dockerfile /workspace/Dockerfile \
--destination willdockerhub/ubuntu:test \
--context dir:///workspace/
運行完成後上傳到dockerhub,默認鏡像不會保存在本地。
注意:認證信息需要掛載-v $HOME/.docker/:/kaniko/.docker
kubernetes中運行
創建secret
kubectl create secret docker-registry regcred \
--docker-server=<your-registry-server> \
--docker-username=<your-name> \
--docker-password=<your-pword> \
--docker-email=<your-email>
創建yaml文件
cat > kaniko-pod.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
name: kaniko
spec:
containers:
- name: kaniko
image: gcr.azk8s.cn/kaniko-project/executor:latest
args: ["--dockerfile=/workspace/Dockerfile",
"--context=dir://workspace",
"--destination=willdockerhub/ubuntu:test"] # replace with your dockerhub account
volumeMounts:
- name: kaniko-secret
mountPath: /kaniko/.docker
- name: dockerfile-storage
mountPath: /workspace
restartPolicy: Never
volumes:
- name: kaniko-secret
secret:
secretName: regcred
items:
- key: .dockerconfigjson
path: config.json
- name: dockerfile-storage
hostPath:
path: /data/kaniko/
type: Directory
EOF