{"id":1611,"date":"2022-04-12T14:04:54","date_gmt":"2022-04-12T14:04:54","guid":{"rendered":"https:\/\/www.ipcpu.com\/?p=1611"},"modified":"2022-07-25T14:08:54","modified_gmt":"2022-07-25T14:08:54","slug":"%e4%bd%bf%e7%94%a8kaniko%e6%9e%84%e5%bb%badocker%e9%95%9c%e5%83%8f","status":"publish","type":"post","link":"https:\/\/c.ipcpu.com\/2022\/04\/%e4%bd%bf%e7%94%a8kaniko%e6%9e%84%e5%bb%badocker%e9%95%9c%e5%83%8f\/","title":{"rendered":"\u4f7f\u7528Kaniko\u6784\u5efaDocker\u955c\u50cf"},"content":{"rendered":"
<\/div>\n

Kaniko\u6982\u8ff0<\/h2>\n

\u5f53\u6211\u4eec\u60f3\u5c06\u4e1a\u52a1\u4ee3\u7801\u53d1\u5e03\u5230Kubernetes\u65f6\uff0c\u6700\u5148\u9047\u5230\u7684\u95ee\u9898\u5c31\u662f\u6784\u5efaDocker\u955c\u50cf\u3002<\/p>\n

\u4ee5GitlabCICD\u4e3a\u4f8b\uff0c\u6784\u5efaDocker\u955c\u50cf\u65f6\u6709\u4e09\u79cd\u65b9\u6cd5\uff1a<\/p>\n

\n
    \n
  1. Shell executor<\/li>\n
  2. DockerinDocker(DinD)<\/li>\n
  3. Docker socket binding(DockeroutofDocker, DooD)<\/li>\n<\/ol>\n<\/blockquote>\n

    \u7b2c\u4e00\u79cd\u65b9\u5f0f\u76f4\u63a5\u4f7f\u7528\u4e86\u865a\u62df\u673a\u4e0ashell\uff0c\u5bfc\u81f4\u73af\u5883\u65e0\u6cd5\u4fdd\u6301\u4e00\u81f4\uff0c\u4e00\u822c\u5f88\u5c11\u4eba\u4f7f\u7528\u3002
    \n\u7b2c\u4e8c\u79cd\u65b9\u5f0f\u5728Docker\u91cc\u9762\uff0c\u53c8\u5b89\u88c5\u4e86\u4e00\u4e2aDocker\uff0c\u4f46\u662f\u6700\u5916\u5c42\u7684docker\u9700\u8981\u7279\u6743\u6a21\u5f0f\u8fd0\u884c\uff0c\u5b58\u5728\u4e00\u5b9a\u7684\u5b89\u5168\u9690\u60a3\uff0c\u4e5f\u5bfc\u81f4\u65e0\u6cd5\u5728K8S\u5e73\u53f0\u4e2d\u8fd0\u884c\u3002
    \n\u7b2c\u4e09\u79cd\u65b9\u5f0f\uff0c\u9700\u8981\u5427docker socket \u66b4\u9732\u7ed9runner\u5bb9\u5668\uff0c\u76f8\u5f53\u4e8e\u7ed9\u51fa\u4e86\u6700\u9ad8docker\u6743\u9650\uff0c\u5b89\u5168\u6027\u4e5f\u662f\u5927\u95ee\u9898\u3002\u53e6\u5916\u5982\u679c\u9700\u8981\u521b\u5efa\u76f8\u540c\u540d\u5b57\u7684docker\u5bb9\u5668\uff0c\u4f1a\u4ea7\u751f\u51b2\u7a81\u3002\u540c\u6837\u7684\u4e5f\u65e0\u6cd5\u5728K8S\u5e73\u53f0\u4e2d\u8fd0\u884c\u3002<\/p>\n

