您当前的位置:首页动态正文

基于nerdctl+buildkitd+containerd实现镜像构建

2023-06-02 00:36:33 博客园
1、容器技术简介

容器技术除了的docker之外,还有coreOS的rkt、google的gvisor、以及docker开源的containerd、redhat的podman、阿⾥的pouch等,为了保证容器⽣态的标准性和健康可持续发展,包括Linux 基⾦会、Docker、微软、红帽、⾕歌和IBM等公司在2015年6⽉共同成⽴了⼀个叫open container(OCI)的组织,其⽬的就是制定开放的标准的容器规范,⽬前OCI⼀共发布了两个规范,分别是runtime spec和image format spec,有了这两个规范,不同的容器公司开发的容器只要兼容这两个规范,就可以保证容器的可移植性和相互可操作性。containerd官网:https://containerd.io/gvisor官网:https://gvisor.dev/podman官网:https://podman.iopouch项目地址:https://github.com/alibaba/pouchbuildkit: 从Docker公司的开源出来的⼀个镜像构建⼯具包,⽀持OCI标准的镜像构建,项目地址https://github.com/moby/buildkit

2、buildkitd组成部分

buildkitd(服务端),⽬前⽀持runc和containerd作为镜像构建环境,默认是runc,可以更换为containerd。buildctl(客户端),负责解析Dockerfile⽂件,并向服务端buildkitd发出构建请求。

3、部署buildkitd3.1、下载二进制包
wget https://github.com/moby/buildkit/releases/download/v0.11.6/buildkit-v0.11.6.linux-amd64.tar.gz

解压压缩包,将二进制文件软连接至path环境变量


(资料图片仅供参考)

root@k8s-master01:/usr/local/src# lsbuildkit-v0.11.6.linux-amd64.tar.gzroot@k8s-master01:/usr/local/src# tar xf buildkit-v0.11.6.linux-amd64.tar.gz root@k8s-master01:/usr/local/src# lsbin  buildkit-v0.11.6.linux-amd64.tar.gzroot@k8s-master01:/usr/local/src# cd binroot@k8s-master01:/usr/local/src/bin# lsbuildctl               buildkit-qemu-arm   buildkit-qemu-mips64    buildkit-qemu-ppc64le  buildkit-qemu-s390x  buildkitdbuildkit-qemu-aarch64  buildkit-qemu-i386  buildkit-qemu-mips64el  buildkit-qemu-riscv64  buildkit-runcroot@k8s-master01:/usr/local/src/bin# ln -s /usr/local/src/bin/* /usr/local/bin/root@k8s-master01:/usr/local/src/bin# buildctl --helpNAME:   buildctl - build utilityUSAGE:   buildctl [global options] command [command options] [arguments...]VERSION:   v0.11.6COMMANDS:   du        disk usage   prune     clean up build cache   build, b  build   debug     debug utilities   help, h   Shows a list of commands or help for one commandGLOBAL OPTIONS:   --debug                enable debug output in logs   --addr value           buildkitd address (default: "unix:///run/buildkit/buildkitd.sock")   --tlsservername value  buildkitd server name for certificate validation   --tlscacert value      CA certificate for validation   --tlscert value        client certificate   --tlskey value         client key   --tlsdir value         directory containing CA certificate, client certificate, and client key   --timeout value        timeout backend connection after value seconds (default: 5)   --help, -h             show help   --version, -v          print the versionroot@k8s-master01:/usr/local/src/bin#

