大背景
在 k8s 1.24,Dockershim 组件正式从 kubelet 中移除,默认将无法直接使用 Docker Engine 作为容器运行时,而直接使用 containerd 作为容器运行时。
虽然 containerd 自带的 crictl 和 ctr 命令能够进行一些简单的管理,但是并不好用,比如说不支持build镜像。因此使用nerdctl + buildkitd来管理。
Nerdclt 兼容原来 docker 的大部分命令,还实现了很多 docker 不具备的功能,例如延迟拉取镜像(lazy-pulling),镜像加密(imgcrypt)等。
BuildKit 是由 Docker 公司开发的 下一代 docker build 工具,具有更高效、更安全、易于扩展等特点。BuildKit 是由 buildkitd 守护程序和 buildctl 客户端组成
buildkitd组成部分:
buildkitd(服务端),目前支持runc和containerd作为镜像构建环境,默认是runc,可以更换为containerd.
buildctl(客户端),负责解析Dockerfile文件,并向服务端buildkitd发出构建请求
部署实施
#https://github.com/moby/buildkit/releases/download/v0.12.4/buildkit-v0.12.4.linux-amd64.tar.gz
buildkit-v0.12.4.linux-amd64.tar.gz
#压缩包解压到指定目录
tar zxvf buildkit-v0.12.4.linux-amd64.tar.gz -C /usr/local/bin/
mv /usr/local/bin/bin/buildctl /usr/local/bin/bin/buildkitd /usr/local/bin/
#buildkit.socket
vim buildkit.socket
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Socket]
ListenStream=%t/buildkit/buildkitd.sock
SocketMode=0660
[Install]
WantedBy=sockets.target
#buildkit.service
vim buildkit.service
[Unit]
Description=BuildKit
Requires=buildkit.socket
After=buildkit.socket
Documentation=https://github.com/moby/buildkit
[Service]
Type=notify
ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
[Install]
WantedBy=multi-user.target
#查看状态 running server on /run/buildkit/buildkitd.sock
[root@k8s-master01 system]# systemctl status buildkit
● buildkit.service - BuildKit
Loaded: loaded (/usr/lib/systemd/system/buildkit.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2023-12-27 00:16:50 CST; 9s ago
Docs: https://github.com/moby/buildkit
Main PID: 107883 (buildkitd)
Tasks: 9
Memory: 11.9M
CGroup: /system.slice/buildkit.service
└─107883 /usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
Dec 27 00:16:50 k8s-master01 systemd[1]: Starting BuildKit...
Dec 27 00:16:50 k8s-master01 buildkitd[107883]: time="2023-12-27T00:16:50+08:00" level=warning msg="using host network as the default"
Dec 27 00:16:50 k8s-master01 buildkitd[107883]: time="2023-12-27T00:16:50+08:00" level=info msg="found worker \"52i3oze9jfqdrt6wpwzz2jt53\", labels=map[org.mobyproject.buildkit.worker.containerd.namespace:buildkit org.mobyproject.buildkit.worker.containerd.uuid:4ff5b650-6c09-4bf2-94f3-8f81a18fb999 org.mobyproject.buildkit.worker.executor:c
Dec 27 00:16:50 k8s-master01 buildkitd[107883]: time="2023-12-27T00:16:50+08:00" level=info msg="found 1 workers, default=\"52i3oze9jfqdrt6wpwzz2jt53\""
Dec 27 00:16:50 k8s-master01 buildkitd[107883]: time="2023-12-27T00:16:50+08:00" level=warning msg="currently, only the default worker can be used."
Dec 27 00:16:50 k8s-master01 buildkitd[107883]: time="2023-12-27T00:16:50+08:00" level=info msg="running server on /run/buildkit/buildkitd.sock"
Dec 27 00:16:50 k8s-master01 systemd[1]: Started BuildKit.
部署nerdctl
#https://github.com/containerd/nerdctl/releases/download/v1.7.2/nerdctl-1.7.2-linux-amd64.tar.gz
tar zxvf nerdctl-1.7.2-linux-amd64.tar.gz
cp nerdctl /usr/local/bin/
nerdctl pull nginx
浙公网安备 33010602011771号