s2i是红帽开源的一款镜像构建工具,属于openshift的一部分,可以提供一套模板化的构建方案,让开发人员为各种不同类型的源代码提前准备好运行环境(builder-image),并进行快速构建和运行。 在学习了一段时间之后,我对s2i总结的优势可以分为以下几点:
- 模板化及扩展能力(builder-image):可以提前准备好不同的源代码执行环境,这部分工作和docker build并没有本质上的区别,builder image本身也是一个基于docker file构建出来的镜像,不同点在于s2i的builder image 在构建过程里可以封装进一组脚本,这些脚本在镜像构建及运行的各个阶段发挥着关键作用,使镜像的构建者能够更全面的掌控构建过程。
- 层次化及快速构建(增量构建):s2i允许在构建时指定一个增量构建对象(s2i build --incremental),这里不称之为基础镜像主要是为了和builder image区分。使用增量构建时,save-artifacts脚本将发挥作用,将当前镜像内部的数据进行转移,新镜像构建时assemble脚本执行,将数据进行拷贝,典型的数据传输对象可以是maven .m2文件夹等等。这个过程带来的好处除了加速构建之外,还有层次化:builder image 提供了横向扩展(例如 html、java、python等运行环境),而被增量构建的镜像则体现了相同运行环境中的纵向扩展(例如 一般maven项目、 spring boot项目等)。
- 开发过程及概念上的转变:s2i使开发人员不用再去关注docker file的编写过程,专注于源代码的更新迭代,容器的运行环境均由s2i的builder image和增量构建镜像准备。
一个标准的s2i构建过程,可以分为以下几个步骤:
- 准备builder image的上下文环境,其本质是一个docker image 所以包括docker file,s2i脚本,及相关依赖。
- 使用docker build命令构建builder image。
- 使用s2i build命令构建目标镜像
s2i build <source location> <builder image> [<tag>] [flags]
builder image参数是第二步构建出来的镜像。 - 使用上一步中构建的镜像进行增量构建。
以下为一个war包运行环境的builder image构建方式:
#Dockerfile
FROM openshift/base-centos7
EXPOSE 8080
ENV TOMCAT_VERSION=8.5.53 \
MAVEN_VERSION=3.6.3
LABEL io.k8s.description="Platform for building and running JEE applications on Tomcat" \
io.k8s.display-name="Tomcat Builder" \
io.openshift.expose-services="8080:http" \
io.openshift.tags="builder,tomcat" \
io.openshift.s2i.destination="/opt/s2i/destination"
#这个label比较重要,在s2i build时,s2i会将基础镜像的上下文环境包括源码、脚本拷贝进指定目录
COPY apache-maven-$MAVEN_VERSION-bin.tar.gz /
COPY apache-tomcat-$TOMCAT_VERSION.tar.gz /
# Install Maven, Tomcat
RUN INSTALL_PKGS="tar java-1.8.0-openjdk java-1.8.0-openjdk-devel" && \
yum install -y --enablerepo=centosplus $INSTALL_PKGS && \
rpm -V $INSTALL_PKGS && \
yum clean all -y && \
tar -zxvf /apache-maven-$MAVEN_VERSION-bin.tar.gz -C /usr/local && \
ln -sf /usr/local/apache-maven-$MAVEN_VERSION/bin/mvn /usr/local/bin/mvn && \
mkdir -p $HOME/.m2 && \
mkdir -p /tomcat && \
tar -zxvf /apache-tomcat-$TOMCAT_VERSION.tar.gz --strip-components=1 -C /tomcat && \
rm -rf /tomcat/webapps/* && \
mkdir -p /opt/s2i/destination && \
mkdir /tmp/src
# Add s2i customizations
ADD ./settings.xml $HOME/.m2/
# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH
COPY ./s2i/bin/ $STI_SCRIPTS_PATH
RUN chmod -R a+rw /tomcat && \
chmod a+rwx /tomcat/* && \
chmod +x /tomcat/bin/*.sh && \
chmod -R a+rw $HOME && \
chmod -R +x $STI_SCRIPTS_PATH && \
chmod -R g+rw /opt/s2i/destination
USER 1001
CMD $STI_SCRIPTS_PATH/usage
#assemble
if [[ "$1" == "-h" ]]; then
exec /usr/libexec/s2i/usage
fi
# Restore artifacts from the previous build (if they exist).
#
# restore build artifacts
if [ -d /opt/s2i/destination/artifacts/.m2 ]; then
echo "restore build artifacts"
rm -rf $HOME/.m2
mv /opt/s2i/destination/artifacts/.m2 $HOME/
fi
echo "---> Installing application source..."
