Olá, Habr. Ouvimos muito sobre Kubernetis e Docker agora. Provavelmente, apenas o preguiçoso não sabe sobre eles. Mas existem outras opções para trabalhar com contêineres. Aqui está a tradução de um artigo de um entusiasta que decidiu explorar ferramentas semelhantes.
Quero falar sobre como criar contêineres sem usar o Docker. Vou usar o OpenFaaS , que usa imagens de contêiner OCI para minhas cargas de trabalho. Podemos dizer que OpenFaaS é uma plataforma CaaS para Kubernetes capaz de executar microsserviços e adicionar FaaS e ferramentas de gerenciamento de eventos gratuitamente. Começaremos mostrando como usar o buildkit integrado para Docker CLI e, em seguida, descreveremos o buildkit independente (somente Linux) e, em seguida, o construtor de contêiner do Google, Kaniko .
O que há de errado com o Docker?
Sim, tudo é assim com ele. Funciona bem em armhf, arm64 e x86_64. A interface de linha de comando principal do Docker foi muito mais do que apenas construir / empurrar / executar, agora vem com Docker Swarm e recursos EE.
Alternativas Docker
Houve várias tentativas de trazer Docker de volta à aparência familiar pela qual todos nos apaixonamos.
Docker - o próprio Docker agora usa containerd para executar contêineres e suporta builds de buildkit para criar builds de caching altamente eficientes.
img — buildkit. . 2018 , . , img buildctr, buildkit, , img x86_64 armhf/arm64.
k3c — Rancher, containerd buildkit , Docker. ARM.
k3c, , , containerd buildkit.
, «build» , :
buildkit Docker
buildkit
Kaniko
( ) , OpenFaaS CLI « »,
HTTP Golang middleware, , , OpenFaaS.
faas-cli template store pull golang-middleware
faas-cli new --lang golang-middleware \
build-test --prefix=alexellis2--lang
build-test —
--prefix Docker Hub, OCI.
:
./
├── build-test
│ └── handler.go
└── build-test.yml
1 directory, 2 files, . Go.
package function
import (
"fmt"
"io/ioutil"
"net/http"
)
func Handle(w http.ResponseWriter, r *http.Request) {
var input []byte
if r.Body != nil {
defer r.Body.Close()
body, _ := ioutil.ReadAll(r.Body)
input = body
}
w.WriteHeader(http.StatusOK)
w.Write([]byte(fmt.Sprintf("Hello world, input was: %s", string(input))))
}:
faas-cli build -f build-test.yml
Dockerfile
./template/golang-middleware/Dockerfile
:
FROM openfaas/of-watchdog:0.7.3 as watchdog
FROM golang:1.13-alpine3.11 as build
FROM alpine:3.12 . , . faas-cli push -f build-test.yml.
Buildkit Docker
, .
DOCKER_BUILDKIT=1 faas-cli build -f build-test.yml
Docker buildkit. Buildkit :
, — , " " , "sdk" .
buildkit , FROM () .
buildkit , FROM () .
FROM openfaas/of-watchdog:0.7.3 as watchdog
FROM golang:1.13-alpine3.11 as build
FROM alpine:3.11Mac, buildkit Docker, .
Buildkit
Buildkit buildkit Linux, Mac.
faas-cli build docker, — . , , , :
faas-cli build -f build-test.yml --shrinkwrap
[0] > Building build-test.
Clearing temporary build folder: ./build/build-test/
Preparing ./build-test/ ./build/build-test//function
Building: alexellis2/build-test:latest with golang-middleware template. Please wait..
build-test shrink-wrapped to ./build/build-test/
[0] < Building build-test done in 0.00s.
[0] Worker done.
Total build time: 0.00 ./build/build-test/ Dockerfile.
./build/build-test/
├── Dockerfile
├── function
│ └── handler.go
├── go.mod
├── main.go
└── template.yml
1 directory, 5 filesbuildkit.
curl -sSLf https://github.com/moby/buildkit/releases/download/v0.6.3/buildkit-v0.6.3.linux-amd64.tar.gz | sudo tar -xz -C /usr/local/bin/ --strip-components=1, buildkit, armhf arm64, .
buildkit :
sudo buildkitd
WARN[0000] using host network as the default
INFO[0000] found worker "l1ltft74h0ek1718gitwghjxy", labels=map[org.mobyproject.buildkit.worker.executor:oci org.mobyproject.buildkit.worker.hostname:nuc org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/386]
WARN[0000] skipping containerd worker, as "/run/containerd/containerd.sock" does not exist
INFO[0000] found 1 workers, default="l1ltft74h0ek1718gitwghjxy"
WARN[0000] currently, only the default worker can be used.
