基于nerdctl + buildkitd构建容器镜像,运行tomcat后端服务和nginx前端服务
2024-06-04 08:08:02
目录
简介:
一、部署buildkitd
1、下载二进制包
2、 解压二进制包,并移到全局变量中
3、创建socket文件,service文件
4、启动服务
二、使用nerdctl命令测试镜像构建
1、部署nerdctl客户端工具
2、签发证书,客户端登录harbor
3、 客户端正常登录harbor服务端
三、制作镜像测试
1、构建基础环境镜像
2、修改nerdctl的namespace
3、 安装cni
4、构建服务的基础父镜像centos
5、基于父镜像centos 制作jdk的服务镜像
四、 基于nginx代理harbor并实现https
1、修改harbor配置文件
1.1、停止harbor服务
1.2、修改配置,重启服务
1.3、测试
1.4、nerdctl下载镜像报错
五、解决报错
1、在harbor前端加一个负载均衡
2、 配置buildkitd文件
3、配置nerdctl文件
六、构建镜像
1、构建镜像
2、 上传镜像到harbor
3、再次构建镜像
七、基于基础镜像,制作业务镜像
1、制作业务镜像
2、查看下跟这个dockerfile文件中相关的其它文件
3、构建镜像
4、测试镜像可用性
八、基于业务镜像,运行tomcat后端业务
1、部署tomcat容器
2、查看资源
九、制作nginx前端业务镜像,运行nginx前端服务
1、制作nginx基础镜像
2、构建nginx业务镜像,作为前端的web服务镜像
3、构建业务镜像
4、查看镜像
5、创建nginx前端服务
6、访问测试
简介:
容器技术除了docker之外,还有其它项目比如docker开源的containerd,以及之前coreOs的rkt,redhat的podman等等,包括buildkitd,它也是从docker公司开源出来的构建镜像的工具
为了保证容器生态的标准,众多云厂商成立了个组织叫OCI(open container),目的就是制定开放的标准容器规范,目前发布了两个规范,分别是容器运行时runtime spec和image format spec
因此只要遵循OCI的运行时标准和构建镜像标准,无论使用那种镜像构建工具构建的镜像,都可以运行在各个容器运行时上
docker功能比较强大,直接具备构建镜像的功能,但是buildkitd不能直接构建镜像,需要依赖containerd
buildkitd由两部分组成
1、buildkitd(服务端),目前支持runc和containerd作为镜像构建环境,默认是runc,可调整为containerd
2、kuildctl(客户端),负责解析Dockerfile文件,并向buildkitd发出构建请求
一、部署buildkitd
注:(部署的主机环境要干净,不要同时有docker和containerd两个运行时)
1、下载二进制包
1.1、进入官网GitHub: Let’s build from here · GitHub后搜索buildkit,然后点击moby/buildkit
1.2、点击后进入右边的版本库
1.3、选择一个版本下载amd的二进制包
2、 解压二进制包,并移到全局变量中
下载的二进制包
root@master1:~# ls
buildkit-v0.10.6.linux-amd64.tar.gz snap解压到全局变量路径下
root@master1:~# tar xvf buildkit-v0.10.6.linux-amd64.tar.gz -C /usr/local/bin/
bin/ #二进制文件目录
bin/buildctl
bin/buildkit-qemu-aarch64
bin/buildkit-qemu-arm
bin/buildkit-qemu-i386
bin/buildkit-qemu-mips64
bin/buildkit-qemu-mips64el
bin/buildkit-qemu-ppc64le
bin/buildkit-qemu-riscv64
bin/buildkit-qemu-s390x
bin/buildkit-runc
bin/buildkitd二进制文件在解压的bin目录下
root@master1:~# ls /usr/local/bin/bin/
buildctl buildkit-qemu-aarch64 buildkit-qemu-i386 buildkit-qemu-mips64el buildkit-qemu-riscv64 buildkit-runc
buildkitd buildkit-qemu-arm buildkit-qemu-mips64 buildkit-qemu-ppc64le buildkit-qemu-s390x把bin下的两个命令移到/usr/local/bin下
root@master1:~# mv /usr/local/bin/bin/buildctl /usr/local/bin/buildctlroot@master1:~# mv /usr/local/bin/bin/buildkitd /usr/local/bin/buildkitd查看下两个命令都移动/usr/local/bin下了,可全局执行了
root@master1:~# ls /usr/local/bin/ | grep build
buildctl
buildkitd
3、创建socket文件,service文件
root@master1:~# vim /lib/systemd/system/buildkit.socket
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Socket]
ListenStream=%t/buildkit/buildkitd.sock
[Install]
WantedBy=sockets.targetroot@master1:~# vim /lib/systemd/system/buildkitd.service
[Unit]
Description=BuildKit
Requires=buildkit.socket
After=buildkit.socketDocumentation=https://github.com/moby/buildkit
[Service]
ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
[Install]
WantedBy=multi-user.target注解:ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true buildkitd启动方式直接执行二进制文件,且使用containerd构建镜像
4、启动服务
root@master1:~# systemctl daemon-reload
root@master1:~# systemctl start buildkitd
root@master1:~# systemctl enable buildkitd
root@master1:~# systemctl status buildkitd
二、使用nerdctl命令测试镜像构建
1、部署nerdctl客户端工具
官网 https://github.com/containerd/nerdctl/releases# wget https://github.com/containerd/nerdctl/releases/download/v0.18.0/nerdctl-0.18.0-linux-amd64.tar.gz# tar xvf nerdctl-0.18.0-linux-amd64.tar.gz# cp nerdctl /usr/local/bin/
现在登录harbor服务器会报证书错误
2、签发证书,客户端登录harbor
之前 https://blog.csdn.net/weixin_46476452/article/details/127732870 博客中也部署过签发给docker运行时证书,不过这里是containerd运行时,签发的目录有所不同
1、客户端创建签发证书目录
root@master1:~# mkdir /etc/containerd/certs.d/harbor.magedu.net -p2、harbor服务端进行证书签发(需要提前把crt证书转换成cert格式的证书)
root@harbor:/apps/harbor/certs# openssl x509 -inform PEM -in magedu.net.crt -out magedu.net.cert
root@harbor:/apps/harbor/certs# ls
ca.crt ca.key ca.srl magedu.net.cert magedu.net.crt magedu.net.csr magedu.net.key v3.ext3、把harbor主机的ca公钥,harbor的cert公钥,harbor的私钥拷贝到客户端
root@harbor:/apps/harbor/certs# scp ca.crt magedu.net.cert magedu.net.key master1:/etc/containerd/certs.d/harbor.magedu.net/4、客户端查验
root@master1:~# ls /etc/containerd/certs.d/harbor.magedu.net
ca.crt magedu.net.cert magedu.net.key3、 客户端正常登录harbor服务端
三、制作镜像测试
1、构建基础环境镜像
root@master1:~/ubuntu# vim Dockerfile
FROM ubuntu:22.04
