哈Ha 我们现在听到很多有关Kubernetis和Docker的信息。可能只有懒惰的人不了解它们。但是还有其他使用容器的选项。这是一位决定探索类似工具的发烧友的文章翻译。
我想谈谈如何在不使用Docker的情况下创建容器。我将使用OpenFaaS,它将OCI容器映像用于我的工作负载。我们可以说OpenFaaS是Kubernetes的CaaS平台,它能够运行微服务并免费添加FaaS和事件管理工具。我们将首先向您展示如何使用Docker CLI的内置buildkit,然后描述独立的buildkit (仅限Linux),然后介绍Google容器 构建器Kaniko。
Docker怎么了?
是的,一切都和他在一起。它在armhf,arm64和x86_64上运行良好。Docker命令行的主要界面已不仅仅是构建/推送/运行,它还具有Docker Swarm和EE功能。
Docker替代品
已经进行了几次尝试,将Docker带回到我们都爱上的熟悉外观。
Podman和buildah的结合是RedHat / IBM的创意,它们使用自己的OSS工具集来生成OCI图像。推销Podman时没有守护程序或root,但最终必须挂载覆盖文件系统并使用UNIX套接字。
邮袋-阿里巴巴提供的工具被认为是“高效企业级容器引擎”。它使用与Docker相同的容器化方式,并通过runc和“轻量级虚拟机”(如runV)支持容器级隔离。还更加强调图像分布和隔离。
img — buildkit. . 2018 , . , img buildctr, buildkit, , img x86_64 armhf/arm64.
k3c — Rancher, containerd buildkit , Docker. ARM.
k3c, , , containerd buildkit.
, «build» , :
buildkit Docker
buildkit
Kaniko
( ) , OpenFaaS CLI « »,
HTTP Golang middleware, , , OpenFaaS.
faas-cli template store pull golang-middleware
faas-cli new --lang golang-middleware \
build-test --prefix=alexellis2--lang
build-test —
--prefix Docker Hub, OCI.
:
./
├── build-test
│ └── handler.go
└── build-test.yml
1 directory, 2 files, . Go.
package function
import (
"fmt"
"io/ioutil"
"net/http"
)
func Handle(w http.ResponseWriter, r *http.Request) {
var input []byte
if r.Body != nil {
defer r.Body.Close()
body, _ := ioutil.ReadAll(r.Body)
input = body
}
w.WriteHeader(http.StatusOK)
w.Write([]byte(fmt.Sprintf("Hello world, input was: %s", string(input))))
}:
faas-cli build -f build-test.yml
Dockerfile
./template/golang-middleware/Dockerfile
:
FROM openfaas/of-watchdog:0.7.3 as watchdog
FROM golang:1.13-alpine3.11 as build
FROM alpine:3.12 . , . faas-cli push -f build-test.yml.
Buildkit Docker
, .
DOCKER_BUILDKIT=1 faas-cli build -f build-test.yml
Docker buildkit. Buildkit :
, — , " " , "sdk" .
buildkit , FROM () .
buildkit , FROM () .
FROM openfaas/of-watchdog:0.7.3 as watchdog
FROM golang:1.13-alpine3.11 as build
FROM alpine:3.11Mac, buildkit Docker, .
Buildkit
Buildkit buildkit Linux, Mac.
faas-cli build docker, — . , , , :
faas-cli build -f build-test.yml --shrinkwrap
[0] > Building build-test.
Clearing temporary build folder: ./build/build-test/
Preparing ./build-test/ ./build/build-test//function
Building: alexellis2/build-test:latest with golang-middleware template. Please wait..
build-test shrink-wrapped to ./build/build-test/
[0] < Building build-test done in 0.00s.
[0] Worker done.
Total build time: 0.00 ./build/build-test/ Dockerfile.
./build/build-test/
├── Dockerfile
├── function
│ └── handler.go
├── go.mod
├── main.go
└── template.yml
1 directory, 5 filesbuildkit.
curl -sSLf https://github.com/moby/buildkit/releases/download/v0.6.3/buildkit-v0.6.3.linux-amd64.tar.gz | sudo tar -xz -C /usr/local/bin/ --strip-components=1, buildkit, armhf arm64, .
buildkit :
sudo buildkitd
WARN[0000] using host network as the default
INFO[0000] found worker "l1ltft74h0ek1718gitwghjxy", labels=map[org.mobyproject.buildkit.worker.executor:oci org.mobyproject.buildkit.worker.hostname:nuc org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/386]
WARN[0000] skipping containerd worker, as "/run/containerd/containerd.sock" does not exist
INFO[0000] found 1 workers, default="l1ltft74h0ek1718gitwghjxy"
WARN[0000] currently, only the default worker can be used.