能够正常在bash中执行buildkit --help ,表示对应命令已经正常软连接至path环境中。

3.2、提供buildkit.socket文件
root@k8s-master01:/usr/local/src/bin# cat /lib/systemd/system/buildkit.socket[Unit]Description=BuildKitDocumentation=https://github.com/moby/buildkit[Socket]ListenStream=%t/buildkit/buildkitd.sock[Install]WantedBy=sockets.targetroot@k8s-master01:/usr/local/src/bin#
3.3、提供buildkit.service文件
root@k8s-master01:/usr/local/src/bin# cat /lib/systemd/system/buildkitd.service[Unit]Description=BuildKitRequires=buildkit.socketAfter=buildkit.socketDocumentation=https://github.com/moby/buildkit[Service]ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true[Install]WantedBy=multi-user.targetroot@k8s-master01:/usr/local/src/bin#
3.4、启动buildiktd服务
root@k8s-master01:/usr/local/src/bin# systemctl daemon-reloadroot@k8s-master01:/usr/local/src/bin# systemctl enable buildkitdCreated symlink /etc/systemd/system/multi-user.target.wants/buildkitd.service → /lib/systemd/system/buildkitd.service.root@k8s-master01:/usr/local/src/bin# systemctl restart buildkitdroot@k8s-master01:/usr/local/src/bin# systemctl status buildkitd● buildkitd.service - BuildKit     Loaded: loaded (/lib/systemd/system/buildkitd.service; enabled; vendor preset: enabled)     Active: active (running) since Wed 2023-05-31 13:32:38 UTC; 4s ago   Main PID: 12191 (buildkitd)      Tasks: 9 (limit: 4571)     Memory: 7.8M        CPU: 125ms     CGroup: /system.slice/buildkitd.service             └─12191 /usr/local/bin/buildkitd --oci-worker=false --containerd-worker=trueMay 31 13:32:38 k8s-master01.ik8s.cc systemd[1]: Started BuildKit.May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=warning msg="using host network as the default"May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=warning msg="git source cannot be enabled: failed to find git binary: exec: \"git\": executable file not found in $PATH"May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=info msg="found worker \"kffvitvra0b27yi956wa4xcal\", labels=map[org.mobyproject.buildkit.worker.containerd.namespace:buildkit org.mobyproject.buildkit.worker.containerd.uuid:f27e8d21-8b1d-44ac-9233-f55b9b028fc0 org.mobyproject.buildkit.worker.executor:containerd org.mobyproject.buildkit.worker.hostname:k8s-master01.ik8s.cc org.mobyproject.buildkit.worker.network:host org.mobyproject.buildkit.worker.selinux.enabled:false org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/amd64/v2 linux/386]"May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=info msg="found 1 workers, default=\"kffvitvra0b27yi956wa4xcal\""May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=warning msg="currently, only the default worker can be used."May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=info msg="running server on /run/buildkit/buildkitd.sock"root@k8s-master01:/usr/local/src/bin#
4、基于nginx代理⾃签名证书harbor并实现https4.1、将harbor修改为http协议

停止harbor服务

root@harbor:/app/harbor# docker-compose down[+] Running 13/13 ✔ Container notary-server       Removed                                                                                                          0.8s  ✔ Container nginx               Removed                                                                                                          1.7s  ✔ Container harbor-jobservice   Removed                                                                                                          0.7s  ✔ Container trivy-adapter       Removed                                                                                                          0.6s  ✔ Container notary-signer       Removed                                                                                                          0.5s  ✔ Container harbor-portal       Removed                                                                                                          0.3s  ✔ Container harbor-core         Removed                                                                                                          3.5s  ✔ Container harbor-db           Removed                                                                                                          0.7s  ✔ Container registry            Removed                                                                                                          0.5s  ✔ Container redis               Removed                                                                                                          0.5s  ✔ Network harbor_notary-sig     Removed                                                                                                          0.8s  ✔ Network harbor_harbor         Removed                                                                                                          0.2s  ✔ Network harbor_harbor-notary  Removed                                                                                                          0.5s root@harbor:/app/harbor#

修改harbor配置文件,注释https和证书的配置重新prepare

root@harbor:/app/harbor# lsLICENSE  common  common.sh  docker-compose.yml  harbor.v2.8.0.tar.gz  harbor.yml  harbor.yml.tmpl  install.sh  prepareroot@harbor:/app/harbor# ./prepare prepare base dir is set to /app/harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsClearing the configuration file: /config/db/envClearing the configuration file: /config/registry/passwdClearing the configuration file: /config/registry/config.ymlClearing the configuration file: /config/registry/root.crtClearing the configuration file: /config/notary/notary-signer-ca.crtClearing the configuration file: /config/notary/notary-signer.keyClearing the configuration file: /config/notary/server-config.postgres.jsonClearing the configuration file: /config/notary/server_envClearing the configuration file: /config/notary/notary-signer.crtClearing the configuration file: /config/notary/signer_envClearing the configuration file: /config/notary/signer-config.postgres.jsonClearing the configuration file: /config/notary/root.crtClearing the configuration file: /config/trivy-adapter/envClearing the configuration file: /config/core/envClearing the configuration file: /config/core/app.confClearing the configuration file: /config/jobservice/envClearing the configuration file: /config/jobservice/config.ymlClearing the configuration file: /config/registryctl/envClearing the configuration file: /config/registryctl/config.ymlClearing the configuration file: /config/nginx/conf.d/notary.upstream.confClearing the configuration file: /config/nginx/conf.d/notary.server.confClearing the configuration file: /config/nginx/nginx.confClearing the configuration file: /config/log/rsyslog_docker.confClearing the configuration file: /config/log/logrotate.confClearing the configuration file: /config/portal/nginx.confGenerated configuration file: /config/portal/nginx.confGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/registryctl/config.ymlGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlloaded secret from file: /data/secret/keys/secretkeyGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dirroot@harbor:/app/harbor#