INFO[0000] running server on /run/buildkit/buildkitd.sock , . buildctl. buildctl — , , , , , tar, .
buildctl build --help
NAME:
buildctl build - build
USAGE:
To build and push an image using Dockerfile:
$ buildctl build --frontend dockerfile.v0 --opt target=foo --opt build-arg:foo=bar --local context=. --local dockerfile=. --output type=image,name=docker.io/username/image,push=true
OPTIONS:
--output value, -o value Define exports for build result, e.g. --output type=image,name=docker.io/username/image,push=true
--progress value Set type of progress (auto, plain, tty). Use plain to show container output (default: "auto")
--trace value Path to trace file. Defaults to no tracing.
--local value Allow build access to the local directory
--frontend value Define frontend used for build
--opt value Define custom options for frontend, e.g. --opt target=foo --opt build-arg:foo=bar
--no-cache Disable cache for all the vertices
--export-cache value Export build cache, e.g. --export-cache type=registry,ref=example.com/foo/bar, or --export-cache type=local,dest=path/to/dir
--import-cache value Import build cache, e.g. --import-cache type=registry,ref=example.com/foo/bar, or --import-cache type=local,src=path/to/dir
--secret value Secret value exposed to the build. Format id=secretname,src=filepath
--allow value Allow extra privileged entitlement, e.g. network.host, security.insecure
--ssh value Allow forwarding SSH agent to the builder. Format default|<id>[=<socket>|<key>[,<key>]] , Docker DOCKER_BUILDKIT :
sudo -E buildctl build --frontend dockerfile.v0 \
--local context=./build/build-test/ \
--local dockerfile=./build/build-test/ \
--output type=image,name=docker.io/alexellis2/build-test:latest,push=true docker login $HOME/.docker/config.json` .
ASCII .
img buildkit
img , , .
, , , . armhf ARM64 .
x86_64 v0.5.7 7 2019, Go 1.11, 1.13 Go :
sudo curl -fSL "https://github.com/genuinetools/img/releases/download/v0.5.7/img-linux-amd64" -o "/usr/local/bin/img" \
&& sudo chmod a+x "/usr/local/bin/img" buildctl:
img build --help
Usage: img build [OPTIONS] PATH
Build an image from a Dockerfile.
Flags:
-b, --backend backend for snapshots ([auto native overlayfs]) (default: auto)
--build-arg Set build-time variables (default: [])
-d, --debug enable debug logging (default: false)
-f, --file Name of the Dockerfile (Default is 'PATH/Dockerfile') (default: <none>)
--label Set metadata for an image (default: [])
--no-cache Do not use cache when building the image (default: false)
--no-console Use non-console progress UI (default: false)
--platform Set platforms for which the image should be built (default: [])
-s, --state directory to hold the global state (default: /home/alex/.local/share/img)
-t, --tag Name and optionally a tag in the 'name:tag' format (default: [])
--target Set the target build stage to build (default: <none>):
sudo img build -f ./build/build-test/Dockerfile -t alexellis2/build-test:latest ./build/build-test/ img . , root-.
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0xe5 pc=0x7f84d067c420]
runtime stack:
runtime.throw(0xfa127f, 0x2a)
/home/travis/.gimme/versions/go1.11.10.linux.amd64/src/runtime/panic.go:608 +0x72
runtime.sigpanic()
/home/travis/.gimme/versions/go1.11.10.linux.amd64/src/runtime/signal_unix.go:374 +0x2f2
goroutine 529 [syscall]:
runtime.cgocall(0xc9d980, 0xc00072d7d8, 0x29)
/home/travis/.gimme/versions/go1.11.10.linux.amd64/src/runtime/cgocall.go:128 +0x5e fp=0xc00072d7a0 sp=0xc00072d768 pc=0x4039ee
os/user._Cfunc_mygetgrgid_r(0x2a, 0xc000232260, 0x7f84a40008c0, 0x400, 0xc0004ba198, 0xc000000000)Kaniko
Kaniko — Google, . .
docker run -v $PWD/build/build-test:/workspace \
-v ~/.docker/config.json:/kaniko/config.json \
--env DOCKER_CONFIG=/kaniko \
gcr.io/kaniko-project/executor:latest \
-d alexellis2/build-test:latest–d, .-vKaniko,config.json.
Kaniko , , Kaniko one-shot , , Buildkit.
— . Docker , . , . , Docker, , IP-.
buildkit. .
DOCKER_BUILDKIT=1buildkit. , Docker, CI box runner. Linux, MacOS. , TCP?
. faasd, containerd CNI, Docker Kubernetes.
Kaniko. , Kaniko, - Docker, .
OpenFaaS faas-cli build –shrinkwrap . OpenFaaS:
OpenFaaS CI/CD shrinkwrap buildkit. Docker Docker buildkit.
faasd containerd docker, buildkit.
Não tocamos em uma das partes importantes do fluxo de trabalho - implantação. Qualquer contêiner OCI pode ser implantado no plano de controle OpenFaaS no topo do Kubernetes, desde que atenda à definição de uma carga de trabalho sem servidor .