一、准备环境
1.安装go语言环境
参考golang官网安装手册
https://golang.google.cn/doc/install
Tip:版本根据自己需求选择,如果只想做一个镜像构建环境,可选最新的几个版本
安装完成后可查看go环境
[root@test bin]# go version
go version go1.21.5 linux/amd64
[root@test bin]# go env
GO111MODULE='on'
GOARCH='amd64'
GOBIN=''
GOCACHE='/root/.cache/go-build'
GOENV='/root/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/root/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/root/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/opt/mx/go/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/opt/mx/go/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.5'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build269155754=/tmp/go-build -gno-record-gcc-switches'
2.安装服务
2.1nerdctl、buildkit、containerd安装
根据官网提示,如果有containerd的环境可以选择最小化安装,此次实验是从零搭建,选择全量安装
URL:https://github.com/containerd/nerdctl/releases
根据架构选择安装包
解压
[root@test go]# tar zxf nerdctl-full-1.7.1-linux-amd64.tar.gz
[root@test go]# ls
cni-plugins-linux-amd64-v1.4.0.tgz go go1.21.5.linux-amd64.tar.gz images nerdctl nerdctl-full-1.7.1-linux-amd64.tar.gz
拷贝启动命令到/usr/local/bin下
[root@test go]# cp nerdctl/bin/* /usr/local/bin/
将启动配置拷到/usr/lib/systemd/system下
[root@test system]# pwd
/opt/mx/go/nerdctl/lib/systemd/system
[root@test system]# ls
buildkit.service containerd.service stargz-snapshotter.service
[root@test system]# cp buildkit.service containerd.service /usr/lib/systemd/system/
添加buildkitd.toml配置,这一步需要做,不然无法选择本地镜像作为基础镜像去构建其他镜像
[root@test system]# mkdir /etc/buildkit
[root@test system]# vim /etc/buildkit/buildkitd.toml
[worker.oci]
enabled = false
[worker.containerd]
enabled = true
namespace = "default"
Reference:https://github.com/containerd/nerdctl/blob/main/docs/build.md
2.2准备网络插件
[root@test cni]# ls
bandwidth bridge dhcp dummy firewall host-device host-local ipvlan loopback macvlan portmap ptp sbr static tap tuning vlan vrf
[root@test cni]# pwd
/opt/mx/go/nerdctl/libexec/cni
[root@test cni]# cp bridge /usr/local/bin/
2.3启动服务
[root@test cni]# systemctl enable buildkit
[root@test cni]# systemctl enable containerd
[root@test cni]# systemctl start buildkit
[root@test cni]# systemctl start containerd
二、构建镜像测试
1.Base镜像构建
准备dockerfile
[root@test SystemBase]# pwd
/opt/mx/go/images/SystemBase
[root@test SystemBase]# ls
Dockerfile
[root@test SystemBase]# cat Dockerfile
FROM centos:centos7.9.2009
LABEL maintainer="OPS_MX"
RUN yum -y install wget && rm -f /etc/yum.repos.d/* && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo \
&& wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo \
&& yum -y install vim-enhanced tcpdump lrzsz tree telnet bash-completion net-tools wget bzip2 lsof zip unzip nfs-utils gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel zlib-devel \
&& yum clean all \
&& rm -f /etc/localtime \
&& ln -s ../usr/share/zoneinfo/Asia/Shanghai /etc/localtime
开始构建
[root@test SystemBase]# nerdctl build -t centos7-base:v1 .
[+] Building 168.6s (6/6) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 644B 0.0s
=> [internal] load metadata for docker.io/library/centos:centos7.9.2009 1.8s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/2] FROM docker.io/library/centos:centos7.9.2009@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4 0.0s
=> => resolve docker.io/library/centos:centos7.9.2009@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4 0.0s
=> [2/2] RUN yum -y install wget && rm -f /etc/yum.repos.d/* && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo && wget -P /etc/yum.repos.d/ http://mir 151.1s
=> exporting to image 15.3s
=> => exporting layers 12.2s
=> => exporting manifest sha256:6f5f338e136173a89909ccbc499004a2481e84eec6118817895fa7976db44adf 0.0s
=> => exporting config sha256:1659e896af88b4f6b2937bdc1c8f1ab377b1df69335ce6203a9ebbf0273f481a 0.0s
=> => naming to docker.io/library/centos7-base:v1 0.0s
=> => unpacking to docker.io/library/centos7-base:v1
查看
[root@test SystemBase]# nerdctl image ls
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
centos7-base v1 6f5f338e1361 56 seconds ago linux/amd64 454.8 MiB 154.3 MiB
centos centos7.9.2009 be65f488b776 2 weeks ago linux/amd64 214.8 MiB 72.6 MiB
nginx latest c26ae7472d62 2 weeks ago linux/amd64 191.9 MiB 67.3 MiB
2.构建应用镜像
准备dockerfile
[root@test Apply]# pwd
/opt/mx/go/images/Apply
[root@test Apply]# ls
Dockerfile nginx-1.16.1.tar.gz
[root@test Apply]# cat Dockerfile
FROM centos7-base:v1
MAINTAINER OPS_MX
ENV NGINX_VERSION 1.16.1
ENV BUILD_TOOLS gcc pcre-devel openssl-devel make
ADD nginx-${NGINX_VERSION}.tar.gz /opt
RUN mkdir -p /opt/web_app/nginx-${NGINX_VERSION} \
&& useradd nginx && yum -y install ${BUILD_TOOLS} && cd /opt/nginx-${NGINX_VERSION} \
&& ./configure --user=nginx --group=nginx --with-http_ssl_module \
--prefix=/opt/web_app/nginx-${NGINX_VERSION} \
--sbin-path=/opt/web_app/nginx-${NGINX_VERSION}/sbin/nginx \
--conf-path=/opt/web_app/nginx-${NGINX_VERSION}/conf/nginx.conf \
--http-log-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/access.log \
--error-log-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/error.log \
--pid-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/nginx.pid \
--lock-path=/opt/web_app/nginx-${NGINX_VERSION}/lock/subsys/nginx \
--with-http_stub_status_module && make && make install \
&& rm -rf /opt/nginx-${NGINX_VERSION} \
&& yum clean all
WORKDIR /opt/web_app/nginx-${NGINX_VERSION}
EXPOSE 80 443
RUN ln -sf /dev/stdout /opt/web_app/nginx-${NGINX_VERSION}/logs/access.log \
&& ln -sf /dev/stderr /opt/web_app/nginx-${NGINX_VERSION}/logs/error.log
CMD echo `ifconfig eth0 | awk 'NR==2{print $2}'` > /opt/web_app/nginx-1.16.1/html/index.html && /opt/web_app/nginx-1.16.1/sbin/nginx -g 'daemon off;'
Tip:nginx-1.16.1.tar.gz 需要提前下载
开始构建
[root@test Apply]# nerdctl build -t nginx-1.16.1:v1 .