    \u90a3\u8fd8\u6709\u4ec0\u4e48\u529e\u6cd5\u5417\uff1f
    \n\u6709\u3002Google\u53d1\u5e03\u7684Kaniko \u89e3\u51b3\u4e86\u7279\u6743\u6a21\u5f0f\u7684\u95ee\u9898\uff0c\u6784\u5efa\u955c\u50cf\u65f6\u4e0d\u518d\u4f9d\u8d56DockerDeamon\u3002
    \nKaniko\u662f\u4e00\u4e2aGoogle\u5f00\u6e90\u7684\u65b9\u4fbf\u6211\u4eec\u5728k8s\u4e2d\u4f7f\u7528dockfile\u6784\u5efa\u955c\u50cf\u7684\u5de5\u5177\u3002\u5b83\u4e0d\u4f9d\u8d56docker daemon\u8fdb\u7a0b\uff0c\u5e76\u5b8c\u5168\u5728\u7528\u6237\u7a7a\u95f4\u6267\u884cdockfile\u6587\u4ef6\u7684\u6bcf\u4e00\u6761\u547d\u4ee4\u3002\u8fd9\u6837\u6211\u4eec\u5c31\u53ef\u4ee5\u5728\u4e00\u4e9b\u6ca1\u6cd5\u83b7\u53d6docker daemon\u8fdb\u7a0b\u7684\u73af\u5883\u4e0b\u4e5f\u53ef\u4ee5\u6784\u5efa\u955c\u50cf\u3002\u6bd4\u5982\u5728K8S\u4e0a\u3002
    \nkaniko\u4f1a\u5148\u63d0\u53d6\u57fa\u7840\u955c\u50cf\u7684\u6587\u4ef6\u7cfb\u7edf\uff0c\u7136\u540e\u6839\u636eDockerfile\u4e2d\u7684\u63cf\u8ff0\uff0c\u4e00\u6761\u6761\u6267\u884c\u547d\u4ee4\uff0c\u6bcf\u4e00\u6761\u547d\u4ee4\u6267\u884c\u5b8c\u4e4b\u540e\u90fd\u4f1a\u5728\u7528\u6237\u7a7a\u95f4\u521b\u5efa\u4e00\u4e2asnapshot\uff0c\u5e76\u4e8e\u5b58\u50a8\u5728\u5185\u5b58\u4e2d\u7684\u4e0a\u4e00\u4e2a\u72b6\u6001\u505a\u5bf9\u6bd4\uff0c\u82e5\u6709\u53d8\u5316\uff0c\u5c06\u65b0\u7684\u4fee\u6539\u751f\u6210\u4e00\u4e2a\u955c\u50cf\u5c42\u6dfb\u52a0\u5728\u57fa\u7840\u955c\u50cf\u4e0a\u9762\uff0c\u5e76\u5c06\u76f8\u5173\u4fee\u6539\u4fe1\u606f\u5199\u5165\u5230\u955c\u50cf\u5143\u6570\u636e\u4e2d\uff0c\u7b49\u5168\u90e8\u547d\u4ee4\u6267\u884c\u5b8c\uff0cKaniko\u4f1a\u5c06\u6700\u7ec8\u955c\u50cf\u63a8\u9001\u5230\u6307\u5b9a\u7684\u8fdc\u7aef\u955c\u50cf\u4ed3\u5e93\u3002<\/p>\n

    Kaniko\u7684\u4ee3\u7801\u548c\u5b98\u65b9\u7ad9\u70b9<\/h2>\n

    Kaniko\u7684\u4ee3\u7801\u5728github\u4e2d\u6709\uff0c\u4ee3\u7801deploy\u76ee\u5f55\u6709Dockerfile\uff0c\u53ef\u4ee5\u81ea\u884c\u6784\u5efa
    \nhttps:\/\/github.com\/GoogleContainerTools\/kaniko<\/a>
    \n\u5982\u679c\u4e0d\u60f3\u6784\u5efa\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528 gcr.io\/kaniko-project\/executor:debug<\/p>\n

    \u5728GitlabCI\u4e2d\u4f7f\u7528Kaniko<\/h2>\n

    .gitlab-ci.yml\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\uff0c
    \n\u6ce8\u610f\u8fd9\u91cc\u8bbe\u7f6e\u4e86\u4e00\u4e2aDOCKERCONFIG\u53d8\u91cf\uff0c\u7528\u6765\u5b58\u50a8\u955c\u50cf\u4ed3\u5e93\u7684\u8ba4\u8bc1\u6570\u636e\u3002<\/p>\n

