入门教程
本教程适用于想要开始使用 kaniko 的初学者,旨在建立一个快速入门的测试例子。
前提(Prerequisities)
- kubernetes(k8s)
- dockerhub账户,用于push创建的public镜像
准备Dockerfile
SSH进入k8s集群,并创建一个本地目录,该目录将被挂载到kaniko容器作为构建环境。在那里创建一个简单的dockerfile。
$ mkdir kaniko && cd kaniko
$ echo 'FROM ubuntu' >> dockerfile
$ echo 'ENTRYPOINT ["/bin/bash", "-c", "echo hello"]' >> dockerfile
$ cat dockerfile
FROM ubuntu
ENTRYPOINT ["/bin/bash", "-c", "echo hello"]
$ pwd
/home/<user-name>/kaniko # 将此路径复制到 volume.yaml 文件中
注意:
volume.yaml中的hostPath需要替换为你创建的本地目录。
volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: dockerfile
labels:
type: local
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: local-storage
hostPath:
path: <local-directory> # 替换你的本地目录
volume-claim.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: dockerfile-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
storageClassName: local-storage
© 2022 GitHub, Inc.
Terms
Privacy
pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: kaniko
spec:
containers:
- name: kaniko
image: kubebiz/kaniko:executor-v1.9.1
args: ["--dockerfile=/workspace/dockerfile",
"--context=dir://workspace",
"--destination=<user-name>/<repo>"] # 你的dockerhub账户
volumeMounts:
- name: kaniko-secret
mountPath: /kaniko/.docker
- name: dockerfile-storage
mountPath: /workspace
restartPolicy: Never
volumes:
- name: kaniko-secret
secret:
secretName: regcred
items:
- key: .dockerconfigjson
path: config.json
- name: dockerfile-storage
persistentVolumeClaim:
claimName: dockerfile-claim
创建一个包含你的授权token的Secret
Kubernetes集群使用docker-registry类型的Secret来验证docker registry,用于推送镜像。
此 Secret,将其命名为 regcred:
kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
<your-registry-server>是你的私有 Docker Registry FQDN。<your-name>是你的 Docker 用户名。<your-pword>是你的 Docker 密码。<your-email>是你的 Docker 电子邮件。
这个 secret 将在 pod.yaml 配置中使用。
在 Kubernetes 中创建资源
# 创建持久卷
$ kubectl create -f volume.yaml
persistentvolume/dockerfile created
# 创建持久卷声明
$ kubectl create -f volume-claim.yaml
persistentvolumeclaim/dockerfile-claim created
# 检查卷是否正确安装
$ kubectl get pv dockerfile
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
dockerfile 10Gi RWO Retain Bound default/dockerfile-claim local-storage 1m
# 创建pod
$ kubectl create -f pod.yaml
pod/kaniko created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
kaniko 0/1 ContainerCreating 0 7s
# 检查构建是否完成并显示构建日志
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
kaniko 0/1 Completed 0 34s
$ kubectl logs kaniko
➜ kubectl logs kaniko
INFO[0000] Resolved base name ubuntu to ubuntu
INFO[0000] Resolved base name ubuntu to ubuntu
INFO[0000] Downloading base image ubuntu
INFO[0000] Error while retrieving image from cache: getting file info: stat /cache/sha256:1bbdea4846231d91cce6c7ff3907d26fca444fd6b7e3c282b90c7fe4251f9f86: no such file or directory
INFO[0000] Downloading base image ubuntu
INFO[0001] Built cross stage deps: map[]
INFO[0001] Downloading base image ubuntu
INFO[0001] Error while retrieving image from cache: getting file info: stat /cache/sha256:1bbdea4846231d91cce6c7ff3907d26fca444fd6b7e3c282b90c7fe4251f9f86: no such file or directory
INFO[0001] Downloading base image ubuntu
INFO[0001] Skipping unpacking as no commands require it.
INFO[0001] Taking snapshot of full filesystem...
INFO[0001] ENTRYPOINT ["/bin/bash", "-c", "echo hello"]
注意:
pod.yaml中的destination需要替换为你自己的。
拉取镜像并测试
如果符合预期,kaniko 将成功构建镜像并推送到 dockerhub。 拉取镜像到本地运行测试:
$ sudo docker run -it <user-name>/<repo-name>
Unable to find image 'debuggy/helloworld:latest' locally
latest: Pulling from debuggy/helloworld
5667fdb72017: Pull complete
d83811f270d5: Pull complete
ee671aafb583: Pull complete
7fc152dfb3a6: Pull complete
Digest: sha256:2707d17754ea99ce0cf15d84a7282ae746a44ff90928c2064755ee3b35c1057b
Status: Downloaded newer image for debuggy/helloworld:latest
hello
祝贺你! 你已经成功通过了hello world,更多细节请继续下一节。