MAINTAINER "zhaoyang 2569220198@qq.com"#ADD sources.list /etc/apt/sources.listRUN apt update && apt install -y iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute gcc openssh-server lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute iotop unzip zip makeADD nginx-1.22.0.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.22.0 && ./configure --prefix=/apps/nginx && make && make install && ln -sv /apps/nginx/sbin/nginx /usr/bin
RUN groupadd -g 2088 nginx && useradd -g nginx -s /usr/sbin/nologin -u 2088 nginx && chown -R nginx.nginx /apps/nginx
ADD nginx.conf /apps/nginx/conf/
ADD frontend.tar.gz /apps/nginx/html/EXPOSE 80 443
#ENTRYPOINT ["nginx"]
CMD ["nginx","-g","daemon off;"]构建镜像
nerdctl build -t harbor.magedu.net/magedu/nginx-base:1.22.0 .上传到harbor
nerdctl push harbor.magedu.net/magedu/nginx-base:1.22.0
2、修改nerdctl的namespace
在没有修改nerdctl的namespce时是看不见k8s的镜像的
创建nerdctl配置文件 root@master1:~# mkdir /etc/nerdctl root@master1:~# vim /etc/nerdctl/nerdctl.toml namespace = "k8s.io" #让nerdctl是使用k8s.io的namespace# k8s默认使用k8s.io namespace, nerdctl默认使用default namspace,因此需要切换至k8s.io的namespace才能显示对方的镜像,tag等修改完nerdctl的namespace后就可以看见k8s的镜像了,说明上面的配置文件生效了
3、 安装cni
官网下载cni https://github.com/containernetworking/plugins/releases
root@master1:~# wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
root@master1:~# mkdir /opt/cni/bin/ -p
root@master1:~# tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
4、构建服务的基础父镜像centos
1、编写dockerfile root@master1:/opt/k8s-data/dockerfile/system/centos# vim Dockerfile #自定义Centos 基础镜像 FROM centos:7.9.2009 MAINTAINER zhaoyang 2569220198@qq.comADD filebeat-7.12.1-x86_64.rpm /tmp RUN yum install -y /tmp/filebeat-7.12.1-x86_64.rpm vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop && rm -rf /etc/localtime /tmp/filebeat-7.12.1-x86_64.rpm && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && useradd nginx -u 20882、构建镜像,上传镜像到harbor root@master1:/opt/k8s-data/dockerfile/system/centos# vim build-command.sh #!/bin/bash /usr/local/bin/nerdctl build -t harbor.magedu.net/baseimages/magedu-centos-base:7.9.2009 . /usr/local/bin/nerdctl push harbor.magedu.net/baseimages/magedu-centos-base:7.9.2009查看harbor仓库
5、基于父镜像centos 制作jdk的服务镜像
查看dockerfile同级所需文件 root@master1:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# lsDockerfile jdk-8u212-linux-x64.tar.gz profileroot@master1:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# cat profile pathmunge () {case ":${PATH}:" in*:"$1":*);;*)if [ "$2" = "after" ] ; thenPATH=$PATH:$1elsePATH=$1:$PATHfiesac }if [ -x /usr/bin/id ]; thenif [ -z "$EUID" ]; then# ksh workaroundEUID=`/usr/bin/id -u`UID=`/usr/bin/id -ru`fiUSER="`/usr/bin/id -un`"LOGNAME=$USERMAIL="/var/spool/mail/$USER" fi# Path manipulation if [ "$EUID" = "0" ]; thenpathmunge /usr/sbinpathmunge /usr/local/sbin elsepathmunge /usr/local/sbin afterpathmunge /usr/sbin after fiHOSTNAME=`/usr/bin/hostname 2>/dev/null` HISTSIZE=1000 if [ "$HISTCONTROL" = "ignorespace" ] ; thenexport HISTCONTROL=ignoreboth elseexport HISTCONTROL=ignoredups fiexport PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL# By default, we want umask to get set. This sets it for login shell # Current threshold for system reserved uid/gids is 200 # You could check uidgid reservation validity in # /usr/share/doc/setup-*/uidgid file if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; thenumask 002 elseumask 022 fifor i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; doif [ -r "$i" ]; thenif [ "${-#*i}" != "$-" ]; then. "$i"else. "$i" >/dev/nullfifi doneunset i unset -f pathmunge export LANG=en_US.UTF-8 export HISTTIMEFORMAT="%F %T `whoami` "export JAVA_HOME=/usr/local/jdk export TOMCAT_HOME=/apps/tomcat export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$TOMCAT_HOME/bin:$PATH export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar1、编写dockerfile文件 root@master1:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# vim Dockerfile FROM harbor.magedu.net/baseimages/magedu-centos-base:7.9.2009MAINTAINER zhaoyang "2569220198@qq.com"ADD jdk-8u212-linux-x64.tar.gz /usr/local/src/ RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk ADD profile /etc/profileENV JAVA_HOME /usr/local/jdk ENV JRE_HOME $JAVA_HOME/jre ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/ ENV PATH $PATH:$JAVA_HOME/bin2、制作镜像,显示报错,报错截图如下 nerdctl build -t harbor.magedu.net/pub-images/jdk-base:v8.212 .