    \n
    # DodD\u6a21\u5f0f\ndockerbuild:\n  stage: dockerbuild\n  image: docker:stable\n  before_script:\n    - docker  info    \n  script:\n    - docker login -u xxx -p xxx reg.ipcpu.com\n    - docker  build -t reg.ipcpu.com\/test\/gohelloworld:${CI_PIPELINE_ID}-${CI_COMMIT_SHORT_SHA}  .\n    - docker  push  reg.ipcpu.com\/test\/gohelloworld:${CI_PIPELINE_ID}-${CI_COMMIT_SHORT_SHA}  \n\n# Kaniko\u6a21\u5f0f\nKanikoBuild:\n  stage: KanikoBuild\n  image:\n    # we use :debug instead of :latest, because we need a shell for our scripts\n    name: gcr.io\/kaniko-project\/executor:debug\n    entrypoint: [\"\"]\n  before_script:\n    - echo \"start writing ayth file.\"\n    - mkdir -p \/kaniko\/.docker\n    - echo ${DOCKERCONFIG} > \/kaniko\/.docker\/config.json\n    - echo \"auth file write successful.\"\n  script:\n    - - echo \"start executor.\"\n    - >-\n      \/kaniko\/executor\n      --context \"${CI_PROJECT_DIR}\"\n      --dockerfile \"${CI_PROJECT_DIR}\/Dockerfile\"\n      --destination \"reg.ipcpu.com\/test\/gohelloworld2:${CI_COMMIT_SHORT_SHA}\"<\/code><\/pre>\n<\/div>\n
    <\/p>\n
    \u53c2\u8003\u8d44\u6599<\/h2>\n
    https:\/\/github.com\/GoogleContainerTools\/kaniko<\/a> 
    \n    https:\/\/docs.gitlab.com\/ee\/ci\/docker\/using_kaniko.html<\/a><\/p>\n
    \u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1aIPCPU-\u7f51\u7edc\u4e4b\u8def<\/a> » \u4f7f\u7528Kaniko\u6784\u5efaDocker\u955c\u50cf<\/a><\/p>","protected":false},"excerpt":{"rendered":"
    Kaniko\u6982\u8ff0 \u5f53\u6211\u4eec\u60f3\u5c06\u4e1a\u52a1\u4ee3\u7801\u53d1\u5e03\u5230Kubernetes\u65f6\uff0c\u6700\u5148\u9047\u5230\u7684\u95ee\u9898\u5c31\u662f\u6784\u5efaDocker\u955c\u50cf\u3002 \u4ee5GitlabCICD\u4e3a\u4f8b\uff0c\u6784\u5efaDocker\u955c\u50cf\u65f6\u6709\u4e09\u79cd\u65b9\u6cd5\uff1a Shell executor DockerinDocker(DinD) Docker socket binding(DockeroutofDocker, DooD) \u7b2c\u4e00\u79cd\u65b9\u5f0f\u76f4\u63a5\u4f7f\u7528\u4e86\u865a\u62df\u673a\u4e0ashell\uff0c\u5bfc\u81f4\u73af\u5883\u65e0\u6cd5\u4fdd\u6301\u4e00\u81f4\uff0c\u4e00\u822c\u5f88\u5c11\u4eba\u4f7f\u7528\u3002 \u7b2c\u4e8c\u79cd\u65b9\u5f0f\u5728Docker\u91cc\u9762\uff0c\u53c8\u5b89\u88c5\u4e86\u4e00\u4e2aDocker\uff0c\u4f46\u662f\u6700\u5916\u5c42\u7684docker\u9700\u8981\u7279\u6743\u6a21\u5f0f\u8fd0\u884c\uff0c\u5b58\u5728\u4e00\u5b9a\u7684\u5b89\u5168\u9690\u60a3\uff0c\u4e5f\u5bfc\u81f4\u65e0\u6cd5\u5728K8S\u5e73\u53f0\u4e2d\u8fd0\u884c\u3002 \u7b2c\u4e09\u79cd\u65b9\u5f0f\uff0c\u9700\u8981\u5427docker socket \u66b4\u9732\u7ed9runner\u5bb9\u5668\uff0c\u76f8\u5f53\u4e8e\u7ed9\u51fa\u4e86\u6700\u9ad8docker\u6743\u9650\uff0c\u5b89\u5168\u6027\u4e5f\u662f\u5927\u95ee\u9898\u3002\u53e6\u5916\u5982\u679c\u9700\u8981\u521b\u5efa\u76f8\u540c\u540d\u5b57\u7684docker\u5bb9\u5668\uff0c\u4f1a\u4ea7\u751f\u51b2\u7a81\u3002\u540c\u6837\u7684\u4e5f\u65e0\u6cd5\u5728K8S\u5e73\u53f0\u4e2d\u8fd0\u884c\u3002 \u90a3\u8fd8\u6709\u4ec0\u4e48\u529e\u6cd5\u5417\uff1f \u6709\u3002Google\u53d1\u5e03\u7684Kaniko \u89e3\u51b3\u4e86\u7279\u6743\u6a21\u5f0f\u7684\u95ee\u9898\uff0c\u6784\u5efa\u955c\u50cf\u65f6\u4e0d\u518d\u4f9d\u8d56DockerDeamon\u3002 