containerd的ctr没有build,commit功能,那么如何在没有docker使用contianderd的环境构建镜像
buildkit
可以通过专门的构建工具–buildkit进行构建。使用buildkit说明如下。
- 服务端为buildkitd,和runc或containerd后端进行连接,目前只支持这两个后端。
- 客户端为buildctl,负责解析镜像构建文件Dockerfile,并向服务端发出构建指令,所以客户端可以和服务端不在一台机器上,也不需要root权限之类。
- 服务端默认使用runc后端,但是建议使用containerd后端,这样构建出的镜像就会存在containerd的buildkit名字空间下。
- buildctl客户端可用于 Linux、macOS 和 Windows,但buildkitd服务端目前仅可用于 Linux。
# 1. 下载安装buildkit命令工具
$ wget https://github.com/moby/buildkit/releases/download/v0.10.4/buildkit-v0.10.4.linux-amd64.tar.gz
$ tar xvf buildkit-v0.10.4.linux-amd64.tar.gz
$ cp buildkit/bin/build* /usr/local/bin
# 2. 启动buildkitd服务
# ** buildkitd默认运行在前台,需要加&挂在后台运行 **
# 使用 --oci-worker=false --containerd-worker=true 参数,可以让buildkitd服务使用containerd后端
$ buildkitd --oci-worker=false --containerd-worker=true &
WARN[2022-08-31T11:56:53+08:00] using host network as the default
WARN[2022-08-31T11:56:53+08:00] git source cannot be enabled: failed to find git binary: exec: "git": executable file not found in $PATH
INFO[2022-08-31T11:56:53+08:00] found worker "rkw9bofa0oc3f7wka7sqgz9pj", labels=map[org.mobyproject.buildkit.worker.containerd.namespace:buildkit org.mobyproject.buildkit.worker.containerd.uuid:4c0c9e2e-17b7-4387-bc9f-500aa8487356 org.mobyproject.buildkit.worker.executor:containerd org.mobyproject.buildkit.worker.hostname:acp38-cd-region org.mobyproject.buildkit.worker.network:host org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/amd64/v2 linux/386]
INFO[2022-08-31T11:56:53+08:00] found 1 workers, default="rkw9bofa0oc3f7wka7sqgz9pj"
WARN[2022-08-31T11:56:53+08:00] currently, only the default worker can be used.
INFO[2022-08-31T11:56:53+08:00] running server on /run/buildkit/buildkitd.sock
$ ps -ef|grep buildkitd
root 15662 507 0 11:56 pts/1 00:00:00 buildkitd --oci-worker=false --containerd-worker=true
root 20347 507 0 11:57 pts/1 00:00:00 grep --color=auto buildkitd
# 3. 构建镜像
# 命令格式:
$ buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --output type=image,name=hello:v1
# 参数说明:
# frontend:使用dockerfile作为前端
# local context: 指向当前目录,这是Dockerfile执行构建时的路径上下文,比如在从目录中拷贝文件到镜像里。
# local dockerfile:指向当前目录,表示Dockerfile在此目录
# output 的 name: 表示构建后的镜像名称
# 构建完之后的镜像默认存储在buildkit命名空间构建举例
$ ls
Dockerfile hello
$ cat Dockerfile
FROM docker.io/library/alpine:3.14.0
COPY ./hello /
CMD ["/hello"]
$ buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --output type=image,name=192.168.14.254/library/hello:v1
[+] Building 5.6s (7/7) FINISHED
=> [internal] load build definition from Dockerfile 0.2s
=> => transferring dockerfile: 105B 0.0s
=> [internal] load .dockerignore 0.2s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/alpine:3.14.0 2.3s
=> [internal] load build context 0.7s
=> => transferring context: 1.78MB 0.1s
=> [1/2] FROM docker.io/library/alpine:3.14.0@sha256:adab3844f497ab9171f070d4cae4114b5aec565ac772e2f2579405b78be67c96 1.2s
=> => resolve docker.io/library/alpine:3.14.0@sha256:adab3844f497ab9171f070d4cae4114b5aec565ac772e2f2579405b78be67c96 0.3s
=> => extracting sha256:5843afab387455b37944e709ee8c78d7520df80f8d01cf7f861aae63beeddb6b 0.4s
=> [2/2] COPY ./hello / 0.4s
=> exporting to image 1.1s
=> => exporting layers 0.8s
=> => exporting manifest sha256:f6f58e15c4819f74d3758c92c2480c4b4d13750e2f36f404abf099f4b765d9c0 0.1s
=> => exporting config sha256:c84df4c969709948a0ae19d7590985689eadd05ed27cb3d046d8e137d96c0d6f 0.1s
=> => naming to 192.168.14.254/library/hello:v1
$ ctr -n buildkit image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
192.168.14.254/library/hello:v1 application/vnd.docker.distribution.manifest.v2+json sha256:f6f58e15c4819f74d3758c92c2480c4b4d13750e2f36f404abf099f4b765d9c0 3.7 MiB linux/amd64 -
$ ctr -n buildkit run 192.168.14.254/library/hello:v1 hello
Hello From Golang!
