melange+ apko 基于的alpine docker 镜像集成玩法

主要是一个集成,同时可以提供方便的alpine apk 包管理以及维护

参考集成

 

 


备注:以上中使用git 进行配置管理,使用melange 进行apk 包的构建,同时可以结合s3 将数据存储到s3中,如果构建基于alpine 镜像的可以直接使用构建的私服,同时
也可以结合apko 进行oci 镜像构建,也比较高效方便

参考使用

  • apk 构建 yaml 定义
 
package:
  name: hello
  version: 2.12
  description: "the GNU hello world program"
  copyright:
    - paths:
      - "*"
      attestation: |
        Copyright 1992, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2005,
        2006, 2007, 2008, 2010, 2011, 2013, 2014, 2022 Free Software Foundation,
        Inc.
      license: GPL-3.0-or-later
  dependencies:
    runtime:
 
environment:
  contents:
    repositories:
      - https://mirrors.aliyun.com/alpine/edge/main
    packages:
      - alpine-baselayout-data
      - busybox
      - build-base
      - scanelf
      - ssl_client
      - ca-certificates-bundle
 
pipeline:
  - uses: fetch
    with:
      uri: https://ftp.gnu.org/gnu/hello/hello-${{package.version}}.tar.gz
      expected-sha256: cf04af86dc085268c5f4470fbae49b18afbc221b78096aab842d934a76bad0ab
  - uses: autoconf/configure
  - uses: autoconf/make
  - uses: autoconf/make-install
  - uses: strip
  • apko yaml 定义
contents:
  repositories:
    - https://mirrors.aliyun.com/alpine/edge/main
    - /work/packages
  packages:
    - alpine-base
    - curl
    - tree 
    - tzdata
    - hello
 
entrypoint:
  command: /bin/sh -l
 
paths:
  - path: /etc/localtime
    type: symlink
    source: /usr/share/zoneinfo/Asia/Shanghai
 
# optional environment configuration
environment:
  PATH: /usr/sbin:/sbin:/usr/bin:/bin
 
archs:
 - amd64
  • 生成证书
docker run --rm -v "${PWD}":/work cgr.dev/chainguard/melange keygen
  • 构建apk
docker run --rm --privileged -v "${PWD}":/work \
    cgr.dev/chainguard/melange build demo.yaml \
    --arch amd64 \
    --signing-key melange.rsa
  • 构建镜像
docker run --rm -v "${PWD}":/work \
    cgr.dev/chainguard/apko build --debug app-base.yaml \
    dalongdemoapp:v1  dalongdemoapp.tar -k melange.rsa.pub \
    --arch amd64
  • 效果

 

 

  • 加载运行效果
 docker load < dalongdemoapp.tar     
 docker run -it dalongdemoapp:v1-amd64

效果

 

 

说明

基于melange+apko 对于构建基于alpine apk 的容器镜像是一个不错的选择

参考资料

https://docs.sigstore.dev/cosign/sign/
https://github.com/rongfengliang/melange_apko_learning
https://github.com/chainguard-dev/apko
https://github.com/chainguard-dev/melange

posted on 2023-04-14 09:26  荣锋亮  阅读(69)  评论(1编辑  收藏  举报

导航