use*_*695 7 gitlab dockerfile kaniko
这就是我使用 kaniko 在 gitlab CI 中构建 docker 镜像的方式,效果很好。
但我需要读取 json 文件来获取一些值。因此我需要访问jq.
.gilab-ci.yml
deploy:
stage: deployment
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64)\"}}}" > /kaniko/.docker/config.json
- |
/kaniko/executor \
--context $CI_PROJECT_DIR \
--dockerfile $CI_PROJECT_DIR/app/Dockerfile \
--destination $CI_REGISTRY_IMAGE/app:latest \
done
- jq # <- Is not working, as jq is not installed
是否可以将 jq 添加到映像中以避免在此阶段始终重复安装它?
在所有其他阶段,我都使用自己的高山图像,并在其中添加了 CI 管道中所需的所有内容。因此,如果可能的话,另一种选择是将 kaniko 添加到此图像中。这将产生一个包含所需所有实用程序的映像。
Dockerfile
FROM alpine:3.14.2
RUN apk --update add \
bash \
curl \
git \
jq \
npm
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.4/bin/linux/amd64/kubectl
RUN chmod u+x kubectl && mv kubectl /bin/kubectl
# Add kaniko to this image??
Pie*_* B. 12
官方 Kaniko Docker 镜像是使用独立的 Go 二进制文件构建的scratch(请参阅Kaniko 的 GitHub 存储库中的 Dockerfile)。您可以重复使用官方映像中的相同二进制文件并将其复制到您的映像中,例如:
# Use this FROM instruction as shortcut to use --copy=from kaniko below
# It's also possible to use directly COPY --from=gcr.io/kaniko-project/executor
FROM gcr.io/kaniko-project/executor AS kaniko
FROM alpine:3.14.2
RUN apk --update add \
bash \
curl \
git \
jq \
npm
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.4/bin/linux/amd64/kubectl
RUN chmod u+x kubectl && mv kubectl /bin/kubectl
#
# Add kaniko to this image by re-using binaries and steps from official image
#
COPY --from=kaniko /kaniko/executor /kaniko/executor
COPY --from=kaniko /kaniko/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=kaniko /kaniko/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=kaniko /kaniko/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf
COPY --from=kaniko /kaniko/.docker /kaniko/.docker
ENV PATH $PATH:/usr/local/bin:/kaniko
ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
编辑:对于调试映像,Dockerfile 将是:
FROM gcr.io/kaniko-project/executor:debug AS kaniko
FROM alpine:3.14.2
RUN apk --update add \
bash \
curl \
git \
jq \
npm
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.4/bin/linux/amd64/kubectl
RUN chmod u+x kubectl && mv kubectl /bin/kubectl
#
# Add kaniko to this image by re-using binaries and steps from official image
#
COPY --from=kaniko /kaniko/ /kaniko/
COPY --from=kaniko /kaniko/warmer /kaniko/warmer
COPY --from=kaniko /kaniko/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=kaniko /kaniko/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=kaniko /kaniko/docker-credential-acr /kaniko/docker-credential-acr
COPY --from=kaniko /kaniko/.docker /kaniko/.docker
COPY --from=busybox:1.32.0 /bin /busybox
ENV PATH $PATH:/usr/local/bin:/kaniko:/busybox
ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
请注意,您需要使用gcr.io/kaniko-project/executor:debug(对于最新版本)或gcr.io/kaniko-project/executor:v1.6.0-debug作为源(或其他标签)
测试构建一个小图像,似乎工作正常:
# Built above example with docker build . -t kaniko-alpine
# And ran container with docker run -it kaniko-alpine sh
echo "FROM alpine" > Dockerfile
echo "RUN echo hello" >> Dockerfile
echo "COPY Dockerfile Dockerfile" >> Dockerfile
executor version
executor -c . --no-push
# Output like:
#
# Kaniko version : v1.6.0
#
# INFO[0000] Retrieving image manifest alpine
# INFO[0000] Retrieving image alpine from registry index.docker.io
# INFO[0000] GET KEYCHAIN
# [...]
# INFO[0001] RUN echo hello
# INFO[0001] Taking snapshot of full filesystem...
# INFO[0001] cmd: /bin/sh
# INFO[0001] args: [-c echo hello]
# INFO[0001] Running: [/bin/sh -c echo hello]
# [...]
请注意,不建议在官方映像之外使用 Kaniko 二进制文件,尽管它仍然可以正常工作:
kaniko 旨在作为图像运行:
gcr.io/kaniko-project/executor。我们不建议在另一个映像中运行 kaniko 执行程序二进制文件,因为它可能不起作用。
| 归档时间: |
|
| 查看次数: |
8940 次 |
| 最近记录: |