Containerd镜像构建

风向决定发型丶

已于 2024-05-06 17:32:34 修改

阅读量581

点赞数 3

分类专栏： kubernetes 文章标签：容器 kubernetes docker 运维

于 2024-03-11 18:17:48 首次发布

本文链接：https://blog.csdn.net/weixin_43866248/article/details/136629632

版权

kubernetes 专栏收录该内容

14 篇文章 1 订阅

订阅专栏

一、准备环境

1.安装go语言环境

参考golang官网安装手册
https://golang.google.cn/doc/install

Tip：版本根据自己需求选择，如果只想做一个镜像构建环境，可选最新的几个版本

安装完成后可查看go环境

[root@test bin]# go version
go version go1.21.5 linux/amd64
[root@test bin]# go env
GO111MODULE='on'
GOARCH='amd64'
GOBIN=''
GOCACHE='/root/.cache/go-build'
GOENV='/root/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/root/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/root/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/opt/mx/go/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/opt/mx/go/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.5'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build269155754=/tmp/go-build -gno-record-gcc-switches'

2.安装服务

2.1nerdctl、buildkit、containerd安装

根据官网提示，如果有containerd的环境可以选择最小化安装，此次实验是从零搭建，选择全量安装
在这里插入图片描述

URL:https://github.com/containerd/nerdctl/releases

根据架构选择安装包
在这里插入图片描述
解压

[root@test go]# tar zxf nerdctl-full-1.7.1-linux-amd64.tar.gz
[root@test go]# ls
cni-plugins-linux-amd64-v1.4.0.tgz  go  go1.21.5.linux-amd64.tar.gz  images  nerdctl  nerdctl-full-1.7.1-linux-amd64.tar.gz

拷贝启动命令到/usr/local/bin下

[root@test go]# cp nerdctl/bin/* /usr/local/bin/

将启动配置拷到/usr/lib/systemd/system下

[root@test system]# pwd
/opt/mx/go/nerdctl/lib/systemd/system
[root@test system]# ls
buildkit.service  containerd.service  stargz-snapshotter.service
[root@test system]# cp buildkit.service containerd.service /usr/lib/systemd/system/

添加buildkitd.toml配置，这一步需要做，不然无法选择本地镜像作为基础镜像去构建其他镜像

[root@test system]# mkdir /etc/buildkit
[root@test system]# vim /etc/buildkit/buildkitd.toml
[worker.oci]
  enabled = false
[worker.containerd]
  enabled = true
  namespace = "default"

Reference：https://github.com/containerd/nerdctl/blob/main/docs/build.md

2.2准备网络插件

[root@test cni]# ls
bandwidth  bridge  dhcp  dummy  firewall  host-device  host-local  ipvlan  loopback  macvlan  portmap  ptp  sbr  static  tap  tuning  vlan  vrf
[root@test cni]# pwd
/opt/mx/go/nerdctl/libexec/cni
[root@test cni]# cp bridge /usr/local/bin/

2.3启动服务

[root@test cni]# systemctl enable buildkit
[root@test cni]# systemctl enable containerd
[root@test cni]# systemctl start buildkit
[root@test cni]# systemctl start containerd

二、构建镜像测试

1.Base镜像构建

准备dockerfile

[root@test SystemBase]# pwd
/opt/mx/go/images/SystemBase
[root@test SystemBase]# ls
Dockerfile
[root@test SystemBase]# cat Dockerfile
FROM centos:centos7.9.2009

LABEL maintainer="OPS_MX"

RUN yum -y install wget && rm -f /etc/yum.repos.d/* && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo \
    && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo \
    && yum -y install  vim-enhanced tcpdump lrzsz tree telnet bash-completion net-tools wget bzip2 lsof  zip unzip nfs-utils gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl  openssl-devel systemd-devel zlib-devel \
    && yum clean all \
    && rm -f /etc/localtime  \
    && ln -s ../usr/share/zoneinfo/Asia/Shanghai /etc/localtime

