Kaniko项目最初于2018年由谷歌提出。Kaniko的创建之初是寻求在执行容器镜像构建时消除对特权账户的依赖。无特权的容器镜像构建是注重安全性的公司最需要的功能之一。这与在Kubernetes集群中构建容器镜像类似。
在了解如何使用Kaniko构建镜像之前,我们先了解一下几种构建镜像的方式。
docker构建镜像
docker build -t your_registry/your_repository:tag
然后用 docker push 将镜像推送到镜像仓库。
docker push your_registry/your_repository:tag
容器内构建镜像
docker run -it -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/kaniko:/tmp/kaniko docker
- 挂载宿主机的socket文件到容器内部,然后在容器内部用 docker build 构建镜像
$ docker build -t dllhb/kaniko-test:v0.1 .
Sending build context to Docker daemon 5.632kB
Step 1/4 : FROM alpine:latest
latest: Pulling from library/alpine
89d9c30c1d48: Already exists
Digest: sha256:c19173c5ada610a5989151111163d28a67368362762534d8a8121ce95cf2bd5a
Status: Downloaded newer image for alpine:latest
---> 965ea09ff2eb
Step 2/4 : MAINTAINER <[email protected] xiaomage>
---> Running in 8a2b1dc13d6b
Removing intermediate container 8a2b1dc13d6b
---> bd535532278d
Step 3/4 : RUN apk add busybox-extras curl
---> Running in fc254ad3d088
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
(1/5) Installing busybox-extras (1.30.1-r3)
Executing busybox-extras-1.30.1-r3.post-install
(2/5) Installing ca-certificates (20190108-r0)
(3/5) Installing nghttp2-libs (1.39.2-r0)