#cp -Rf /tmp/src/. ./
a=`ls /tmp/`
echo $a
echo "**********"
b=`ls /opt/s2i/destination/`
echo $b
echo "------***"
c=`ls /opt/s2i/destination/src`
echo $c
cp -R /opt/s2i/destination/src/. ./
cp /opt/s2i/destination/src/config/catalina.sh /tomcat/bin/catalina.sh
echo "---> Building application from source..."
# TODO: Add build steps for your application, eg npm install, bundle install, pip install, etc.
mvn -Dmaven.test.skip=true clean package
#mv ./target/*.war /tomcat/webapps/ROOT.war
find ./ -name *.war -exec mv {} /tomcat/webapps/ROOT.war \;
#run
bash -c "/tomcat/bin/catalina.sh run"
#save-artifacts
#!/bin/bash
pushd ${HOME} >/dev/null
if [ -d .m2 ]; then
# all .m2 contents to tar stream
tar cf - .m2
fi
popd >/dev/null
builder image 中封装了centos7,jdk,maven和一个tomcat。
save-artifacts和assemble脚本在镜像构建期间执行,完成增量构建的数据传输,源代码拷贝及编译工作。
run脚本在镜像运行阶段执行。
JAR运行环境
# DockerFile
FROM openshift/base-centos7
EXPOSE 8080
ENV MAVEN_VERSION=3.6.3
LABEL io.k8s.description="Platform for building and running JEE applications on Tomcat" \
io.k8s.display-name="Tomcat Builder" \
io.openshift.expose-services="8080:http" \
io.openshift.tags="builder,tomcat" \
io.openshift.s2i.destination="/opt/s2i/destination"
COPY apache-maven-$MAVEN_VERSION-bin.tar.gz /
# Install Maven
RUN INSTALL_PKGS="tar java-1.8.0-openjdk java-1.8.0-openjdk-devel" && \
yum install -y --enablerepo=centosplus $INSTALL_PKGS && \
rpm -V $INSTALL_PKGS && \
yum clean all -y && \
tar -zxvf /apache-maven-$MAVEN_VERSION-bin.tar.gz -C /usr/local && \
ln -sf /usr/local/apache-maven-$MAVEN_VERSION/bin/mvn /usr/local/bin/mvn && \
mkdir -p $HOME/.m2 && \
mkdir -p /opt/s2i/destination && \
mkdir -p /webapps && \
mkdir /tmp/src
# Add s2i customizations
ADD ./settings.xml $HOME/.m2/
# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH
COPY ./s2i/bin/ $STI_SCRIPTS_PATH
RUN chmod -R a+rw /webapps && \
chmod -R a+rw $HOME && \
chmod -R +x $STI_SCRIPTS_PATH && \
chmod -R g+rw /opt/s2i/destination
USER 1001
CMD $STI_SCRIPTS_PATH/usage
#assemble
if [[ "$1" == "-h" ]]; then
exec /usr/libexec/s2i/usage
fi
# Restore artifacts from the previous build (if they exist).
#
# restore build artifacts
if [ -d /opt/s2i/destination/artifacts/.m2 ]; then
echo "restore build artifacts"
rm -rf $HOME/.m2
mv /opt/s2i/destination/artifacts/.m2 $HOME/
fi
echo "---> Installing application source..."
#cp -Rf /tmp/src/. ./
a=`ls /tmp/`
echo $a
echo "**********"
b=`ls /opt/s2i/destination/`
echo $b
echo "------***"
c=`ls /opt/s2i/destination/src`
echo $c
cp -R /opt/s2i/destination/src/. ./
echo "---> Building application from source..."