开始构建

[root@test SystemBase]# nerdctl build -t centos7-base:v1 .
[+] Building 168.6s (6/6) FINISHED
 => [internal] load build definition from Dockerfile                                                                                                                                   0.0s
 => => transferring dockerfile: 644B                                                                                                                                                   0.0s
 => [internal] load metadata for docker.io/library/centos:centos7.9.2009                                                                                                               1.8s
 => [internal] load .dockerignore                                                                                                                                                      0.0s
 => => transferring context: 2B                                                                                                                                                        0.0s
 => [1/2] FROM docker.io/library/centos:centos7.9.2009@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4                                                         0.0s
 => => resolve docker.io/library/centos:centos7.9.2009@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4                                                         0.0s
 => [2/2] RUN yum -y install wget && rm -f /etc/yum.repos.d/* && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo     && wget -P /etc/yum.repos.d/ http://mir  151.1s
 => exporting to image                                                                                                                                                                15.3s
 => => exporting layers                                                                                                                                                               12.2s
 => => exporting manifest sha256:6f5f338e136173a89909ccbc499004a2481e84eec6118817895fa7976db44adf                                                                                      0.0s
 => => exporting config sha256:1659e896af88b4f6b2937bdc1c8f1ab377b1df69335ce6203a9ebbf0273f481a                                                                                        0.0s
 => => naming to docker.io/library/centos7-base:v1                                                                                                                                     0.0s
 => => unpacking to docker.io/library/centos7-base:v1

查看

[root@test SystemBase]# nerdctl image ls
REPOSITORY      TAG               IMAGE ID        CREATED           PLATFORM       SIZE         BLOB SIZE
centos7-base    v1                6f5f338e1361    56 seconds ago    linux/amd64    454.8 MiB    154.3 MiB
centos          centos7.9.2009    be65f488b776    2 weeks ago       linux/amd64    214.8 MiB    72.6 MiB
nginx           latest            c26ae7472d62    2 weeks ago       linux/amd64    191.9 MiB    67.3 MiB

2.构建应用镜像

准备dockerfile

[root@test Apply]# pwd
/opt/mx/go/images/Apply
[root@test Apply]# ls
Dockerfile  nginx-1.16.1.tar.gz
[root@test Apply]# cat Dockerfile
FROM centos7-base:v1
MAINTAINER OPS_MX
ENV NGINX_VERSION 1.16.1
ENV BUILD_TOOLS gcc pcre-devel openssl-devel make
ADD nginx-${NGINX_VERSION}.tar.gz /opt
RUN mkdir -p /opt/web_app/nginx-${NGINX_VERSION} \
        && useradd nginx && yum -y install ${BUILD_TOOLS} && cd /opt/nginx-${NGINX_VERSION} \
        && ./configure --user=nginx --group=nginx --with-http_ssl_module \
        --prefix=/opt/web_app/nginx-${NGINX_VERSION} \
        --sbin-path=/opt/web_app/nginx-${NGINX_VERSION}/sbin/nginx \
        --conf-path=/opt/web_app/nginx-${NGINX_VERSION}/conf/nginx.conf \
        --http-log-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/access.log \
        --error-log-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/error.log \
        --pid-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/nginx.pid \
        --lock-path=/opt/web_app/nginx-${NGINX_VERSION}/lock/subsys/nginx \
        --with-http_stub_status_module && make && make install  \
        && rm -rf /opt/nginx-${NGINX_VERSION}  \
        && yum clean all
WORKDIR /opt/web_app/nginx-${NGINX_VERSION}
EXPOSE 80 443
RUN  ln -sf /dev/stdout /opt/web_app/nginx-${NGINX_VERSION}/logs/access.log \
        && ln -sf /dev/stderr /opt/web_app/nginx-${NGINX_VERSION}/logs/error.log
CMD echo `ifconfig eth0 | awk 'NR==2{print $2}'` > /opt/web_app/nginx-1.16.1/html/index.html && /opt/web_app/nginx-1.16.1/sbin/nginx -g 'daemon off;'