之前配置的证书是给containerd使用的,containerd可以上传下载镜像因此上传下载镜像是ok的;但是使用nerdctl命令build镜像的时候这个证书对nerdctl是无效的
查看containerd运行时的证书,是给containerd使用的,并非给nerdctl使用
nerdctl需要连接到harbor上下镜像的元数据;而如果harbor服务端使用的是https就会报错,而之前配置的harbor就是https的,那么现在可以把证书不放在harbor本地了,而是放到负载均衡器上,用nginx作为代理harbor的负载均衡器;把证书放到nginx上,harbor只需要支持http 80就行了;而nginx同时启动http 80,(用来下载镜像元数据),和https 443(用来推送镜像)
四、 基于nginx代理harbor并实现https
1、修改harbor配置文件
将harbor修改为http协议:
1.1、停止harbor服务
1.2、修改配置,重启服务
2、修改harbor.yaml文件把https的配置全部注释掉 root@harbor:/apps/harbor# vim harbor.yml #https:# https port for harbor, default is 443# port: 443# The path of cert and key files for nginx# certificate: /apps/harbor/certs/magedu.net.crt# private_key: /apps/harbor/certs/magedu.net.key3、重新加载harbor配置 root@harbor:/apps/harbor# ./prepare4、重启服务 root@harbor:/apps/harbor# docker-compose up -d1.3、测试
此时在使用https就访问不了
在windows系统中hosts文件中添加域名ip, 使用域名访问可以进入harbor页面
可以看见是使用http访问
1、
2、
3、
但是k8s之前部署的环境都是走的https协议的harbor,因此现在k8s环境中的node节点是无法下载镜像的
1.4、nerdctl下载镜像报错
下图是node节点使用nerdctl下载镜像报错
五、解决报错
针对上面的问题有两种解决方案:
1、把containerd配置成使用http的下载方式
2、在harbor服务器前端加一个负载均衡器
1、在harbor前端加一个负载均衡
下面配置nginx负载均衡器,把etcd1主机作为nginx负载均衡
1、下载nginx root@etcd1:/usr/local/src# wget https://nginx.org/download/nginx-1.22.0.tar.gz2、解压 root@etcd1:/usr/local/src# tar xvf nginx-1.22.0.tar.gz3、安装pcre,gcc,zlib,g++,openssl依赖 3.1、pcre apt-get install libpcre3 libpcre3-dev3.2、gcc g++ apt-get install build-essential apt-get install libtool apt install gcc3.3、zlib apt-get install zlib1g-dev3.4、openssl apt-get install openssl apt-get install libssl-dev4、编译安装 root@etcd1:/usr/local/src# cd nginx-1.22.0 root@etcd1:/usr/local/src/nginx-1.22.0# ./configure --prefix=/apps/nginx \ > --with-http_ssl_module \ > --with-http_v2_module \ > --with-http_realip_module \ > --with-http_stub_status_module \ > --with-http_gzip_static_module \ > --with-pcre \ > --with-stream \ > --with-stream_ssl_module \ > --with-stream_realip_module5、编译安装 root@etcd1:/usr/local/src/nginx-1.22.0# make && make install安装好nginx,把之前放在harbor上的证书放到nginx上
1、创建一个存放证书的目录 root@etcd1:/usr/local/src/nginx-1.22.0# mkdir /apps/nginx/certs -p2、把harbor服务器上的证书拷贝到nginx上 这里harbor的证书,是在部署harbor的时候签发的,详情可见博客 https://blog.csdn.net/weixin_46476452/article/details/127732870 root@harbor:/apps/harbor/certs# scp magedu.net.crt magedu.net.key etcd1:/apps/nginx/certs3、在nginx主机上查看下拷贝过来的证书文件 root@etcd1:/usr/local/src/nginx-1.22.0# ls /apps/nginx/certs/ magedu.net.crt magedu.net.key4、配置nginx主配置文件,添加如下内容,把证书放到nginx root@etcd1:~# vim /apps/nginx/conf/nginx.conf34 client_max_body_size 2000m; #客户端可以传输的最大文件大小,默认的大小只要几兆,上传下载镜像肯定是不行的,改成2G大小35 server {36 listen 80; #监听8037 listen 443 ssl; #监听44338 server_name harbor.magedu.net; #把harbor服务器的域名加载进来39 ssl_certificate /apps/nginx/certs/magedu.net.crt; #证书路径40 ssl_certificate_key /apps/nginx/certs/magedu.net.key;41 ssl_session_cache shared:sslcache:20m;42 ssl_session_timeout 10m;4344 #charset koi8-r;4546 #access_log logs/host.access.log main;4748 location / {49 #root html; #location这里什么都不做,把这两行注释了50 # index index.html index.htm;51 proxy_pass http://172.31.7.104; #转到harbor服务器的ip上52 }53配置文件截图如下
测试下配置是否有误
启动nginx
root@etcd1:~# /apps/nginx/sbin/nginx root@etcd1:~# ss -tnl | grep 80 LISTEN 0 32768 172.31.7.106:2380 0.0.0.0:* LISTEN 0 511 0.0.0.0:80 0.0.0.0:*把k8s集群环境中各节点的/etc/hosts文件harbor服务器的域名地址换成 nginx服务器地址172.31.7.106
但是节点想要去harbor端下载镜像还需要harbor的证书,因此重新签发证书给各节点,除此之外还有个临时性解决方案,加一个参数--insecure-registry来信任我们自建的仓库
可以下载本地harbor上的镜像
构建镜像的主机进行一些配置
2、 配置buildkitd文件
root@master1:~# mkdir /etc/buildkit/
root@master1:~# vim /etc/buildkit/buildkitd.toml
[registry."harbor.magedu.net"] #对这个仓库使用http,和insecurehttp = trueinsecure = true证书是我们自己签发的不被信任,使用https不被信任,所以使用http3、配置nerdctl文件
root@master1:~# cat /etc/nerdctl/nerdctl.toml
namespace = "k8s.io"
# k8s默认使用k8s.io namespace, nerdctl默认使用default namspace,因此需要切换至k8s.io的namespace才能显示对方的镜像,tag等
debug = false
debug_full = ture
insecure_registry = true重启服务
root@master1:~# systemctl restart buildkitd.service六、构建镜像
之前构建jdk镜像失败,现在可以正常构建了,以后上传下载镜像就通过负载均衡nginx了
查看下dockerfile
root@master1:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# lsDockerfile jdk-8u212-linux-x64.tar.gz profile root@master1:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# cat Dockerfile FROM harbor.magedu.net/baseimages/magedu-centos-base:7.9.2009MAINTAINER zhaoyang "2569220198@qq.com"ADD jdk-8u212-linux-x64.tar.gz /usr/local/src/ RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk ADD profile /etc/profileENV JAVA_HOME /usr/local/jdk ENV JRE_HOME $JAVA_HOME/jre ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/ ENV PATH $PATH:$JAVA_HOME/bin查看下profile文件内容 root@master1:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# cat profile pathmunge () {case ":${PATH}:" in*:"$1":*);;*)if [ "$2" = "after" ] ; thenPATH=$PATH:$1elsePATH=$1:$PATHfiesac }if [ -x /usr/bin/id ]; thenif [ -z "$EUID" ]; then# ksh workaroundEUID=`/usr/bin/id -u`UID=`/usr/bin/id -ru`fiUSER="`/usr/bin/id -un`"LOGNAME=$USERMAIL="/var/spool/mail/$USER" fi# Path manipulation if [ "$EUID" = "0" ]; thenpathmunge /usr/sbinpathmunge /usr/local/sbin elsepathmunge /usr/local/sbin afterpathmunge /usr/sbin after fiHOSTNAME=`/usr/bin/hostname 2>/dev/null` HISTSIZE=1000 if [ "$HISTCONTROL" = "ignorespace" ] ; thenexport HISTCONTROL=ignoreboth elseexport HISTCONTROL=ignoredups fiexport PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL# By default, we want umask to get set. This sets it for login shell # Current threshold for system reserved uid/gids is 200 # You could check uidgid reservation validity in # /usr/share/doc/setup-*/uidgid file if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; thenumask 002 elseumask 022 fifor i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; doif [ -r "$i" ]; thenif [ "${-#*i}" != "$-" ]; then. "$i"else. "$i" >/dev/nullfifi doneunset i unset -f pathmunge export LANG=en_US.UTF-8 export HISTTIMEFORMAT="%F %T `whoami` "export JAVA_HOME=/usr/local/jdk export TOMCAT_HOME=/apps/tomcat export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$TOMCAT_HOME/bin:$PATH export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar1、构建镜像