启动harbor

root@harbor:/app/harbor# docker-compose up -d[+] Running 10/10 ✔ Network harbor_harbor        Created                                                                                                           0.2s  ✔ Container harbor-log         Started                                                                                                           1.2s  ✔ Container registry           Started                                                                                                           2.5s  ✔ Container harbor-portal      Started                                                                                                           2.7s  ✔ Container registryctl        Started                                                                                                           2.7s  ✔ Container harbor-db          Started                                                                                                           2.7s  ✔ Container redis              Started                                                                                                           2.6s  ✔ Container harbor-core        Started                                                                                                           3.2s  ✔ Container harbor-jobservice  Started                                                                                                           4.2s  ✔ Container nginx              Started                                                                                                           4.3s root@harbor:/app/harbor#

如果你给harbor添加的有service文件,也可以使用systemctl stop/start harbor来停止/启动harbor

验证harbor是否可以正常登录?

4.2、nginx实现harbor的反向代理4.2.1、nginx安装及配置
root@k8s-deploy:~# cd /usr/local/src/root@k8s-deploy:/usr/local/src# wget https://nginx.org/download/nginx-1.22.0.tar.gz--2023-05-31 13:59:55--  https://nginx.org/download/nginx-1.22.0.tar.gzResolving nginx.org (nginx.org)... 52.58.199.22, 3.125.197.172, 2a05:d014:edb:5704::6, ...Connecting to nginx.org (nginx.org)|52.58.199.22|:443... connected.HTTP request sent, awaiting response... 200 OKLength: 1073322 (1.0M) [application/octet-stream]Saving to: ‘nginx-1.22.0.tar.gz’nginx-1.22.0.tar.gz                        100%[=======================================================================================>]   1.02M  37.8KB/s    in 27s     2023-05-31 14:00:23 (38.9 KB/s) - ‘nginx-1.22.0.tar.gz’ saved [1073322/1073322]root@k8s-deploy:/usr/local/src# tar xf nginx-1.22.0.tar.gz root@k8s-deploy:/usr/local/src# cd nginx-1.22.0root@k8s-deploy:/usr/local/src/nginx-1.22.0# ./configure --prefix=/apps/nginx \> --with-http_ssl_module \> --with-http_v2_module \> --with-http_realip_module \> --with-http_stub_status_module \> --with-http_gzip_static_module \> --with-pcre \> --with-stream \> --with-stream_ssl_module \> --with-stream_realip_module

上述报错没有找到http模块依赖的PCRE库

解决办法:安装libpcre3 libpcre3-dev

root@k8s-deploy:/usr/local/src/nginx-1.22.0# apt install libpcre3 libpcre3-dev -y

