2

有没有人尝试在构建 docker slim 时创建 tekton 任务?

4

1 回答 1

1

事实证明,我们可以重用 tekton 管道存储库中的“dind-sidecar”示例: https ://github.com/tektoncd/pipeline/blob/main/examples/v1alpha1/taskruns/dind-sidecar.yaml

我使用以下方法使其工作:

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: docker-build-dockerslim
spec:
  params:
  - default: docker.io/dslim/docker-slim:latest
    description: The location of the kaniko builder image.
    name: builderimage
    type: string
  - default: docker.io/docker:stable
    description: The location of the Docker builder image.
    name: pushimage
    type: string
  - default: "registry.default.svc.cluster.local:5000"
    description: When using an insecure (for push/pull to a non-TLS registry), we should set its name here. Don't set an empty string, remove option from task or set it to a dummy value if not required.
    name: insecure
    type: string
  - default: docker.io/docker:dind
    description: The location of the Docker in Docker image.
    name: dindimage
    type: string
  - default: Dockerfile
    description: The name of the Dockerfile
    name: dockerfile
    type: string
  - default: .
    description: Parent directory for your Dockerfile.
    name: dockerroot
    type: string
  resources:
    inputs:
    - name: source
      type: git
    outputs:
    - name: image
      type: image
  steps:
  - args:
    - --state-path
    - /dslim-state
    - --in-container
    - build
    - --http-probe=false
    - --dockerfile
    - $(inputs.params.dockerfile)
    - --dockerfile-context
    - $(inputs.params.dockerroot)
    - $(outputs.resources.image.url)
    env:
    - name: DOCKER_HOST
      value: tcp://127.0.0.1:2376
    - name: DOCKER_TLS_VERIFY
      value: '1'
    - name: DOCKER_CERT_PATH
      value: /certs/client
    image: $(inputs.params.builderimage)
    name: build
    resources: {}
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /dslim-state
      name: state
    - mountPath: /certs/client
      name: dind-certs
    workingDir: /workspace/source
  - command:
    - /bin/sh
    - -c
    - |
        SLIM_IMAGE=$(docker images | awk '/docker-slim.*[0-9]*\.slim/{print $1;exit 0;}')
        docker tag "$SLIM_IMAGE" $(outputs.resources.image.url)
        docker push $(outputs.resources.image.url)
    name: push
    image: $(params.pushimage)
    env:
    - name: DOCKER_HOST
      value: tcp://127.0.0.1:2376
    - name: DOCKER_TLS_VERIFY
      value: '1'
    - name: DOCKER_CERT_PATH
      value: /certs/client
    volumeMounts:
    - mountPath: /certs/client
      name: dind-certs
  sidecars:
  - args:
    - --storage-driver=vfs
    - --userland-proxy=false
    - --debug
    - --insecure-registry=$(inputs.params.insecure)
    env:
    - name: DOCKER_TLS_CERTDIR
      value: /certs
    image: $(inputs.params.dindimage)
    name: dind
    readinessProbe:
      periodSeconds: 1
      exec:
        command:
        - ls
        - /certs/client/ca.pem
    resources: {}
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /certs/client
      name: dind-certs
  volumes:
  - name: dind-certs
    emptyDir: {}
  - emptyDir: {}
    name: state

出于某种原因,生成的图像不会以我期望的名称出现。还尝试设置“--target”参数,尽管他们在自述文件中记录的默认“last-arg-is-image-name”行为似乎都不起作用(https://github.com/docker-slim/码头工人苗条)。

但是我确实发现,列出图像,以下内容:

docker-slim-tmp-fat-image.12.20211205135050.slim         latest              0037ff15e1f5        2 seconds ago       13.8MB
docker-slim-empty-image                                  latest              9dfd57fb50a8        35 seconds ago      0B
docker-slim-tmp-fat-image.12.20211205135050              latest              9ad36dd5e3f3        39 seconds ago      211MB
<Dockerfiles-FROM-image>                                 master              f11e63190556        3 months ago        211MB

因此,在我的“docker push”之前,我做了一些“docker images | awk ...”然后是“docker tag xxx.slim the-target-name-I-wanted”。

生成的图像确实更小。我会用其他图像对此进行测试,并确保它不会引入任何回归,......仍然,这很有趣。

于 2021-12-05T14:12:29.947 回答