# nerdctl build -t harbor.magedu.net/pub-images/jdk-base:v8.212 .
2、 上传镜像到harbor
# nerdctl push harbor.magedu.net/pub-images/jdk-base:v8.212
因为前面的配置文件中/etc/nerdctl/nerdctl.toml开启了debug, 所以会输出很多信息,可以看见下面两个存放证书路径,现在可以把debug配置关闭了不需要回显过多的内容了,不然image查看镜像都会有很多debug信息
因此把证书拷贝到这个/etc/containerd/certs.d默认路径下就可以访问harbor了,就不需要使用加一个参数--insecure-registry的方式来访问了
3、再次构建镜像
基于刚刚打的jdk父镜像,二次制作tomcat镜像
root@master1:/opt/k8s-data/dockerfile/web/pub-images/tomcat-base-8.5.43# ls apache-tomcat-8.5.43.tar.gz build-command.sh Dockerfile1、查看dockerfile root@master1:/opt/k8s-data/dockerfile/web/pub-images/tomcat-base-8.5.43# cat Dockerfile #Tomcat 8.5.43基础镜像 FROM harbor.magedu.net/pub-images/jdk-base:v8.212MAINTAINER zhaoyang "2569220198@qq.com"RUN mkdir /apps /data/tomcat/webapps /data/tomcat/logs -pv ADD apache-tomcat-8.5.43.tar.gz /apps RUN useradd tomcat -u 2050 && ln -sv /apps/apache-tomcat-8.5.43 /apps/tomcat && chown -R tomcat.tomcat /apps /data -R root@master1:/opt/k8s-data/dockerfile/web/pub-images/tomcat-base-8.5.43#2、查看build脚本 root@master1:/opt/k8s-data/dockerfile/web/pub-images/tomcat-base-8.5.43# cat build-command.sh #!/bin/bash nerdctl build -t harbor.magedu.net/pub-images/tomcat-base:v8.5.43 .nerdctl push harbor.magedu.net/pub-images/tomcat-base:v8.5.433、执行build脚本,打镜像并上传至harbor服务器上传的过程中显示443连不上,这个没关系,可以直接访问80端口,通过负载均衡器上传下载镜像
镜像已经构建成功,并且上传到了harbor了
下面进入tomcat容器检查下java环境是否正常
上面的镜像制作过程通过Dockerfile看出,基于magedu-centos-base:7.9.2009基础镜像构建出jdk-base:v8.212镜像,最后又基于dk-base:v8.212构建出tomcat-base:v8.5.43镜像
七、基于基础镜像,制作业务镜像
1、制作业务镜像
查看dockerfile同级所需文件
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# ls
app1.tar.gz catalina.sh filebeat-7.5.1-x86_64.rpm index.html run_tomcat.sh
build-command.sh Dockerfile myapp server.xml把所有脚本加上执行权限
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# chmod a+x *.sh这里的dockerfile文件是基于刚才的tomcat-base:v8.5.43镜像
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# cat Dockerfile
FROM harbor.magedu.net/pub-images/tomcat-base:v8.5.43
ADD catalina.sh /apps/tomcat/bin/catalina.sh
ADD server.xml /apps/tomcat/conf/server.xml #通过server.xml指定tomcat webapps的目录
ADD app1.tar.gz /data/tomcat/webapps/myapp/ #把代码文件压缩包打进容器目录,这个目录是在server.xml中指定的
ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh
RUN chown -R nginx.nginx /data/ /apps/EXPOSE 8080 8443CMD ["/apps/tomcat/bin/run_tomcat.sh"]
2、查看下跟这个dockerfile文件中相关的其它文件
代码文件,是以压缩包的形式存在的然后直接在dockerfile中用add把压缩包直接打进容器的访问目录下自动解压,而如果代码文件是放在目录下,那么客户端访问这个代码时也需要加上这个目录
看下代码目录下的存放代码的index.html文件
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# ls myapp/
app1.tar.gz index.html删除文件
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# rm -rf myapp/*重新把代码文件的压缩包解压
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# tar xvf app1.tar.gz -C myapp/root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# ls myapp/
index.html
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# cat index.html
tomcat app1 for linux n70现在演示重新制作这个代码文件的压缩包
1、先看下现在是已经有了这个代码文件的压缩包app1.tar.gz了
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# ls
app1.tar.gz catalina.sh filebeat-7.5.1-x86_64.rpm index.html run_tomcat.sh
build-command.sh Dockerfile filebeat.yml myapp server.xml2、把app1.tar.gz包删除
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# rm -rf app1.tar.gz3、重新制作代码文件压缩包app1.tar.gz
进入存放代码文件的目录/myapp
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# cd myapp/
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1/myapp# ls
index.html查看代码文件内容
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1/myapp# cat index.html
tomcat app1 for linux n70把代码文件进行打包,再次命名为app1.tar.gz,(因为dockerfile文件中已经定义了这个名字)
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1/myapp# tar czf app1.tar.gz把代码文件压缩包拷贝到与dockerfile文件同一级目录下
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1/myapp# cd ..
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# ls | grep app1.tar.gz
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# mv myapp/app1.tar.gz .
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# ls | grep app1.tar.gz
app1.tar.gz
通过server.xml文件来指定,server.xml是tomcat主配置文件
看下service.xml内容
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# cat server.xml
<?xml version='1.0' encoding='utf-8'?>
<!--Licensed to the Apache Software Foundation (ASF) under one or morecontributor license agreements. See the NOTICE file distributed withthis work for additional information regarding copyright ownership.The ASF licenses this file to You under the Apache License, Version 2.0(the "License"); you may not use this file except in compliance withthe License. You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may notdefine subcomponents such as "Valves" at this level.Documentation at /docs/config/server.html-->
