kaniko
参考:
https://github.com/GoogleContainerTools/kaniko/blob/master/docs/tutorial.md
kaniko 是 Google 开源的一个工具,旨在帮助开发人员从容器或 Kubernetes 集群内的 Dockerfile 构建容器镜像。
示例
创建示例dockerfile
mkdir -p /data/kaniko && cd /data/kaniko
cat > Dockerfile <<EOF
FROM ubuntu
ENTRYPOINT ["/bin/bash", "-c", "echo hello"]
EOF
容器方式运行
docker run --name kaniko \
-v $HOME/.docker/:/kaniko/.docker \
-v /data/kaniko:/workspace \
gcr.azk8s.cn/kaniko-project/executor:latest \
--dockerfile /workspace/Dockerfile \
--destination willdockerhub/ubuntu:test \
--context dir:///workspace/
运行完成后上传到dockerhub,默认镜像不会保存在本地。
注意:认证信息需要挂载-v $HOME/.docker/:/kaniko/.docker
kubernetes中运行
创建secret
kubectl create secret docker-registry regcred \
--docker-server=<your-registry-server> \
--docker-username=<your-name> \
--docker-password=<your-pword> \
--docker-email=<your-email>
创建yaml文件
cat > kaniko-pod.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
name: kaniko
spec:
containers:
- name: kaniko
image: gcr.azk8s.cn/kaniko-project/executor:latest
args: ["--dockerfile=/workspace/Dockerfile",
"--context=dir://workspace",
"--destination=willdockerhub/ubuntu:test"] # replace with your dockerhub account
volumeMounts:
- name: kaniko-secret
mountPath: /kaniko/.docker
- name: dockerfile-storage
mountPath: /workspace
restartPolicy: Never
volumes:
- name: kaniko-secret
secret:
secretName: regcred
items:
- key: .dockerconfigjson
path: config.json
- name: dockerfile-storage
hostPath:
path: /data/kaniko/
type: Directory
EOF