Kaniko

kaniko在构建镜像时无需特权模式,提供缓存功能,开启缓存--cache=true第一种是Dockerfile中定义的执行命令,每个命令代表一层镜像,他会把这层镜像缓存,如果下次Build时,发现没有改变,就会直接拿缓存层,如果没有指定--cache-repo,则会在构建的Image后追加一个cache,第二种是FROM中的base镜像缓存。

Cache Base Image

因为kaniko并不会挂载docker.sock,所以你在构建镜像时FROM的base镜像如果宿主机上存在,也不会使用,是一个完全隔离的环境,使用warmer缓存镜像
--cache-ttl Cache timeout in hours. Defaults to two weeks.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

apiVersion: v1
kind: Pod
metadata:
  name: kaniko-warmer
spec:
  containers:
  - name: kaniko-warmer
    imagePullPolicy: IfNotPresent
    image: registry.cn-hangzhou.aliyuncs.com/docker-0518/kaniko-warmer:v1.3.0
    args: ["--cache-dir=/cache",
           "--image=alpine:3.8",
           "--image=nginx:1.16.0",
           "--image=tomcat:8.5.23"]
    volumeMounts:
      - name: kaniko-secret
        mountPath: /kaniko/.docker/
      - name: kaniko-cache
        mountPath: /cache
  restartPolicy: Never
  volumes:
    - name: kaniko-secret
      secret:
        secretName: aliyun
    - name: kaniko-cache
      persistentVolumeClaim:
        claimName: kaniko-cache
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: kaniko-cache
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: nfs-client

Create secret

1

kubectl create secret generic aliyun --from-file=/root/.docker/config.json

Build Image

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

apiVersion: v1
kind: Pod
metadata:
  name: kaniko
spec:
  containers:
  - name: kaniko
    image: registry.cn-hangzhou.aliyuncs.com/docker-0518/kaniko-executor:v1.3.0
    imagePullPolicy: IfNotPresent
    args: ["--dockerfile=Dockerfile",
           "--destination=registry.cn-hangzhou.aliyuncs.com/docker-0518/kaniko:v1",
           "--context=workspace",
           "--cache",
           "--cache-dir=/cache",
           "-v=debug"]
    volumeMounts:
      - name: kaniko-secret
        mountPath: /kaniko/.docker/
      - name: kaniko-cache
        mountPath: /cache
      - name: dockerfile
        mountPath: /workspace/
  restartPolicy: Never
  nodeSelector:
    kubernetes.io/hostname: 192.168.22.164
  volumes:
    - name: dockerfile
      hostPath:
        path: /root/docker
    - name: kaniko-secret
      secret:
        secretName: aliyun
    - name: kaniko-cache
      persistentVolumeClaim:
        claimName: kaniko-cache