INFO[0000] running server on /run/buildkit/buildkitd.sock , . buildctl. buildctl — , , , , , tar, .
buildctl build --help
NAME:
buildctl build - build
USAGE:
To build and push an image using Dockerfile:
$ buildctl build --frontend dockerfile.v0 --opt target=foo --opt build-arg:foo=bar --local context=. --local dockerfile=. --output type=image,name=docker.io/username/image,push=true
OPTIONS:
--output value, -o value Define exports for build result, e.g. --output type=image,name=docker.io/username/image,push=true
--progress value Set type of progress (auto, plain, tty). Use plain to show container output (default: "auto")
--trace value Path to trace file. Defaults to no tracing.
--local value Allow build access to the local directory
--frontend value Define frontend used for build
--opt value Define custom options for frontend, e.g. --opt target=foo --opt build-arg:foo=bar
--no-cache Disable cache for all the vertices
--export-cache value Export build cache, e.g. --export-cache type=registry,ref=example.com/foo/bar, or --export-cache type=local,dest=path/to/dir
--import-cache value Import build cache, e.g. --import-cache type=registry,ref=example.com/foo/bar, or --import-cache type=local,src=path/to/dir
--secret value Secret value exposed to the build. Format id=secretname,src=filepath
--allow value Allow extra privileged entitlement, e.g. network.host, security.insecure
--ssh value Allow forwarding SSH agent to the builder. Format default|<id>[=<socket>|<key>[,<key>]] , Docker DOCKER_BUILDKIT :
sudo -E buildctl build --frontend dockerfile.v0 \
--local context=./build/build-test/ \
--local dockerfile=./build/build-test/ \
--output type=image,name=docker.io/alexellis2/build-test:latest,push=true docker login $HOME/.docker/config.json` .
ASCII .
img buildkit
img , , .
, , , . armhf ARM64 .
x86_64 v0.5.7 7 2019, Go 1.11, 1.13 Go :
sudo curl -fSL "https://github.com/genuinetools/img/releases/download/v0.5.7/img-linux-amd64" -o "/usr/local/bin/img" \
&& sudo chmod a+x "/usr/local/bin/img" buildctl:
img build --help
Usage: img build [OPTIONS] PATH
Build an image from a Dockerfile.
Flags:
-b, --backend backend for snapshots ([auto native overlayfs]) (default: auto)
--build-arg Set build-time variables (default: [])
-d, --debug enable debug logging (default: false)
-f, --file Name of the Dockerfile (Default is 'PATH/Dockerfile') (default: <none>)
--label Set metadata for an image (default: [])
--no-cache Do not use cache when building the image (default: false)
--no-console Use non-console progress UI (default: false)
--platform Set platforms for which the image should be built (default: [])
-s, --state directory to hold the global state (default: /home/alex/.local/share/img)
-t, --tag Name and optionally a tag in the 'name:tag' format (default: [])
--target Set the target build stage to build (default: <none>):
sudo img build -f ./build/build-test/Dockerfile -t alexellis2/build-test:latest ./build/build-test/ img . , root-.
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0xe5 pc=0x7f84d067c420]
runtime stack:
runtime.throw(0xfa127f, 0x2a)
/home/travis/.gimme/versions/go1.11.10.linux.amd64/src/runtime/panic.go:608 +0x72
runtime.sigpanic()
/home/travis/.gimme/versions/go1.11.10.linux.amd64/src/runtime/signal_unix.go:374 +0x2f2
goroutine 529 [syscall]:
runtime.cgocall(0xc9d980, 0xc00072d7d8, 0x29)
/home/travis/.gimme/versions/go1.11.10.linux.amd64/src/runtime/cgocall.go:128 +0x5e fp=0xc00072d7a0 sp=0xc00072d768 pc=0x4039ee
os/user._Cfunc_mygetgrgid_r(0x2a, 0xc000232260, 0x7f84a40008c0, 0x400, 0xc0004ba198, 0xc000000000)Kaniko
Kaniko — Google, . .
docker run -v $PWD/build/build-test:/workspace \
-v ~/.docker/config.json:/kaniko/config.json \
--env DOCKER_CONFIG=/kaniko \
gcr.io/kaniko-project/executor:latest \
-d alexellis2/build-test:latest–d, .-vKaniko,config.json.
Kaniko , , Kaniko one-shot , , Buildkit.
— . Docker , . , . , Docker, , IP-.
buildkit. .
DOCKER_BUILDKIT=1buildkit. , Docker, CI box runner. Linux, MacOS. , TCP?
. faasd, containerd CNI, Docker Kubernetes.
Kaniko. , Kaniko, - Docker, .
OpenFaaS faas-cli build –shrinkwrap . OpenFaaS:
OpenFaaS CI/CD shrinkwrap buildkit. Docker Docker buildkit.
faasd containerd docker, buildkit.
我们没有涉及工作流的重要部分之一-部署。只要符合无服务器工作负载的定义,任何OCI容器都可以部署在Kubernetes之上的OpenFaaS控制平面中。