使用 kaniko 在 K8S 中构建镜像
背景
现有个需求需要在 K8S 中构建一个新的镜像,之前使用 docker 命令进行构建,后面 K8S 升级,容器运行时换成了 containerd,故查了一下网络,发现 kaniko 比较好用。所以测试记录一下~
项目地址:https://github.com/GoogleContainerTools/kaniko
测试例子一:
mkdir -p /data/yaml/default/kaniko && cd /data/yaml/default/kaniko
# 创建 secret 资源,用于上传镜像
kubectl create secret docker-registry devharbor --docker-server=devharbor.klvchen.com \
--docker-username=admin \
--docker-password=Harbor12345 \
--docker-email=chenwj@klvchen.com
# 创建 pod 资源
cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: kaniko
spec:
initContainers:
- name: init-dockerfile
image: busybox
command:
- /bin/sh
args:
- -c
- |
cat <<EOF > /workspace/dockerfile
FROM busybox
CMD while :;do echo $(date);sleep 1 ;done
EOF
cat /workspace/dockerfile
volumeMounts:
- name: dockerfile-storage
mountPath: /workspace
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args: ["--dockerfile=/workspace/dockerfile",
"--context=dir:///workspace",
"--destination=devharbor.klvchen.com/tmp/mytest:v0.1"]
volumeMounts:
- name: kaniko-secret
mountPath: /kaniko/.docker
- name: dockerfile-storage
mountPath: /workspace
restartPolicy: Never
volumes:
- name: kaniko-secret
secret:
secretName: devharbor
items:
- key: .dockerconfigjson
path: config.json
- name: dockerfile-storage
emptyDir: {}
kubectl apply -f pod.yaml
# 说明:
# 通过 initContainers 在 dockerfile-storage 中创建一个 dockerfile 与 containers 中进行共享
# --dockerfile=/workspace/dockerfile 用于指定 dockerfile 位置
# --context=dir:///workspace 用于指定上下文位置,注意这里是 ///
# --destination=devharbor.klvchen.com/tmp/mytest:v0.1 用于指定上传镜像仓库的地址
构建完成后变成 Completed 状态
检查镜像仓库
测试例子二:
cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: kaniko
spec:
initContainers:
- name: init-dockerfile
image: busybox
command:
- /bin/sh
args:
- -c
- |
cat <<EOF > /workspace/requirements.txt
fastapi==0.95.2
orjson==3.9.1
pydantic==1.10.8
SQLAlchemy==2.0.15
starlette==0.27.0
uvicorn==0.22.0
pymysql==1.0.3
asgiref==3.7.2
gurobipy==10.0.3
EOF
cat <<EOF > /workspace/dockerfile
FROM continuumio/miniconda3:23.3.1-0
WORKDIR /app_alg/
COPY ./requirements.txt /app_alg/
RUN pip install -r /app_alg/requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
EXPOSE 8000
ENTRYPOINT [ "python", "main.py" ]
EOF
volumeMounts:
- name: dockerfile-storage
mountPath: /workspace
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args: ["--dockerfile=/workspace/dockerfile",
"--context=dir:///workspace",
"--destination=devharbor.klvchen.com/tmp/mytest:v0.4"]
volumeMounts:
- name: kaniko-secret
mountPath: /kaniko/.docker
- name: dockerfile-storage
mountPath: /workspace
restartPolicy: Never
volumes:
- name: kaniko-secret
secret:
secretName: devharbor
items:
- key: .dockerconfigjson
path: config.json
- name: dockerfile-storage
emptyDir: {}
kubectl apply -f pod.yaml
等等完成后可以看到镜像已经上传成功
因国内无法访问到 gcr.io/kaniko-project/executor:latest 所以做了一个共享,有需要的人可以下载
链接:https://pan.baidu.com/s/1vkzTY7sSc4pVlYdmpvjezA?pwd=z3wp
提取码:z3wp
其他用法参考项目地址