buildkit介绍
buildkit是Docker公司开源的下一代镜像构建工具,支持OCI标准的镜像构建,可以通过Dockerfile制作容器镜像。
buildkit由两部分组成:
- buildkitd(服务端):负责镜像构建,目前支持runc和containerd作为镜像构建环境,默认是runc。
- buildkitctl(客户端):负责解析Dockerfile文件,并向服务端buildkitd发出构建请求。
相对于docker,buildkit具有以下优势:
- 更高效:支持并行的多阶段构建、更好的缓存
- 管理更安全:支持secret mount,无需root权限
- 更易于扩展:使用自定义中间语言LLB,完全兼容Dockerfile,也可以支持第三方语言。后台支持runc和containerd
buildkit安装
项目托管地址:https://github.com/moby/buildkit
# wget https://github.com/moby/buildkit/releases/download/v0.12.2/buildkit-v0.12.2.linux-amd64.tar.gz
# tar xf buildkit-v0.12.2.linux-amd64.tar.gz
# mv bin/* /usr/bin/
# nerdctl version
Client:
Version: v1.5.0
OS/Arch: linux/amd64
Git commit: b33a58f288bc42351404a016e694190b897cd252
buildctl:
Version: v0.12.2
GitCommit: 567a99433ca23402d5e9b9f9124005d2e59b8861
Server:
containerd:
Version: v1.7.5
GitCommit: fe457eb99ac0e27b3ce638175ef8e68a7d2bc373
runc:
Version: 1.1.9
GitCommit: v1.1.9-0-gccaecfcb
# vim /usr/lib/systemd/system/buildkit.socket
# cat /usr/lib/systemd/system/buildkit.socket
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Socket]
ListenStream=%t/buildkit/buildkitd.sock
SocketMode=0660
[Install]
WantedBy=sockets.target
# vim /usr/lib/systemd/system/buildkit.service
# cat /usr/lib/systemd/system/buildkit.service
[Unit]
Description=BuildKit
Requires=buildkit.socket
After=buildkit.socket
Documentation=https://github.com/moby/buildkit
[Service]
ExecStart=/usr/bin/buildkitd --oci-worker=false --containerd-worker=true
[Install]
WantedBy=multi-user.target
# systemctl enable --now buildkit.service
容器镜像构建实践
构建应用发布基础镜像
[root@c1 ~]# mkdir imgtest
[root@c1 ~]# cd imgtest
[root@c1 imgtest]# vim Dockerfile
[root@c1 imgtest]# cat Dockerfile
FROM ubuntu:20.04
LABEL author=nextgo@126.com
RUN apt update && apt -y install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute gcc openssh-server lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute iotop unzip zip make && apt clean
[root@c1 imgtest]# ls
Dockerfile sources.list
[root@c1 imgtest]# nerdctl build -t www.kubemsb.com/library/ubuntu:20.04 .
[root@c1 imgtest]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
www.kubemsb.com/library/nginx latest 48a84a0728ca 2 hours ago linux/amd64 188.9 MiB 67.2 MiB
www.kubemsb.com/library/ubuntu 20.04 04c09082926e 31 seconds ago linux/amd64 420.4 MiB 151.3 MiB
上传已构建基础镜像到harbor容器镜像仓库
[root@c1 imgtest]# nerdctl push www.kubemsb.com/library/ubuntu:20.04 --insecure-registry
构建JDK容器镜像
[root@c1 jdktest]# mkdir /etc/buildkit
[root@c1 jdktest]# vim /etc/buildkit/buildkitd.toml
[root@c1 jdktest]# cat /etc/buildkit/buildkitd.toml
debug = true
[registry."www.kubemsb.com"]
http = true
insecure = true
[root@c1 jdktest]# mkdir /etc/nerdctl
[root@c1 jdktest]# vim /etc/nerdctl/nerdctl.toml
[root@c1 jdktest]# cat /etc/nerdctl/nerdctl.toml
debug = false
debug_full = true
insecure_registry = true
[root@c1 jdktest]# systemctl restart buildkit.service
[root@c1 jdktest]# systemctl status buildkit.service
[root@c1 ~]# mkdir jdktest
[root@c1 ~]# cd jdktest/
[root@c1 jdktest]# ls
Dockerfile jdk-8u191-linux-x64.tar.gz
[root@c1 jdktest]# vim Dockerfile
[root@c1 jdktest]# cat Dockerfile
#jdk 8 base image
FROM www.kubemsb.com/library/ubuntu:20.04
LABEL author="nextgo@126.com"
ADD jdk-8u191-linux-x64.tar.gz /usr/local/src
RUN ln -s /usr/local/src/jdk1.8.0_191 /usr/local/jdk
ENV JAVA_HOME /usr/local/jdk
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
ENV PATH $PATH:$JAVA_HOME/bin
RUN echo "export JAVA_HOME=/usr/local/jdk" >>/etc/profile
RUN echo "export TOMCAT_HOME=/apps/tomcat" >>/etc/profile
RUN echo "export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$TOMCAT_HOME/bin:$PATH" >>/etc/profile
RUN echo "export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar" >> /etc/profile
RUN rm -f /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@c1 jdktest]# nerdctl build -t www.kubemsb.com/library/ubuntu-jdk-base:8u191 .