安装上述依赖后,重新configure

上述报错没有找到ssl模块依赖的openssl库

解决办法:安装openssl libssl-dev

root@k8s-deploy:/usr/local/src/nginx-1.22.0# apt install openssl libssl-dev -y

执行上述./configure 没有报错,并且能够看到上述截图,表示编译环境通过检查,可以进行下一步编译和安装

编译安装nginx

root@k8s-deploy:/usr/local/src/nginx-1.22.0# make && make install

创建证书⽬录,并生成私钥,证书

4.2.1.1、创建证书⽬录,并生成ca私钥
root@k8s-deploy:/apps/nginx/sbin# mkdir /apps/nginx/certsroot@k8s-deploy:/apps/nginx/sbin# cd /apps/nginx/certsroot@k8s-deploy:/apps/nginx/certs# openssl genrsa -out ca.key 4096
4.2.1.2、用ca私钥生成ca自签名证书
root@k8s-deploy:/apps/nginx/certs# openssl req -x509 -new -nodes -sha512 -days 3650 \>  -subj "/C=CN/ST=Beijing/L=Beijing/O=Personal-CA/OU=Personal/CN=CA.com" \>  -key ca.key \>  -out ca.crtroot@k8s-deploy:/apps/nginx/certs# lsca.crt  ca.keyroot@k8s-deploy:/apps/nginx/certs#
4.2.1.3、生成harbor服务器私钥
root@k8s-deploy:/apps/nginx/certs# openssl genrsa -out magedu.net.key 4096root@k8s-deploy:/apps/nginx/certs# lsca.crt  ca.key  magedu.net.keyroot@k8s-deploy:/apps/nginx/certs#
4.2.1.4、用harbor服务器私钥生成生成证书签名请求csr文件
root@k8s-deploy:/apps/nginx/certs# openssl req -sha512 -new \>     -subj "/C=CN/ST=Beijing/L=Beijing/O=test/OU=Personal/CN=magedu.net" \>     -key magedu.net.key \>     -out magedu.net.csrroot@k8s-deploy:/apps/nginx/certs# lsca.crt  ca.key  magedu.net.csr  magedu.net.keyroot@k8s-deploy:/apps/nginx/certs#
4.2.1.5、使用ca证书和私钥为harbor服务器签发证书
root@k8s-deploy:/apps/nginx/certs# openssl x509 -req -sha512 -days 3650 \>     -CA ca.crt -CAkey ca.key -CAcreateserial \>     -in magedu.net.csr \>     -out magedu.net.crtCertificate request self-signature oksubject=C = CN, ST = Beijing, L = Beijing, O = test, OU = Personal, CN = magedu.netroot@k8s-deploy:/apps/nginx/certs# lsca.crt  ca.key  magedu.net.crt  magedu.net.csr  magedu.net.keyroot@k8s-deploy:/apps/nginx/certs#

编辑nginx配置文件,配置证书和反向代理harbor

root@k8s-deploy:/apps/nginx/certs# cat /apps/nginx/conf/nginx.confworker_processes  1;events {    worker_connections  1024;}http {    client_max_body_size 1000m;    server {        listen       80;        listen       443 ssl;        ssl_certificate /apps/nginx/certs/magedu.net.crt;        ssl_certificate_key /apps/nginx/certs/magedu.net.key;        ssl_session_cache shared:sslcache:20m;        ssl_session_timeout 10m;        location / {                if ($scheme = http ){                        rewrite / https://harbor.magedu.net permanent;                }                proxy_pass http://192.168.0.42;        }    }}root@k8s-deploy:/apps/nginx/certs#

检查nginx配置文件语法

root@k8s-deploy:/apps/nginx/certs# cd ..root@k8s-deploy:/apps/nginx# /apps/nginx/sbin/nginx -tnginx: the configuration file /apps/nginx/conf/nginx.conf syntax is oknginx: configuration file /apps/nginx/conf/nginx.conf test is successfulroot@k8s-deploy:/apps/nginx#

启动nginx

root@k8s-deploy:/apps/nginx# /apps/nginx/sbin/nginxroot@k8s-deploy:/apps/nginx# ss -tnlState            Recv-Q            Send-Q                       Local Address:Port                       Peer Address:Port           Process           LISTEN           0                 511                                0.0.0.0:80                              0.0.0.0:*                                LISTEN           0                 4096                         127.0.0.53%lo:53                              0.0.0.0:*                                LISTEN           0                 128                                0.0.0.0:22                              0.0.0.0:*                                LISTEN           0                 511                                0.0.0.0:443                             0.0.0.0:*                                root@k8s-deploy:/apps/nginx#
4.2.2、浏览器访问测试nginx 看看是否反向代理给harbor?是否为https?

