Kaniko Build image in k8s

# Kaniko Build image in k8s ## 安裝 skopeo 與產生 registry 憑證 * 在 sles15-sp5 安裝 skopeo ``` $ sudo zypper in skopeo $ skopeo -v skopeo version 1.12.0 ``` * 透過 skopeo 登入 docker hub 並產生 registry 憑證 ``` $ sudo skopeo login docker.io Username: taiwanese Password: Login Succeeded! ``` ``` $ sudo cat /run/containers/0/auth.json { "auths": { "docker.io": { "auth": "ZGFmdV90ZWFjaGVyCg==" } } ``` * 複製 auth.json 到家目錄並變更擁有者 ``` $ sudo cp /run/containers/0/auth.json ~; sudo chown rancher:users ~/auth.json ``` * 修改 auth.json 的 docker 位置 ``` $ vim auth.json { "auths": { "https://index.docker.io/v1/": { "auth": "ZGFmdV90ZWFjaGVyCg==" } } } ``` ## 建立 secret ``` $ kubectl create ns kaniko ``` * 注意自己存放 auth.json 的家目錄位置 ``` $ kubectl -n kaniko create secret generic dockerhub-registry \ --from-file=.dockerconfigjson=/home/rancher/auth.json \ --type=kubernetes.io/dockerconfigjson ``` ``` $ kubectl -n kaniko get secret NAME TYPE DATA AGE dockerhub-registry kubernetes.io/dockerconfigjson 1 19s ``` ## 建立 kaniko * 到 w1 建立目錄與 Dockerfile * Dockerfile 放在 `/data/kaniko/` 目錄區 ``` $ sudo mkdir -p /data/kaniko $ sudo vim /data/kaniko/Dockerfile FROM alpine:latest RUN apk update && apk upgrade && apk add --no-cache nano sudo wget curl \ tree elinks bash shadow procps util-linux coreutils binutils findutils grep && \ wget https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-x86_64 && \ chmod +x busybox-x86_64 && mv busybox-x86_64 bin/busybox1.28 && \ mkdir -p /opt/www && echo "let me go" > /opt/www/index.html CMD ["/bin/bash"] ``` * 開始 build image * 需要宣告 nodeName 與 Dockerfile 存放的位置 ``` $ vim kaniko-pod.yaml apiVersion: v1 kind: Pod metadata: name: kaniko namespace: kaniko spec: nodeName: w1 containers: - name: kaniko image: gcr.io/kaniko-project/executor:latest args: ["--dockerfile=/workspace/Dockerfile", "--context=dir://workspace", "--destination=taiwanese/test:v1"] volumeMounts: - name: kaniko-storage mountPath: /workspace - name: kaniko-secret mountPath: /kaniko/.docker volumes: - name: kaniko-storage hostPath: path: /data/kaniko/ - name: kaniko-secret secret: secretName: dockerhub-registry items: - key: .dockerconfigjson path: config.json $ kubectl apply -f kaniko-pod.yaml ``` * 檢查 log 會有 build image 的完整流程 ``` $ kubectl -n kaniko get po NAME READY STATUS RESTARTS AGE kaniko 0/1 Completed 2 (54s ago) 5m43s $ kubectl -n kaniko logs kaniko -f ...... Saving to: 'busybox-x86_64' 0K .......... .......... .......... .......... .......... 5% 163K 6s 50K .......... .......... .......... .......... .......... 10% 327K 4s 100K .......... .......... .......... .......... .......... 15% 12.2M 3s 150K .......... .......... .......... .......... .......... 20% 335K 2s 200K .......... .......... .......... .......... .......... 25% 12.4M 2s 250K .......... .......... .......... .......... .......... 30% 16.6M 1s 300K .......... .......... .......... .......... .......... 35% 34.0M 1s 350K .......... .......... .......... .......... .......... 40% 331K 1s 400K .......... .......... .......... .......... .......... 46% 15.5M 1s 450K .......... .......... .......... .......... .......... 51% 14.7M 1s 500K .......... .......... .......... .......... .......... 56% 31.1M 1s 550K .......... .......... .......... .......... .......... 61% 31.3M 0s 600K .......... .......... .......... .......... .......... 66% 36.8M 0s 650K .......... .......... .......... .......... .......... 71% 45.1M 0s 700K .......... .......... .......... .......... .......... 76% 365K 0s 750K .......... .......... .......... .......... .......... 81% 10.6M 0s 800K .......... .......... .......... .......... .......... 86% 12.6M 0s 850K .......... .......... .......... .......... .......... 92% 21.1M 0s 900K .......... .......... .......... .......... .......... 97% 41.8M 0s 950K .......... .......... ....... 100% 41.0M=0.9s 2023-11-17 02:59:36 (1.02 MB/s) - 'busybox-x86_64' saved [1001112/1001112] INFO[0015] Taking snapshot of full filesystem... INFO[0017] CMD ["/bin/bash"] INFO[0017] Pushing image to taiwanese/test:v1 INFO[0026] Pushed index.docker.io/taiwanese/test@sha256:bf49d9822f35d2f73ad94d4fdff3f6eb6265aa036ec34a93dd01d285adf0677e ``` * 到自己的 docker hub 檢查 image 已經 push 上去 ![image](https://hackmd.io/_uploads/SJ4uuLEET.png) ### 參考文件 https://www.devopsmadness.com/kaniko_build_docker_images/ https://github.com/GoogleContainerTools/kaniko https://www.geminiopencloud.com/zh-tw/blog/kaniko/ https://github.com/GoogleContainerTools/kaniko/issues/1733