Tip：nginx-1.16.1.tar.gz 需要提前下载

开始构建

[root@test Apply]# nerdctl build -t nginx-1.16.1:v1 .
[+] Building 52.2s (10/10) FINISHED
 => [internal] load build definition from Dockerfile                                                                                                                                   0.0s
 => => transferring dockerfile: 1.50kB                                                                                                                                                 0.0s
 => [internal] load metadata for docker.io/library/centos7-base:v1                                                                                                                     2.5s
 => [internal] load .dockerignore                                                                                                                                                      0.0s
 => => transferring context: 2B                                                                                                                                                        0.0s
 => [internal] load build context                                                                                                                                                      0.0s
 => => transferring context: 42B                                                                                                                                                       0.0s
 => [1/5] FROM docker.io/library/centos7-base:v1@sha256:6f5f338e136173a89909ccbc499004a2481e84eec6118817895fa7976db44adf                                                               1.6s
 => => resolve docker.io/library/centos7-base:v1@sha256:6f5f338e136173a89909ccbc499004a2481e84eec6118817895fa7976db44adf                                                               1.5s
 => [2/5] ADD nginx-1.16.1.tar.gz /opt                                                                                                                                                 0.3s
 => [3/5] RUN mkdir -p /opt/web_app/nginx-1.16.1         && useradd nginx && yum -y install gcc pcre-devel openssl-devel make && cd /opt/nginx-1.16.1         && ./configure --user=  46.4s
 => [4/5] WORKDIR /opt/web_app/nginx-1.16.1                                                                                                                                            0.1s
 => [5/5] RUN echo "daemon off;" >> /opt/web_app/nginx-1.16.1/nginx.conf         && ln -sf /dev/stdout /opt/web_app/nginx-1.16.1/logs/access.log         && ln -sf /dev/stderr /opt/w  0.2s
 => exporting to image                                                                                                                                                                 0.9s
 => => exporting layers                                                                                                                                                                0.6s
 => => exporting manifest sha256:12be16c071b25a5ac57e1dd60863796c1b6919b43c62658587947a2f2a708538                                                                                      0.0s
 => => exporting config sha256:9d29c74b942dde40f1fcbe7ae44f066e142dfbdc72b2b76d6b14558ea0383b3a                                                                                        0.0s
 => => naming to docker.io/library/nginx-1.16.1:v1                                                                                                                                     0.0s
 => => unpacking to docker.io/library/nginx-1.16.1:v1

查看

[root@test Apply]# nerdctl image ls
REPOSITORY      TAG               IMAGE ID        CREATED           PLATFORM       SIZE         BLOB SIZE
centos7-base    v1                6f5f338e1361    4 minutes ago     linux/amd64    454.8 MiB    154.3 MiB
centos          centos7.9.2009    be65f488b776    2 weeks ago       linux/amd64    214.8 MiB    72.6 MiB
nginx-1.16.1    v1                12be16c071b2    24 seconds ago    linux/amd64    469.7 MiB    158.3 MiB
nginx           latest            c26ae7472d62    2 weeks ago       linux/amd64    191.9 MiB    67.3 MiB

3.测试

启动测试容器

[root@test Apply]# nerdctl  run -d --name nginx -p  80:80 nginx-1.16.1:v1
6ea297093a1298e594c84bafce5d19dd574cd09c93e56bfa2b3638939004da40
[root@test Apply]# nerdctl ps
CONTAINER ID    IMAGE                                COMMAND                   CREATED           STATUS    PORTS                 NAMES
6ea297093a12    docker.io/library/nginx-1.16.1:v1    "/bin/sh -c echo `if…"    15 seconds ago    Up        0.0.0.0:80->80/tcp    nginx
[root@iZbp187tvtln33l6u05tq6Z Apply]# nerdctl ps
CONTAINER ID    IMAGE                                COMMAND                   CREATED           STATUS    PORTS                 NAMES
6ea297093a12    docker.io/library/nginx-1.16.1:v1    "/bin/sh -c echo `if…"    15 seconds ago    Up        0.0.0.0:80->80/tcp    nginx

访问测试

[root@test Apply]# nerdctl ps
CONTAINER ID    IMAGE                                COMMAND                   CREATED          STATUS    PORTS                 NAMES
6ea297093a12    docker.io/library/nginx-1.16.1:v1    "/bin/sh -c echo `if…"    2 minutes ago    Up        0.0.0.0:80->80/tcp    nginx
[root@test Apply]# nerdctl exec -it 6ea297093a12 -- /bin/bash
[root@6ea297093a12 nginx-1.16.1]# curl 127.0.0.1
10.4.0.3
[root@6ea297093a12 nginx-1.16.1]# pwd
/opt/web_app/nginx-1.16.1
[root@6ea297093a12 nginx-1.16.1]# ls
client_body_temp  conf  fastcgi_temp  html  logs  nginx.conf  proxy_temp  sbin  scgi_temp  uwsgi_temp
[root@6ea297093a12 nginx-1.16.1]# exit
exit
[root@iZbp187tvtln33l6u05tq6Z Apply]# curl 127.0.0.1
10.4.0.3