我的书签
添加书签
移除书签You can build and push docker/oci images without the need to execute a docker daemon (and requiring privileged containers) thanks to tools like kaniko
and buildah
Using Kaniko
Basic image build
A basic task for building images using kaniko is this. Add --no-push if you don’t want to push the image. This doesn’t take care of registry authentication. See below for an example with registry authentication.
tasks:# kaniko image doesn't have the git command installed- name: checkout coderuntime:containers:- image: alpine/gitsteps:- clone:- save_to_workspace:contents:- source_dir: .dest_dir: .paths:- '**'- name: build docker imageruntime:containers:- image: gcr.io/kaniko-project/executor:debugshell: /busybox/shsteps:- restore_workspace:dest_dir: .#- run: /kaniko/executor --no-push- run: /kaniko/executor --destination registry/imagedepends:- checkout code
With authentication
For more information refer to the kaniko doc. Kaniko document some ways to authenticate to gcr and aws registries and its images already include a credential helper for amazon ecr.
At the end you should create a docker config.json config file with the required auth data:
tasks:# kaniko image doesn't have the git command installed- name: checkout coderuntime:containers:- image: alpine/gitsteps:- clone:- save_to_workspace:contents:- source_dir: .dest_dir: .paths:- '**'- name: build docker imageruntime:containers:- image: gcr.io/kaniko-project/executor:debugenvironment:DOCKERAUTH:from_variable: dockerauthshell: /busybox/shsteps:- restore_workspace:dest_dir: .- run:name: generate docker configcommand: |cat << EOF > /kaniko/.docker/config.json{"auths": {"https://index.docker.io/v1/": { "auth" : "$DOCKERAUTH" }}}EOF- run: /kaniko/executor --destination registry/imagedepends:- checkout code
Using Buildah
TODO