# TODO: Add build steps for your application, eg npm install, bundle install, pip install, etc.
mvn -Dmaven.test.skip=true clean package
find ./ -name *.jar -exec mv {} /tomcat/webapps/ROOT.jar \;
#save-artifacts
pushd ${HOME} >/dev/null
if [ -d .m2 ]; then
# all .m2 contents to tar stream
tar cf - .m2
fi
popd >/dev/null
#run
bash -c "java -jar -Dserver.port=8080 /webapps/ROOT.jar"
NGINX运行环境
FROM openshift/base-centos7
EXPOSE 8080
EXPOSE 8443
ENV NAME=nginx \
NGINX_VERSION=1.16 \
NGINX_SHORT_VER=116 \
VERSION=0
ENV SUMMARY="Platform for running nginx $NGINX_VERSION or building nginx-based application" \
DESCRIPTION="Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP \
protocols, with a strong focus on high concurrency, performance and low memory usage. The container \
image provides a containerized packaging of the nginx $NGINX_VERSION daemon. The image can be used \
as a base image for other applications based on nginx $NGINX_VERSION web server. \
Nginx server image can be extended using source-to-image tool."
LABEL summary="${SUMMARY}" \
description="${DESCRIPTION}" \
io.k8s.description="${DESCRIPTION}" \
io.k8s.display-name="Nginx ${NGINX_VERSION}" \
io.openshift.expose-services="8080:http" \
io.openshift.expose-services="8443:https" \
io.openshift.tags="builder,${NAME},rh-${NAME}${NGINX_SHORT_VER}" \
com.redhat.component="rh-${NAME}${NGINX_SHORT_VER}-container" \
name="centos/${NAME}-${NGINX_SHORT_VER}-centos7" \
version="${NGINX_VERSION}" \
maintainer="SoftwareCollections.org <sclorg@redhat.com>" \
help="For more information visit https://github.com/sclorg/${NAME}-container" \
usage="s2i build <SOURCE-REPOSITORY> centos/${NAME}-${NGINX_SHORT_VER}-centos7:latest <APP-NAME>"
ENV NGINX_CONFIGURATION_PATH=${APP_ROOT}/etc/nginx.d \
NGINX_CONF_PATH=/etc/opt/rh/rh-nginx${NGINX_SHORT_VER}/nginx/nginx.conf \
NGINX_DEFAULT_CONF_PATH=${APP_ROOT}/etc/nginx.default.d \
NGINX_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/nginx \
NGINX_APP_ROOT=${APP_ROOT} \
NGINX_LOG_PATH=/var/opt/rh/rh-nginx${NGINX_SHORT_VER}/log/nginx
RUN yum install -y yum-utils gettext hostname && \
yum install -y centos-release-scl-rh && \
INSTALL_PKGS="nss_wrapper bind-utils rh-nginx${NGINX_SHORT_VER} rh-nginx${NGINX_SHORT_VER}-nginx \
rh-nginx${NGINX_SHORT_VER}-nginx-mod-stream" && \
yum install -y centos-release-scl-rh && \
yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
rpm -V $INSTALL_PKGS && \
yum -y clean all --enablerepo='*'
# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH
COPY ./s2i/bin/ $STI_SCRIPTS_PATH
# Copy extra files to the image.
COPY ./root/ /
# In order to drop the root user, we have to make some directories world
# writeable as OpenShift default security model is to run the container under
# random UID.
RUN sed -i -f ${NGINX_APP_ROOT}/nginxconf.sed ${NGINX_CONF_PATH} && \
chmod a+rwx ${NGINX_CONF_PATH} && \
mkdir -p ${NGINX_APP_ROOT}/etc/nginx.d/ && \
mkdir -p ${NGINX_APP_ROOT}/etc/nginx.default.d/ && \
mkdir -p ${NGINX_APP_ROOT}/src/nginx-start/ && \
mkdir -p ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \
mkdir -p ${NGINX_LOG_PATH} && \
ln -s ${NGINX_LOG_PATH} /var/log/nginx && \
ln -s /etc/opt/rh/rh-nginx${NGINX_SHORT_VER}/nginx /etc/nginx && \
ln -s /opt/rh/rh-nginx${NGINX_SHORT_VER}/root/usr/share/nginx /usr/share/nginx && \
chmod -R a+rwx ${NGINX_APP_ROOT}/etc && \
chmod -R a+rwx /var/opt/rh/rh-nginx${NGINX_SHORT_VER} && \
chmod -R a+rwx ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \
chown -R 1001:0 ${NGINX_APP_ROOT} && \
chown -R 1001:0 /var/opt/rh/rh-nginx${NGINX_SHORT_VER} && \
chown -R 1001:0 ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \
chmod -R a+rwx /var/run && \
chown -R 1001:0 /var/run && \
rpm-file-permissions
USER 1001
# Not using VOLUME statement since it's not working in OpenShift Online:
# https://github.com/sclorg/httpd-container/issues/30
# VOLUME ["/opt/rh/rh-nginx116/root/usr/share/nginx/html"]
# VOLUME ["/var/opt/rh/rh-nginx116/log/nginx/"]
ENV BASH_ENV=${NGINX_APP_ROOT}/etc/scl_enable \
ENV=${NGINX_APP_ROOT}/etc/scl_enable \
PROMPT_COMMAND=". ${NGINX_APP_ROOT}/etc/scl_enable"
CMD $STI_SCRIPTS_PATH/usage
#assemble
set -e
echo "---> Installing application source"
ls -a
cp -Rf /tmp/src/. ./
# Fix source directory permissions
fix-permissions ./
if [ -f ./nginx.conf ]; then
echo "---> Copying nginx.conf configuration file..."
cp -v ./nginx.conf "${NGINX_CONF_PATH}"
rm -f ./nginx.conf
fi
if [ -d ./nginx-cfg ]; then
echo "---> Copying nginx configuration files..."
if [ "$(ls -A ./nginx-cfg/*.conf)" ]; then
cp -av ./nginx-cfg/*.conf "${NGINX_CONFIGURATION_PATH}"
rm -rf ./nginx-cfg
fi
chmod -Rf g+rw ${NGINX_CONFIGURATION_PATH}
fi
if [ -d ./nginx-default-cfg ]; then
echo "---> Copying nginx default server configuration files..."
if [ "$(ls -A ./nginx-default-cfg/*.conf)" ]; then
cp -av ./nginx-default-cfg/*.conf "${NGINX_DEFAULT_CONF_PATH}"
rm -rf ./nginx-default-cfg
fi
chmod -Rf g+rw ${NGINX_DEFAULT_CONF_PATH}
fi
if [ -d ./nginx-start ]; then
echo "---> Copying nginx start-hook scripts..."
if [ "$(ls -A ./nginx-start/* 2>/dev/null)" ]; then
cp -av ./nginx-start/* "${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start/"
rm -rf ./nginx-start
fi
fi
#run
source /opt/app-root/etc/generate_container_user
set -e
source ${NGINX_CONTAINER_SCRIPTS_PATH}/common.sh
process_extending_files ${NGINX_APP_ROOT}/src/nginx-start ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start
if [ ! -v NGINX_LOG_TO_VOLUME -a -v NGINX_LOG_PATH ]; then
/bin/ln -s /dev/stdout ${NGINX_LOG_PATH}/access.log
/bin/ln -s /dev/stderr ${NGINX_LOG_PATH}/error.log
fi
exec nginx -g "daemon off;"
除上述内容之外,源代码也需要一个上下文环境,这并不是必要的,但这样做的好处是可以提供一些类似nginx及tomcat的配置文件来实现不同项目的定制化。这也是s2i脚本的核心能力体现。
由于网上的资料不够充分,所以使用过程里难免碰到很多坑,也并不能对s2i充分理解物尽其用。比如在增量构建阶段,目前发现必须是同名镜像才能够被识别出来,所以有时候不得不先将一个需要增量构建的镜像tag成目标镜像名称再进行增量构建。