[+] Building 52.2s (10/10) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 1.50kB 0.0s
=> [internal] load metadata for docker.io/library/centos7-base:v1 2.5s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 42B 0.0s
=> [1/5] FROM docker.io/library/centos7-base:v1@sha256:6f5f338e136173a89909ccbc499004a2481e84eec6118817895fa7976db44adf 1.6s
=> => resolve docker.io/library/centos7-base:v1@sha256:6f5f338e136173a89909ccbc499004a2481e84eec6118817895fa7976db44adf 1.5s
=> [2/5] ADD nginx-1.16.1.tar.gz /opt 0.3s
=> [3/5] RUN mkdir -p /opt/web_app/nginx-1.16.1 && useradd nginx && yum -y install gcc pcre-devel openssl-devel make && cd /opt/nginx-1.16.1 && ./configure --user= 46.4s
=> [4/5] WORKDIR /opt/web_app/nginx-1.16.1 0.1s
=> [5/5] RUN echo "daemon off;" >> /opt/web_app/nginx-1.16.1/nginx.conf && ln -sf /dev/stdout /opt/web_app/nginx-1.16.1/logs/access.log && ln -sf /dev/stderr /opt/w 0.2s
=> exporting to image 0.9s
=> => exporting layers 0.6s
=> => exporting manifest sha256:12be16c071b25a5ac57e1dd60863796c1b6919b43c62658587947a2f2a708538 0.0s
=> => exporting config sha256:9d29c74b942dde40f1fcbe7ae44f066e142dfbdc72b2b76d6b14558ea0383b3a 0.0s
=> => naming to docker.io/library/nginx-1.16.1:v1 0.0s
=> => unpacking to docker.io/library/nginx-1.16.1:v1
查看
[root@test Apply]# nerdctl image ls
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
centos7-base v1 6f5f338e1361 4 minutes ago linux/amd64 454.8 MiB 154.3 MiB
centos centos7.9.2009 be65f488b776 2 weeks ago linux/amd64 214.8 MiB 72.6 MiB
nginx-1.16.1 v1 12be16c071b2 24 seconds ago linux/amd64 469.7 MiB 158.3 MiB
nginx latest c26ae7472d62 2 weeks ago linux/amd64 191.9 MiB 67.3 MiB
3.测试
启动测试容器
[root@test Apply]# nerdctl run -d --name nginx -p 80:80 nginx-1.16.1:v1
6ea297093a1298e594c84bafce5d19dd574cd09c93e56bfa2b3638939004da40
[root@test Apply]# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6ea297093a12 docker.io/library/nginx-1.16.1:v1 "/bin/sh -c echo `if…" 15 seconds ago Up 0.0.0.0:80->80/tcp nginx
[root@iZbp187tvtln33l6u05tq6Z Apply]# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6ea297093a12 docker.io/library/nginx-1.16.1:v1 "/bin/sh -c echo `if…" 15 seconds ago Up 0.0.0.0:80->80/tcp nginx
访问测试
[root@test Apply]# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6ea297093a12 docker.io/library/nginx-1.16.1:v1 "/bin/sh -c echo `if…" 2 minutes ago Up 0.0.0.0:80->80/tcp nginx
[root@test Apply]# nerdctl exec -it 6ea297093a12 -- /bin/bash
[root@6ea297093a12 nginx-1.16.1]# curl 127.0.0.1
10.4.0.3
[root@6ea297093a12 nginx-1.16.1]# pwd
/opt/web_app/nginx-1.16.1
[root@6ea297093a12 nginx-1.16.1]# ls
client_body_temp conf fastcgi_temp html logs nginx.conf proxy_temp sbin scgi_temp uwsgi_temp
[root@6ea297093a12 nginx-1.16.1]# exit
exit
[root@iZbp187tvtln33l6u05tq6Z Apply]# curl 127.0.0.1
10.4.0.3