<Server port="8005" shutdown="SHUTDOWN"><Listener className="org.apache.catalina.startup.VersionLoggerListener" /><!-- Security listener. Documentation at /docs/config/listeners.html<Listener className="org.apache.catalina.security.SecurityListener" />--><!--APR library loader. Documentation at /docs/apr.html --><Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /><!-- Prevent memory leaks due to use of particular java/javax APIs--><Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /><Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /><Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /><!-- Global JNDI resourcesDocumentation at /docs/jndi-resources-howto.html--><GlobalNamingResources><!-- Editable user database that can also be used byUserDatabaseRealm to authenticate users--><Resource name="UserDatabase" auth="Container"type="org.apache.catalina.UserDatabase"description="User database that can be updated and saved"factory="org.apache.catalina.users.MemoryUserDatabaseFactory"pathname="conf/tomcat-users.xml" /></GlobalNamingResources><!-- A "Service" is a collection of one or more "Connectors" that sharea single "Container" Note: A "Service" is not itself a "Container",so you may not define subcomponents such as "Valves" at this level.Documentation at /docs/config/service.html--><Service name="Catalina"><!--The connectors can use a shared executor, you can define one or more named thread pools--><!--<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"maxThreads="150" minSpareThreads="4"/>--><!-- A "Connector" represents an endpoint by which requests are receivedand responses are returned. Documentation at :Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)Java AJP Connector: /docs/config/ajp.htmlAPR (HTTP/AJP) Connector: /docs/apr.htmlDefine a non-SSL/TLS HTTP/1.1 Connector on port 8080--><Connector port="8080" protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" /><!-- A "Connector" using the shared thread pool--><!--<Connector executor="tomcatThreadPool"port="8080" protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" />--><!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443This connector uses the NIO implementation that requires the JSSEstyle configuration. When using the APR/native implementation, theOpenSSL style configuration is required as described in the APR/nativedocumentation --><!--<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"maxThreads="150" SSLEnabled="true" scheme="https" secure="true"clientAuth="false" sslProtocol="TLS" />--><!-- Define an AJP 1.3 Connector on port 8009 --><Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /><!-- An Engine represents the entry point (within Catalina) that processesevery request. The Engine implementation for Tomcat stand aloneanalyzes the HTTP headers included with the request, and passes themon to the appropriate Host (virtual host).Documentation at /docs/config/engine.html --><!-- You should set jvmRoute to support load-balancing via AJP ie :<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">--><Engine name="Catalina" defaultHost="localhost"><!--For clustering, please take a look at documentation at:/docs/cluster-howto.html (simple how to)/docs/config/cluster.html (reference documentation) --><!--<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>--><!-- Use the LockOutRealm to prevent attempts to guess user passwordsvia a brute-force attack --><Realm className="org.apache.catalina.realm.LockOutRealm"><!-- This Realm uses the UserDatabase configured in the global JNDIresources under the key "UserDatabase". Any editsthat are performed against this UserDatabase are immediatelyavailable for use by the Realm. --><Realm className="org.apache.catalina.realm.UserDatabaseRealm"resourceName="UserDatabase"/></Realm><Host name="localhost" appBase="/data/tomcat/webapps" unpackWARs="false" autoDeploy="false">
#appBase路径指向了/data/tomcat/webapps,这个目录在上一次打tomcat镜像时候已经打好了<!-- SingleSignOn valve, share authentication between web applicationsDocumentation at: /docs/config/valve.html --><!--<Valve className="org.apache.catalina.authenticator.SingleSignOn" />--><!-- Access log processes all example.Documentation at: /docs/config/valve.htmlNote: The pattern used is equivalent to using pattern="common" --><Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"prefix="localhost_access_log" suffix=".txt"pattern="%h %l %u %t "%r" %s %b" /></Host></Engine></Service>
</Server>
catalina.sh是tomcat的启动脚本
看下catalina.sh内容
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# cat catalina.sh
#!/bin/sh# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.# -----------------------------------------------------------------------------