查看证书信息

4.2.3、buildkitd配置⽂件
root@k8s-master01:/usr/local/src/bin# cat /etc/buildkit/buildkitd.toml[registry."harbor.magedu.net"]  http = true  insecure = trueroot@k8s-master01:
4.2.4、nerdctl配置⽂件
root@k8s-master01:/usr/local/src/bin# cat /etc/nerdctl/nerdctl.toml namespace = "k8s.io"debug = falsedebug_full = falseinsecure_registry = trueroot@k8s-master01:/usr/local/src/bin#
5、测试镜像构建5.1、nerdctl常⽤命令5.1.1 给nerdctl添加命令补全
root@k8s-master01:~# echo "source <(nerdctl completion bash)" >> /etc/profileroot@k8s-master01:~# cat /etc/profile# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).if [ "${PS1-}" ]; then  if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then    # The file bash.bashrc already sets the default PS1.    # PS1="\h:\w\$ "    if [ -f /etc/bash.bashrc ]; then      . /etc/bash.bashrc    fi  else    if [ "$(id -u)" -eq 0 ]; then      PS1="# "    else      PS1="$ "    fi  fifiif [ -d /etc/profile.d ]; then  for i in /etc/profile.d/*.sh; do    if [ -r $i ]; then      . $i    fi  done  unset ifisource <(nerdctl completion bash)root@k8s-master01:~# source /etc/profile
5.1.2、登录harbor仓库
root@k8s-master01:~# nerdctl login harbor.magedu.net                             Enter Username: adminEnter Password: WARN[0005] skipping verifying HTTPS certs for "harbor.magedu.net" WARNING: Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeededroot@k8s-master01:~# nerdctl login --insecure-registry https://harbor.magedu.net WARN[0000] skipping verifying HTTPS certs for "harbor.magedu.net" WARNING: Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeededroot@k8s-master01:~#