输出内容:
DEBU[0000] Choosing the buildkit host "buildkit-default/buildkitd.sock", candidates=[buildkit-default/buildkitd.sock buildkit/buildkitd.sock] (in "/run/")
DEBU[0000] Choosing the buildkit host "buildkit/buildkitd.sock", candidates=[buildkit-default/buildkitd.sock buildkit/buildkitd.sock] (in "/run/")
DEBU[0000] Chosen buildkit host "unix:///run/buildkit/buildkitd.sock"
DEBU[0000] worker labels: map[org.mobyproject.buildkit.worker.containerd.namespace:buildkit org.mobyproject.buildkit.worker.containerd.uuid:ead82c8b-8d4a-4a5f-a73e-459613a411e3 org.mobyproject.buildkit.worker.executor:containerd org.mobyproject.buildkit.worker.hostname:c2 org.mobyproject.buildkit.worker.network:host org.mobyproject.buildkit.worker.selinux.enabled:false org.mobyproject.buildkit.worker.snapshotter:overlayfs]
DEBU[0000] running /usr/bin/buildctl [--addr=unix:///run/buildkit/buildkitd.sock build --progress=auto --frontend=dockerfile.v0 --local=context=. --output=type=docker,name=www.kubemsb.com/library/ubuntu-jdk-base:8u191 --local=dockerfile=/root/jdktest --opt=filename=Dockerfile]
[+] Building 21.4s (13/14)
[+] Building 21.5s (14/14) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 799B 0.0s
=> [internal] load metadata for www.kubemsb.com/library/ubuntu:20.04 0.0s
=> [auth] library/ubuntu:pull token for www.kubemsb.com 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.9s
=> => transferring context: 191.79MB 0.9s
=> [1/8] FROM www.kubemsb.com/library/ubuntu:20.04@sha256:602a6080d8633018f6e11aec6f48ce5aa84eccfa09a14fe6479941632490d3b0 0.0s
=> => resolve www.kubemsb.com/library/ubuntu:20.04@sha256:602a6080d8633018f6e11aec6f48ce5aa84eccfa09a14fe6479941632490d3b0 0.0s
=> [2/8] ADD jdk-8u191-linux-x64.tar.gz /usr/local/src 3.0s
=> [3/8] RUN ln -s /usr/local/src/jdk1.8.0_191 /usr/local/jdk 0.2s
=> [4/8] RUN echo "export JAVA_HOME=/usr/local/jdk" >>/etc/profile 0.1s
=> [5/8] RUN echo "export TOMCAT_HOME=/apps/tomcat" >>/etc/profile 0.1s
=> [6/8] RUN echo "export PATH=/usr/local/jdk/bin:/usr/local/jdk/jre/bin:$TOMCAT_HOME/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin: 0.1s
=> [7/8] RUN echo "export CLASSPATH=./usr/local/jdk/lib/:/usr/local/jdk/jre/lib/:/usr/local/jdk/lib:/usr/local/jdk/jre/lib:/usr/local/jdk/lib/tool 0.1s
=> [8/8] RUN rm -f /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 0.1s
=> exporting to docker image format 16.8s
=> => exporting layers 10.5s
=> => exporting manifest sha256:779718759c4e0354683a5b86dfaf34fbed38f2289a7ebd01e86161676818365e 0.0s
=> => exporting config sha256:1ddbcb001f9a2c1fee62db26a13ed432ab14296650bc488855c56bf5f1ba0fb7 0.0s
=> => sending tarball 6.3s
Loaded image: www.kubemsb.com/library/ubuntu-jdk-base:8u191
[root@c1 jdktest]# nerdctl images
DEBU[0000] raw image name="www.kubemsb.com/library/nginx:latest"
DEBU[0000] raw image name="www.kubemsb.com/library/ubuntu-jdk-base:8u191"
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
www.kubemsb.com/library/nginx latest 48a84a0728ca 3 hours ago linux/amd64 188.9 MiB 67.2 MiB
www.kubemsb.com/library/ubuntu-jdk-base 8u191 779718759c4e About a minute ago linux/amd64 802.3 MiB 335.3 MiB
[root@c1 jdktest]# nerdctl push www.kubemsb.com/library/ubuntu-jdk-base:8u191
基于jdk镜像构建tomcat镜像
[root@c1 ~]# mkdir tomcattest
[root@c1 ~]# cd tomcattest/
[root@c1 tomcattest]# wget https://dlcdn.apache.org/tomcat/tomcat-8/v8.5.93/bin/apache-tomcat-8.5.93.tar.gz
[root@c1 tomcattest]# vim Dockerfile
[root@c1 tomcattest]# cat Dockerfile
#tomcat 8.5.93 base image
FROM www.kubemsb.com/library/ubuntu-jdk-base:8u191
LABEL author="nextgo@126.com"
RUN mkdir -pv /apps /data/tomcat/webapps /data/tomcat/logs
ADD apache-tomcat-8.5.93.tar.gz /apps/
RUN ln -sv /apps/apache-tomcat-8.5.93 /apps/tomcat
RUN useradd -u 2023 tomcat && chown -R tomcat.tomcat /apps /data/tomcat
[root@c1 tomcattest]# nerdctl build -t www.kubemsb.com/library/tomcat-base:8.5.93 .
