buildx 多平台构建

buildx 多平台构建

概要

  1. 升级内核最新版[忽略]
  2. 安装Docker 19.03+[忽略]
  3. 启用buildx插件
  4. 启用binfmt_misc
  5. 准备配置文件
  6. 使用构建器,推送镜像到harbor仓库
  7. 验证
  8. 参考链接

1. 升级内核最新版

# 下载文件, 如果下载失败自己去官方下载
mkdir  /root/software && cd /root/software
wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm
wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm

# 复制文件到其他节点
for i in k8s-master02 k8s-master03 k8s-node01 k8s-node02 k8s-node03;do scp kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm $i:/root/software ; done

# 所有节点安装新版本内核,所有节点更改内核启动顺序
cd /root/software && yum localinstall -y kernel-ml*
grub2-set-default  0 && grub2-mkconfig -o /etc/grub2.cfg
grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"

# 检查内核版本
grubby --default-kernel

# 重启所有节点,查看内核
uname -a

2. 安装Docker 19.03+

# yum安装
yum install docker-ce-20.10.* docker-ce-cli-20.10.* -y

# 创建文件夹
mkdir /etc/docker

#修改docker配置
cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

# 开机自启
systemctl daemon-reload && systemctl enable --now docker

3. 启用buildx插件

# 设置环境环境变量
export DOCKER_CLI_EXPERIMENTAL=enabled

# 修改配置文件
# 第二行,开启experimental功能
# 第一行harbor仓库地址, 第三行 网络加速器
cat  /etc/docker/daemon.json
{
   "insecure-registries":["192.168.180.103:9999"],
   "experimental": true,
   "registry-mirrors":["https://reg-mirror.qiniu.com/"]
}

# 验证是否开启
docker buildx version 

# 重启docker
systemctl   restart  docker

4. 启用binfmt_misc

# 安装依赖
yum install qemu-user -y

# docker安装binfmt_misc
docker run --privileged --rm tonistiigi/binfmt --install all

# 验证1
🐳 → ls -al /proc/sys/fs/binfmt_misc/
总用量 0
总用量 0
-rw-r--r-- 1 root root 0 11月 18 00:12 qemu-aarch64
-rw-r--r-- 1 root root 0 11月 18 00:12 qemu-arm
-rw-r--r-- 1 root root 0 11月 18 00:12 qemu-ppc64le
-rw-r--r-- 1 root root 0 11月 18 00:12 qemu-s390x
--w------- 1 root root 0 11月 18 00:09 register
-rw-r--r-- 1 root root 0 11月 18 00:12 status

# 验证2
🐳 → cat /proc/sys/fs/binfmt_misc/qemu-aarch64
enabled
interpreter /usr/bin/qemu-aarch64
flags: OCF
offset 0
magic 7f454c460201010000000000000000000200b7
mask ffffffffffffff00fffffffffffffffffeffff

5. 准备配置文件

#准备好这三个文件, 如果你是java 或是 前端代码,请替换成自己dockerfile 和代码文件
mkdir /opt/go
cd /opt/go

# 准备好下面的三个配置文件
#[root@k8s-node01 go]# ls
# buildkitd.toml  Dockerfile  hello.go


# *可忽略* buildx完整配置, 更具自己需求截取配置

debug = true
# root is where all buildkit state is stored.
root = "/var/lib/buildkit"
# insecure-entitlements allows insecure entitlements, disabled by default.
insecure-entitlements = [ "network.host", "security.insecure" ]

[grpc]
  address = [ "tcp://0.0.0.0:1234" ]
  # debugAddress is address for attaching go profiles and debuggers.
  debugAddress = "0.0.0.0:6060"
  uid = 0
  gid = 0
  [grpc.tls]
    cert = "/etc/buildkit/tls.crt"
    key = "/etc/buildkit/tls.key"
    ca = "/etc/buildkit/tlsca.crt"