自签名证书一般通过--insecure-registry 选项来指定该仓库是一个不安全的仓库

5.2、自签名harbor证书分发5.2.1、创建证书⽬录
root@k8s-master01:~# mkdir -pv /etc/containerd/certs.d/harbor.magedu.netmkdir: created directory "/etc/containerd/certs.d"mkdir: created directory "/etc/containerd/certs.d/harbor.magedu.net"root@k8s-master01:~#
5.2.2、证书格式转换
root@k8s-deploy:~# cd /apps/nginx/certs/root@k8s-deploy:/apps/nginx/certs# openssl x509 -inform PEM -in magedu.net.crt -out magedu.net.certroot@k8s-deploy:/apps/nginx/certs#
5.2.3、开始分发证书至镜像构建服务器
root@k8s-deploy:/apps/nginx/certs# scp ca.crt magedu.net.cert magedu.net.key 192.168.0.31:/etc/containerd/certs.d/harbor.magedu.net/ca.crt                                                                                                               100% 2041     1.5MB/s   00:00    magedu.net.cert                                                                                                      100% 1915     1.6MB/s   00:00    magedu.net.key                                                                                                       100% 3272     2.9MB/s   00:00    root@k8s-deploy:/apps/nginx/certs#
5.2.4、镜像构建服务器上验证证书
root@k8s-master01:~# cd /etc/containerd/certs.d/harbor.magedu.netroot@k8s-master01:/etc/containerd/certs.d/harbor.magedu.net# lltotal 20drwxr-xr-x 2 root root 4096 May 31 17:49 ./drwxr-xr-x 3 root root 4096 May 31 17:44 ../-rw-r--r-- 1 root root 2041 May 31 17:49 ca.crt-rw-r--r-- 1 root root 1915 May 31 17:49 magedu.net.cert-rw------- 1 root root 3272 May 31 17:49 magedu.net.keyroot@k8s-master01:/etc/containerd/certs.d/harbor.magedu.net#
5.2.5、删除原有登录信息,重新登录harbor
root@k8s-master01:~# rm -rf .docker/config.json root@k8s-master01:~# nerdctl login harbor.magedu.netEnter Username: adminEnter Password: WARN[0005] skipping verifying HTTPS certs for "harbor.magedu.net" WARNING: Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeededroot@k8s-master01:~#
5.3、镜像构建
root@k8s-master01:~/ubuntu# lltotal 1120drwxr-xr-x  3 root root    4096 May 31 18:40 ./drwx------ 11 root root    4096 May 31 18:40 ../-rw-r--r--  1 root root     846 May 31 18:39 Dockerfile-rw-r--r--  1 root root     266 May 31 18:40 build-command.sh-rw-r--r--  1 root root   38751 Aug  5  2022 frontend.tar.gzdrwxr-xr-x  3 root root    4096 May 31 18:37 html/-rw-r--r--  1 root root 1073322 May 24  2022 nginx-1.22.0.tar.gz-rw-r--r--  1 root root    2812 Oct  3  2020 nginx.conf-rw-r--r--  1 root root    1139 Aug  5  2022 sources.listroot@k8s-master01:~/ubuntu# cat Dockerfile FROM ubuntu:22.04ADD sources.list /etc/apt/sources.listRUN apt update && apt  install -y iproute2  ntpdate  tcpdump telnet traceroute nfs-kernel-server nfs-common  lrzsz tree  openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute  gcc openssh-server lrzsz tree  openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute iotop unzip zip makeADD nginx-1.22.0.tar.gz /usr/local/src/RUN cd /usr/local/src/nginx-1.22.0 && ./configure --prefix=/apps/nginx && make && make install  && ln -sv /apps/nginx/sbin/nginx /usr/binRUN groupadd  -g 2088 nginx && useradd  -g nginx -s /usr/sbin/nologin -u 2088 nginx && chown -R nginx.nginx /apps/nginxADD nginx.conf /apps/nginx/conf/ADD frontend.tar.gz /apps/nginx/html/EXPOSE 80 443#ENTRYPOINT ["nginx"]CMD ["nginx","-g","daemon off;"]root@k8s-master01:~/ubuntu# cat build-command.sh #!/bin/bash#docker build -t harbor.magedu.net/myserver/nginx:v1 .#docker push harbor.magedu.net/myserver/nginx:v1/usr/local/bin/nerdctl build -t harbor.magedu.net/magedu/nginx-base:1.22.0 ./usr/local/bin/nerdctl push harbor.magedu.net/magedu/nginx-base:1.22.0root@k8s-master01:~/ubuntu#
5.4、通过脚本⾃动构建并把镜像上传到镜像仓库
root@k8s-master01:~/ubuntu# bash build-command.sh
5.5、验证镜像是否上传到harbor仓库?6、基于⾃定义镜像创建测试容器6.1、nerdctl命令
root@k8s-node01:~# nerdctl run -d -p 80:80 harbor.magedu.net/magedu/nginx-base:1.22.0WARN[0000] skipping verifying HTTPS certs for "harbor.magedu.net" harbor.magedu.net/magedu/nginx-base:1.22.0:                                       resolved       |++++++++++++++++++++++++++++++++++++++| manifest-sha256:61c8355a7eabb8d24f31c8a48edb230d7709b455128a580e180a1a2f4188571c: done           |++++++++++++++++++++++++++++++++++++++| config-sha256:6c030d3d7f76a61e2bc706d98cdfa55b80f7a6d8491b85ede84d0dbb2c706a74:   done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:4da3a93ac27213414b4de065a2603d7acbec5bd63d6198a62ad732fa7ac6afa0:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:26039d49560ee304c7a41e00617e216bedb7e9c6b74263db5afe68a23425f286:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:61967fbfff474bb397fbc7752b2097a1211fd9e22c85ce679d2b80c29477ca8d:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:4179b69841babb645626f43f9f4eb8bf4fc9be92ef9819ea8d9335408178a497:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:9e0da806173e5c7f5188ed9222e6caf214b43f6e0ed1f961ed8261cb4fbf9429:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:1739bcae88003d009cb72941ca5085074a0d1257c971a3838e0d6402f010b38e:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:f8a2ffd8882321b57192cce8fcaebab3657bb30e073e4f21eee91b3f44488809:    done           |++++++++++++++++++++++++++++++++++++++| elapsed: 18.6s                                                                    total:  149.3  (8.0 MiB/s)                                       af08bef4d635f3f888c87120cc830b37e3f53121012ad59500a30c20ac065319root@k8s-node01:~#

访问容器

关键词:

上一篇:环球关注:面瘫是什么原因引起的能恢复吗_面瘫是什么原因引起的
下一篇:最后一页

“如果发现本网站发布的资讯影响到您的版权,可以联系本站!同时欢迎来本站投稿!

动态

关注