输入内容:
DEBU[0000] Choosing the buildkit host "buildkit-default/buildkitd.sock", candidates=[buildkit-default/buildkitd.sock buildkit/buildkitd.sock] (in "/run/")
DEBU[0000] Choosing the buildkit host "buildkit/buildkitd.sock", candidates=[buildkit-default/buildkitd.sock buildkit/buildkitd.sock] (in "/run/")
DEBU[0000] Chosen buildkit host "unix:///run/buildkit/buildkitd.sock"
DEBU[0000] worker labels: map[org.mobyproject.buildkit.worker.containerd.namespace:buildkit org.mobyproject.buildkit.worker.containerd.uuid:ead82c8b-8d4a-4a5f-a73e-459613a411e3 org.mobyproject.buildkit.worker.executor:containerd org.mobyproject.buildkit.worker.hostname:c2 org.mobyproject.buildkit.worker.network:host org.mobyproject.buildkit.worker.selinux.enabled:false org.mobyproject.buildkit.worker.snapshotter:overlayfs]
DEBU[0000] running /usr/bin/buildctl [--addr=unix:///run/buildkit/buildkitd.sock build --progress=auto --frontend=dockerfile.v0 --local=context=. --output=type=docker,name=www.kubemsb.com/library/tomcat-base:8.5.93 --local=dockerfile=/root/tomcattest --opt=filename=Dockerfile]
[+] Building 7.8s (11/11)
[+] Building 7.9s (11/11) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 373B 0.0s
=> [internal] load metadata for www.kubemsb.com/library/ubuntu-jdk-base:8u191 0.0s
=> [auth] library/ubuntu-jdk-base:pull token for www.kubemsb.com 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/5] FROM www.kubemsb.com/library/ubuntu-jdk-base:8u191@sha256:779718759c4e0354683a5b86dfaf34fbed38f2289a7ebd01e86161676818365e 0.0s
=> => resolve www.kubemsb.com/library/ubuntu-jdk-base:8u191@sha256:779718759c4e0354683a5b86dfaf34fbed38f2289a7ebd01e86161676818365e 0.0s
=> [internal] load build context 0.1s
=> => transferring context: 10.74MB 0.1s
=> [2/5] RUN mkdir -pv /apps /data/tomcat/webapps /data/tomcat/logs 0.1s
=> [3/5] ADD apache-tomcat-8.5.93.tar.gz /apps/ 0.2s
=> [4/5] RUN ln -sv /apps/apache-tomcat-8.5.93 /apps/tomcat 0.1s
=> [5/5] RUN useradd -u 2023 tomcat && chown -R tomcat.tomcat /apps /data/tomcat 0.3s
=> exporting to docker image format 7.1s
=> => exporting layers 0.5s
=> => exporting manifest sha256:5c13f803944b9615c439c4caff1287aff6959990ec894d7f0b22725b1121edd2 0.0s
=> => exporting config sha256:7d494cf6a771dece77fecc55f3c9c043bc71edc4020049cb7d4524d1e01c8778 0.0s
=> => sending tarball 6.6s
Loaded image: www.kubemsb.com/library/tomcat-base:8.5.93
[root@c1 tomcattest]# nerdctl push www.kubemsb.com/library/tomcat-base:8.5.93
基于tomcat镜像构建业务应用镜像
[root@c1 ~]# mkdir apptest
[root@c1 ~]# cd apptest/
[root@c1 apptest]# vim Dockerfile
[root@c1 apptest]# cat Dockerfile
#app
FROM www.kubemsb.com/library/tomcat-base:8.5.93
ADD server.xml /apps/tomcat/conf/
ADD myapp.tar.gz /data/tomcat/webapps/
ADD run_tomcat.sh /apps/tomcat/bin/
RUN chown -R tomcat.tomcat /apps /data/tomcat
EXPOSE 8080 8443
CMD ["/apps/tomcat/bin/run_tomcat.sh"]
[root@c1 apptest]# vim index.html
[root@c1 apptest]# cat index.html
Hello,World!