[worker.oci]
  enabled = true
  # platforms is manually configure platforms, detected automatically if unset.
  platforms = [ "linux/amd64", "linux/arm64" ]
  snapshotter = "auto" # overlayfs or native, default value is "auto".
  rootless = false # see docs/rootless.md for the details on rootless mode.
  # Whether run subprocesses in main pid namespace or not, this is useful for
  # running rootless buildkit inside a container.
  noProcessSandbox = false
  gc = true
  gckeepstorage = 9000
  # alternate OCI worker binary name(example 'crun'), by default either 
  # buildkit-runc or runc binary is used
  binary = ""
  # name of the apparmor profile that should be used to constrain build containers.
  # the profile should already be loaded (by a higher level system) before creating a worker.
  apparmor-profile = ""
  # limit the number of parallel build steps that can run at the same time
  max-parallelism = 4

  [worker.oci.labels]
    "foo" = "bar"

  [[worker.oci.gcpolicy]]
    keepBytes = 512000000
    keepDuration = 172800
    filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"]
  [[worker.oci.gcpolicy]]
    all = true
    keepBytes = 1024000000

[worker.containerd]
  address = "/run/containerd/containerd.sock"
  enabled = true
  platforms = [ "linux/amd64", "linux/arm64" ]
  namespace = "buildkit"
  gc = true
  # gckeepstorage sets storage limit for default gc profile, in MB.
  gckeepstorage = 9000
  [worker.containerd.labels]
    "foo" = "bar"

  [[worker.containerd.gcpolicy]]
    keepBytes = 512000000
    keepDuration = 172800 # in seconds
    filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"]
  [[worker.containerd.gcpolicy]]
    all = true
    keepBytes = 1024000000

# registry configures a new Docker register used for cache import or output.
[registry."docker.io"]
  mirrors = ["yourmirror.local:5000"]
  http = true
  insecure = true
  ca=["/etc/config/myca.pem"]
  [[registry."docker.io".keypair]]
    key="/etc/config/key.pem"
    cert="/etc/config/cert.pem"
    
# optionally mirror configuration can be done by defining it as a registry.
[registry."yourmirror.local:5000"]
  http = true


# buildx简化配置,此次用的是这个
debug = true
[registry."192.168.180.103:9999"] # 填写你的私有仓库地址,默认使用http
  http = true

FROM golang:alpine AS builder
ENV GO111MODULE auto
RUN mkdir /app
ADD . /app/
WORKDIR /app
RUN go build -o hello .

FROM alpine
RUN mkdir /app
WORKDIR /app
COPY --from=builder /app/hello .
CMD ["./hello"]

package main

import (
        "fmt"
        "runtime"
)

func main() {
        fmt.Printf("Hello, %s!\n", runtime.GOARCH)
}

6. 使用构建器

# 登录你的harbor仓库,验证harbor 是否可以登录
# docker login 192.168.180.103:9999

# 创建构建器, 名字叫mybuilder
docker buildx create   --config  buildkitd.toml  --use --name mybuilder

# 查看构建器
docker buildx ls

# 启动构建器
docker buildx inspect mybuilder --bootstrap

# 打包镜像,在/opt/go 目录下执行, --platform 指定要 构建哪几种架构的镜像
docker buildx build --push --platform linux/arm64,linux/amd64 -t 192.168.180.103:9999/library/hello-buildx:v1 .

# 首先列出每个镜像的 digests
docker buildx imagetools inspect  192.168.180.103:9999/library/hello-buildx:v1

7.0 验证

1. 分别登录x86 arm 服务器
2. docker pull 192.168.180.103:9999/library/hello-buildx:v1
3. 检查镜像是否正确,运行容器 查看内容

8.0 参考链接

https://www.cnblogs.com/ryanyangcs/p/11969039.html
https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
posted @ 2022-09-06 17:31  レモン  阅读(139)  评论(0编辑  收藏  举报
Title