# Control Script for the CATALINA Server
#
# Environment Variable Prerequisites
#
# Do not set the variables in this script. Instead put them into a script
# setenv.sh in CATALINA_BASE/bin to keep your customizations separate.
#
# CATALINA_HOME May point at your Catalina "build" directory.
#
# CATALINA_BASE (Optional) Base directory for resolving dynamic portions
# of a Catalina installation. If not present, resolves to
# the same directory that CATALINA_HOME points to.
#
# CATALINA_OUT (Optional) Full path to a file where stdout and stderr
# will be redirected.
# Default is $CATALINA_BASE/logs/catalina.out
#
# CATALINA_OPTS (Optional) Java runtime options used when the "start",
# "run" or "debug" command is executed.
# Include here and not in JAVA_OPTS all options, that should
# only be used by Tomcat itself, not by the stop process,
# the version command etc.
# Examples are heap size, GC logging, JMX ports etc.
#
# CATALINA_TMPDIR (Optional) Directory path location of temporary directory
# the JVM should use (java.io.tmpdir). Defaults to
# $CATALINA_BASE/temp.
#
# JAVA_HOME Must point at your Java Development Kit installation.
# Required to run the with the "debug" argument.
#
# JRE_HOME Must point at your Java Runtime installation.
# Defaults to JAVA_HOME if empty. If JRE_HOME and JAVA_HOME
# are both set, JRE_HOME is used.
#
# JAVA_OPTS (Optional) Java runtime options used when any command
# is executed.
# Include here and not in CATALINA_OPTS all options, that
# should be used by Tomcat and also by the stop process,
# the version command etc.
# Most options should go into CATALINA_OPTS.
#
# JAVA_ENDORSED_DIRS (Optional) Lists of of colon separated directories
# containing some jars in order to allow replacement of APIs
# created outside of the JCP (i.e. DOM and SAX from W3C).
# It can also be used to update the XML parser implementation.
# Note that Java 9 no longer supports this feature.
# Defaults to $CATALINA_HOME/endorsed.
#
# JPDA_TRANSPORT (Optional) JPDA transport used when the "jpda start"
# command is executed. The default is "dt_socket".
#
# JPDA_ADDRESS (Optional) Java runtime options used when the "jpda start"
# command is executed. The default is localhost:8000.
#
# JPDA_SUSPEND (Optional) Java runtime options used when the "jpda start"
# command is executed. Specifies whether JVM should suspend
# execution immediately after startup. Default is "n".
#
# JPDA_OPTS (Optional) Java runtime options used when the "jpda start"
# command is executed. If used, JPDA_TRANSPORT, JPDA_ADDRESS,
# and JPDA_SUSPEND are ignored. Thus, all required jpda
# options MUST be specified. The default is:
#
# -agentlib:jdwp=transport=$JPDA_TRANSPORT,
# address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND
#
# JSSE_OPTS (Optional) Java runtime options used to control the TLS
# implementation when JSSE is used. Default is:
# "-Djdk.tls.ephemeralDHKeySize=2048"
#
# CATALINA_PID (Optional) Path of the file which should contains the pid
# of the catalina startup java process, when start (fork) is
# used
#
# LOGGING_CONFIG (Optional) Override Tomcat's logging config file
# Example (all one line)
# LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties"
#
# LOGGING_MANAGER (Optional) Override Tomcat's logging manager
# Example (all one line)
# LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
#
# USE_NOHUP (Optional) If set to the string true the start command will
# use nohup so that the Tomcat process will ignore any hangup
# signals. Default is "false" unless running on HP-UX in which
# case the default is "true"
# -----------------------------------------------------------------------------JAVA_OPTS="-server -Xms1g -Xmx1g -Xss512k -Xmn1g -XX:CMSInitiatingOccupancyFraction=65 -XX:+UseFastAccessorMethods -XX:+AggressiveOpts -XX:+UseBiasedLocking -XX:+DisableExplicitGC -XX:MaxTenuringThreshold=10 -XX:NewSize=2048M -XX:MaxNewSize=2048M -XX:NewRatio=2 -XX:PermSize=128m -XX:MaxPermSize=512m -XX:CMSFullGCsBeforeCompaction=5 -XX:+ExplicitGCInvokesConcurrent -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled"# OS specific support. $var _must_ be set to either true or false.
cygwin=false
darwin=false
os400=false
hpux=false
case "`uname`" in
CYGWIN*) cygwin=true;;
Darwin*) darwin=true;;
OS400*) os400=true;;
HP-UX*) hpux=true;;
esac# resolve links - $0 may be a softlink
