使用 kaniko 在 K8S 中构建镜像-526互联

背景

现有个需求需要在 K8S 中构建一个新的镜像，之前使用 docker 命令进行构建，后面 K8S 升级，容器运行时换成了 containerd，故查了一下网络，发现 kaniko 比较好用。所以测试记录一下~
项目地址：https://github.com/GoogleContainerTools/kaniko

测试例子一：

mkdir -p /data/yaml/default/kaniko && cd /data/yaml/default/kaniko

# 创建 secret 资源，用于上传镜像
kubectl create secret docker-registry devharbor --docker-server=devharbor.klvchen.com \
--docker-username=admin \
--docker-password=Harbor12345 \
--docker-email=chenwj@klvchen.com

# 创建 pod 资源
cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: kaniko
spec:
  initContainers:
    - name: init-dockerfile
      image: busybox
      command:
        - /bin/sh
      args:
        - -c
        - |
          cat <<EOF > /workspace/dockerfile
          FROM busybox
          CMD while :;do echo $(date);sleep 1 ;done
          EOF
          cat /workspace/dockerfile
      volumeMounts:
        - name: dockerfile-storage
          mountPath: /workspace
  containers:
  - name: kaniko
    image: gcr.io/kaniko-project/executor:latest
    args: ["--dockerfile=/workspace/dockerfile",
           "--context=dir:///workspace",
           "--destination=devharbor.klvchen.com/tmp/mytest:v0.1"] 
    volumeMounts:
      - name: kaniko-secret
        mountPath: /kaniko/.docker
      - name: dockerfile-storage
        mountPath: /workspace
  restartPolicy: Never
  volumes:
    - name: kaniko-secret
      secret:
        secretName: devharbor
        items:
          - key: .dockerconfigjson
            path: config.json
    - name: dockerfile-storage
      emptyDir: {}

kubectl apply -f pod.yaml
# 说明：
# 通过 initContainers 在 dockerfile-storage 中创建一个 dockerfile 与 containers 中进行共享
# --dockerfile=/workspace/dockerfile   用于指定 dockerfile 位置 
# --context=dir:///workspace           用于指定上下文位置，注意这里是 ///
# --destination=devharbor.klvchen.com/tmp/mytest:v0.1     用于指定上传镜像仓库的地址

构建完成后变成 Completed 状态

检查镜像仓库

测试例子二：

cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: kaniko
spec:
  initContainers:
    - name: init-dockerfile
      image: busybox
      command:
        - /bin/sh
      args:
        - -c
        - |
          cat <<EOF > /workspace/requirements.txt
          fastapi==0.95.2
          orjson==3.9.1
          pydantic==1.10.8
          SQLAlchemy==2.0.15
          starlette==0.27.0
          uvicorn==0.22.0
          pymysql==1.0.3
          asgiref==3.7.2
          gurobipy==10.0.3
          EOF
          cat <<EOF > /workspace/dockerfile
          FROM continuumio/miniconda3:23.3.1-0
          WORKDIR /app_alg/
          COPY ./requirements.txt /app_alg/
          RUN pip install -r /app_alg/requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
          EXPOSE 8000
          ENTRYPOINT [ "python", "main.py" ]
          EOF
      volumeMounts:
        - name: dockerfile-storage
          mountPath: /workspace
  containers:
  - name: kaniko
    image: gcr.io/kaniko-project/executor:latest
    args: ["--dockerfile=/workspace/dockerfile",
           "--context=dir:///workspace",
           "--destination=devharbor.klvchen.com/tmp/mytest:v0.4"] 
    volumeMounts:
      - name: kaniko-secret
        mountPath: /kaniko/.docker
      - name: dockerfile-storage
        mountPath: /workspace
  restartPolicy: Never
  volumes:
    - name: kaniko-secret
      secret:
        secretName: devharbor
        items:
          - key: .dockerconfigjson
            path: config.json
    - name: dockerfile-storage
      emptyDir: {}

kubectl apply -f pod.yaml

等等完成后可以看到镜像已经上传成功

因国内无法访问到 gcr.io/kaniko-project/executor:latest 所以做了一个共享，有需要的人可以下载
链接：https://pan.baidu.com/s/1vkzTY7sSc4pVlYdmpvjezA?pwd=z3wp
提取码：z3wp

其他用法参考项目地址