Kaniko\u662f\u4e00\u4e2aGoogle\u5f00\u6e90\u7684\u65b9\u4fbf\u6211\u4eec\u5728k8s\u4e2d\u4f7f\u7528dockfile\u6784\u5efa\u955c\u50cf\u7684\u5de5\u5177\u3002\u5b83\u4e0d\u4f9d\u8d56docker daemon\u8fdb\u7a0b\uff0c\u5e76\u5b8c\u5168\u5728\u7528\u6237\u7a7a\u95f4\u6267\u884cdockfile\u6587\u4ef6\u7684\u6bcf\u4e00\u6761\u547d\u4ee4\u3002\u8fd9\u6837\u6211\u4eec\u5c31\u53ef\u4ee5\u5728\u4e00\u4e9b\u6ca1\u6cd5\u83b7\u53d6docker daemon\u8fdb\u7a0b\u7684\u73af\u5883\u4e0b\u4e5f\u53ef\u4ee5\u6784\u5efa\u955c\u50cf\u3002\u6bd4\u5982\u5728K8S\u4e0a\u3002 kaniko\u4f1a\u5148\u63d0\u53d6\u57fa\u7840\u955c\u50cf\u7684\u6587\u4ef6\u7cfb\u7edf\uff0c\u7136\u540e\u6839\u636eDockerfile\u4e2d\u7684\u63cf\u8ff0\uff0c\u4e00\u6761\u6761\u6267\u884c\u547d\u4ee4\uff0c\u6bcf\u4e00\u6761\u547d\u4ee4\u6267\u884c\u5b8c\u4e4b\u540e\u90fd\u4f1a\u5728\u7528\u6237\u7a7a\u95f4\u521b\u5efa\u4e00\u4e2asnapshot\uff0c\u5e76\u4e8e\u5b58\u50a8\u5728\u5185\u5b58\u4e2d\u7684\u4e0a\u4e00\u4e2a\u72b6\u6001\u505a\u5bf9\u6bd4\uff0c\u82e5\u6709\u53d8\u5316\uff0c\u5c06\u65b0\u7684\u4fee\u6539\u751f\u6210\u4e00\u4e2a\u955c\u50cf\u5c42\u6dfb\u52a0\u5728\u57fa\u7840\u955c\u50cf\u4e0a\u9762\uff0c\u5e76\u5c06\u76f8\u5173\u4fee\u6539\u4fe1\u606f\u5199\u5165\u5230\u955c\u50cf\u5143\u6570\u636e\u4e2d\uff0c\u7b49\u5168\u90e8\u547d\u4ee4\u6267\u884c\u5b8c\uff0cKaniko\u4f1a\u5c06\u6700\u7ec8\u955c\u50cf\u63a8\u9001\u5230\u6307\u5b9a\u7684\u8fdc\u7aef\u955c\u50cf\u4ed3\u5e93\u3002 Kaniko\u7684\u4ee3\u7801\u548c\u5b98\u65b9\u7ad9\u70b9 Kaniko\u7684\u4ee3\u7801\u5728github\u4e2d\u6709\uff0c\u4ee3\u7801deploy\u76ee\u5f55\u6709Dockerfile\uff0c\u53ef\u4ee5\u81ea\u884c\u6784\u5efa https:\/\/github.com\/GoogleContainerTools\/kaniko \u5982\u679c\u4e0d\u60f3\u6784\u5efa\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528 gcr.io\/kaniko-project\/executor:debug \u5728GitlabCI\u4e2d\u4f7f\u7528Kaniko .gitlab-ci.yml\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\uff0c \u6ce8\u610f\u8fd9\u91cc\u8bbe\u7f6e\u4e86\u4e00\u4e2aDOCKERCONFIG\u53d8\u91cf\uff0c\u7528\u6765\u5b58\u50a8\u955c\u50cf\u4ed3\u5e93\u7684\u8ba4\u8bc1\u6570\u636e\u3002 # DodD\u6a21\u5f0f dockerbuild: stage: dockerbuild image: docker:stable before_script: – docker info script: – docker login -u xxx -p xxx reg.ipcpu.com – docker build -t reg.ipcpu.com\/test\/gohelloworld:${CI_PIPELINE_ID}-${CI_COMMIT_SHORT_SHA} […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,13],"tags":[234,233,68,173],"_links":{"self":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/1611"}],"collection":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/comments?post=1611"}],"version-history":[{"count":1,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/1611\/revisions"}],"predecessor-version":[{"id":1612,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/1611\/revisions\/1612"}],"wp:attachment":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/media?parent=1611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/categories?post=1611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/tags?post=1611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}