[root@c1 apptest]# mkdir myapp
[root@c1 apptest]# mv index.html myapp/
[root@c1 apptest]# tar czf myapp.tar.gz myapp
[root@c1 apptest]# ls
Dockerfile myapp myapp.tar.gz
[root@c1 apptest]# ls myapp
index.html
[root@c1 apptest]# vim run_tomcat.sh
[root@c1 apptest]# cat run_tomcat.sh
#!/bin/sh
su - tomcat -c "/apps/tomcat/bin/catalina.sh run"
[root@c1 apptest]# chmod +x run_tomcat.sh
[root@c1 apptest]# ls
app.tar.gz Dockerfile index.html run_tomcat.sh
可先运行一个tomcat容器,使用nerdctl cp 容器ID:文件存储路径 .的方式获取。
[root@c1 apptest]# nerdctl run -it www.kubemsb.com/library/tomcat-base:8.5.93 /bin/bash
root@cf0b8c620af4:/# find / -name server.xml
/apps/apache-tomcat-8.5.93/conf/server.xml
使用ctrl+p+q退出后再复制。
[root@c1 apptest]# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cf0b8c620af4 www.kubemsb.com/library/tomcat-base:8.5.93 "/bin/bash" 8 seconds ago Up tomcat-base-e3c8b
[root@c1 apptest]# nerdctl cp cf0b8c620af4:/apps/apache-tomcat-8.5.93/conf/server.xml .
[root@c1 apptest]# ls
Dockerfile myapp myapp.tar.gz run_tomcat.sh server.xml
[root@c1 apptest]# vim server.xml
132 <!-- An Engine represents the entry point (within Catalina) that processes
133 every request. The Engine implementation for Tomcat stand alone
134 analyzes the HTTP headers included with the request, and passes them
135 on to the appropriate Host (virtual host).
136 Documentation at /docs/config/engine.html -->
137
138 <!-- You should set jvmRoute to support load-balancing via AJP ie :
139 <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
140 -->
141 <Engine name="Catalina" defaultHost="localhost">
142
143 <!--For clustering, please take a look at documentation at:
144 /docs/cluster-howto.html (simple how to)
145 /docs/config/cluster.html (reference documentation) -->
146 <!--
147 <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
148 -->
149
150 <!-- Use the LockOutRealm to prevent attempts to guess user passwords
151 via a brute-force attack -->
152 <Realm className="org.apache.catalina.realm.LockOutRealm">
153 <!-- This Realm uses the UserDatabase configured in the global JNDI
154 resources under the key "UserDatabase". Any edits
155 that are performed against this UserDatabase are immediately
156 available for use by the Realm. -->
157 <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
158 resourceName="UserDatabase"/>
159 </Realm>
160
161 <Host name="localhost" appBase="/data/tomcat/webapps" 修改了此处。
162 unpackWARs="true" autoDeploy="true">
163
164 <!-- SingleSignOn valve, share authentication between web applications
165 Documentation at: /docs/config/valve.html -->
[root@c1 apptest]# ls
app.tar.gz Dockerfile index.html run_tomcat.sh server.xml
[root@c1 apptest]# nerdctl build -t www.kubemsb.com/library/tomcat-app:v1 .
[root@c1 apptest]# nerdctl images
DEBU[0000] raw image name="www.kubemsb.com/library/nginx:latest"
DEBU[0000] raw image name="www.kubemsb.com/library/tomcat-app:v1"
DEBU[0000] raw image name="www.kubemsb.com/library/tomcat-base:8.5.93"
DEBU[0000] raw image name="www.kubemsb.com/library/ubuntu-jdk-base:8u191"
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
www.kubemsb.com/library/nginx latest 48a84a0728ca 4 hours ago linux/amd64 188.9 MiB 67.2 MiB
www.kubemsb.com/library/tomcat-app v1 5874cc4c16e3 26 seconds ago linux/amd64 834.6 MiB 355.8 MiB
www.kubemsb.com/library/tomcat-base 8.5.93 5c13f803944b 18 minutes ago linux/amd64 834.5 MiB 355.8 MiB
www.kubemsb.com/library/ubuntu-jdk-base 8u191 779718759c4e 31 minutes ago linux/amd64 802.3 MiB 335.3 MiB
[root@c1 apptest]# nerdctl run -p 8080:8080 -it --rm www.kubemsb.com/library/tomcat-app:v1