PRG="$0"while [ -h "$PRG" ]; dols=`ls -ld "$PRG"`link=`expr "$ls" : '.*-> \(.*\)$'`if expr "$link" : '/.*' > /dev/null; thenPRG="$link"elsePRG=`dirname "$PRG"`/"$link"fi
done# Get standard environment variables
PRGDIR=`dirname "$PRG"`# Only set CATALINA_HOME if not already set
[ -z "$CATALINA_HOME" ] && CATALINA_HOME=`cd "$PRGDIR/.." >/dev/null; pwd`# Copy CATALINA_BASE from CATALINA_HOME if not already set
[ -z "$CATALINA_BASE" ] && CATALINA_BASE="$CATALINA_HOME"# Ensure that any user defined CLASSPATH variables are not used on startup,
# but allow them to be specified in setenv.sh, in rare case when it is needed.
CLASSPATH=if [ -r "$CATALINA_BASE/bin/setenv.sh" ]; then. "$CATALINA_BASE/bin/setenv.sh"
elif [ -r "$CATALINA_HOME/bin/setenv.sh" ]; then. "$CATALINA_HOME/bin/setenv.sh"
fi# For Cygwin, ensure paths are in UNIX format before anything is touched
if $cygwin; then[ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`[ -n "$JRE_HOME" ] && JRE_HOME=`cygpath --unix "$JRE_HOME"`[ -n "$CATALINA_HOME" ] && CATALINA_HOME=`cygpath --unix "$CATALINA_HOME"`[ -n "$CATALINA_BASE" ] && CATALINA_BASE=`cygpath --unix "$CATALINA_BASE"`[ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
fi# Ensure that neither CATALINA_HOME nor CATALINA_BASE contains a colon
# as this is used as the separator in the classpath and Java provides no
# mechanism for escaping if the same character appears in the path.
case $CATALINA_HOME in*:*) echo "Using CATALINA_HOME: $CATALINA_HOME";echo "Unable to start as CATALINA_HOME contains a colon (:) character";exit 1;
esac
case $CATALINA_BASE in*:*) echo "Using CATALINA_BASE: $CATALINA_BASE";echo "Unable to start as CATALINA_BASE contains a colon (:) character";exit 1;
esac# For OS400
if $os400; then# Set job priority to standard for interactive (interactive - 6) by using# the interactive priority - 6, the helper threads that respond to requests# will be running at the same priority as interactive jobs.COMMAND='chgjob job('$JOBNAME') runpty(6)'system $COMMAND# Enable multi threadingexport QIBM_MULTI_THREADED=Y
fi# Get standard Java environment variables
if $os400; then# -r will Only work on the os400 if the files are:# 1. owned by the user# 2. owned by the PRIMARY group of the user# this will not work if the user belongs in secondary groups. "$CATALINA_HOME"/bin/setclasspath.sh
elseif [ -r "$CATALINA_HOME"/bin/setclasspath.sh ]; then. "$CATALINA_HOME"/bin/setclasspath.shelseecho "Cannot find $CATALINA_HOME/bin/setclasspath.sh"echo "This file is needed to run this program"exit 1fi
fi# Add on extra jar files to CLASSPATH
if [ ! -z "$CLASSPATH" ] ; thenCLASSPATH="$CLASSPATH":
fi
CLASSPATH="$CLASSPATH""$CATALINA_HOME"/bin/bootstrap.jarif [ -z "$CATALINA_OUT" ] ; thenCATALINA_OUT="$CATALINA_BASE"/logs/catalina.out
fiif [ -z "$CATALINA_TMPDIR" ] ; then# Define the java.io.tmpdir to use for CatalinaCATALINA_TMPDIR="$CATALINA_BASE"/temp
fi# Add tomcat-juli.jar to classpath
# tomcat-juli.jar can be over-ridden per instance
if [ -r "$CATALINA_BASE/bin/tomcat-juli.jar" ] ; thenCLASSPATH=$CLASSPATH:$CATALINA_BASE/bin/tomcat-juli.jar
elseCLASSPATH=$CLASSPATH:$CATALINA_HOME/bin/tomcat-juli.jar
fi# Bugzilla 37848: When no TTY is available, don't output to console
have_tty=0
if [ "`tty`" != "not a tty" ]; thenhave_tty=1
fi# For Cygwin, switch paths to Windows format before running java
if $cygwin; thenJAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"`JRE_HOME=`cygpath --absolute --windows "$JRE_HOME"`CATALINA_HOME=`cygpath --absolute --windows "$CATALINA_HOME"`CATALINA_BASE=`cygpath --absolute --windows "$CATALINA_BASE"`CATALINA_TMPDIR=`cygpath --absolute --windows "$CATALINA_TMPDIR"`CLASSPATH=`cygpath --path --windows "$CLASSPATH"`JAVA_ENDORSED_DIRS=`cygpath --path --windows "$JAVA_ENDORSED_DIRS"`
fiif [ -z "$JSSE_OPTS" ] ; thenJSSE_OPTS="-Djdk.tls.ephemeralDHKeySize=2048"
fi
JAVA_OPTS="$JAVA_OPTS $JSSE_OPTS"# Register custom URL handlers
# Do this here so custom URL handles (specifically 'war:...') can be used in the security policy
JAVA_OPTS="$JAVA_OPTS -Djava.protocol.handler.pkgs=org.apache.catalina.webresources"# Set juli LogManager config file if it is present and an override has not been issued
if [ -z "$LOGGING_CONFIG" ]; thenif [ -r "$CATALINA_BASE"/conf/logging.properties ]; thenLOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties"else# Bugzilla 45585LOGGING_CONFIG="-Dnop"fi
fiif [ -z "$LOGGING_MANAGER" ]; thenLOGGING_MANAGER="-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
fi# Java 9 no longer supports the java.endorsed.dirs
# system property. Only try to use it if
# JAVA_ENDORSED_DIRS was explicitly set
# or CATALINA_HOME/endorsed exists.
ENDORSED_PROP=ignore.endorsed.dirs
if [ -n "$JAVA_ENDORSED_DIRS" ]; thenENDORSED_PROP=java.endorsed.dirs
fi
if [ -d "$CATALINA_HOME/endorsed" ]; thenENDORSED_PROP=java.endorsed.dirs
fi# Uncomment the following line to make the umask available when using the
# org.apache.catalina.security.SecurityListener
#JAVA_OPTS="$JAVA_OPTS -Dorg.apache.catalina.security.SecurityListener.UMASK=`umask`"if [ -z "$USE_NOHUP" ]; thenif $hpux; thenUSE_NOHUP="true"elseUSE_NOHUP="false"fi
fi
unset _NOHUP
if [ "$USE_NOHUP" = "true" ]; then_NOHUP=nohup
fi# Add the JAVA 9 specific start-up parameters required by Tomcat
JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.lang=ALL-UNNAMED"
JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED"
export JDK_JAVA_OPTIONS# ----- Execute The Requested Command -----------------------------------------# Bugzilla 37848: only output this if we have a TTY
if [ $have_tty -eq 1 ]; thenecho "Using CATALINA_BASE: $CATALINA_BASE"echo "Using CATALINA_HOME: $CATALINA_HOME"echo "Using CATALINA_TMPDIR: $CATALINA_TMPDIR"if [ "$1" = "debug" ] ; thenecho "Using JAVA_HOME: $JAVA_HOME"elseecho "Using JRE_HOME: $JRE_HOME"fiecho "Using CLASSPATH: $CLASSPATH"if [ ! -z "$CATALINA_PID" ]; thenecho "Using CATALINA_PID: $CATALINA_PID"fi
fiif [ "$1" = "jpda" ] ; thenif [ -z "$JPDA_TRANSPORT" ]; thenJPDA_TRANSPORT="dt_socket"fiif [ -z "$JPDA_ADDRESS" ]; thenJPDA_ADDRESS="localhost:8000"fiif [ -z "$JPDA_SUSPEND" ]; thenJPDA_SUSPEND="n"fiif [ -z "$JPDA_OPTS" ]; thenJPDA_OPTS="-agentlib:jdwp=transport=$JPDA_TRANSPORT,address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND"fiCATALINA_OPTS="$JPDA_OPTS $CATALINA_OPTS"shift
fiif [ "$1" = "debug" ] ; thenif $os400; thenecho "Debug command not available on OS400"exit 1elseshiftif [ "$1" = "-security" ] ; thenif [ $have_tty -eq 1 ]; thenecho "Using Security Manager"fishiftexec "$_RUNJDB" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \-D$ENDORSED_PROP="$JAVA_ENDORSED_DIRS" \-classpath "$CLASSPATH" \-sourcepath "$CATALINA_HOME"/../../java \-Djava.security.manager \-Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \-Dcatalina.base="$CATALINA_BASE" \-Dcatalina.home="$CATALINA_HOME" \-Djava.io.tmpdir="$CATALINA_TMPDIR" \org.apache.catalina.startup.Bootstrap "$@" startelseexec "$_RUNJDB" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \-D$ENDORSED_PROP="$JAVA_ENDORSED_DIRS" \-classpath "$CLASSPATH" \-sourcepath "$CATALINA_HOME"/../../java \-Dcatalina.base="$CATALINA_BASE" \-Dcatalina.home="$CATALINA_HOME" \-Djava.io.tmpdir="$CATALINA_TMPDIR" \org.apache.catalina.startup.Bootstrap "$@" startfifielif [ "$1" = "run" ]; thenshiftif [ "$1" = "-security" ] ; thenif [ $have_tty -eq 1 ]; thenecho "Using Security Manager"fishifteval exec "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \-D$ENDORSED_PROP="\"$JAVA_ENDORSED_DIRS\"" \-classpath "\"$CLASSPATH\"" \-Djava.security.manager \-Djava.security.policy=="\"$CATALINA_BASE/conf/catalina.policy\"" \-Dcatalina.base="\"$CATALINA_BASE\"" \-Dcatalina.home="\"$CATALINA_HOME\"" \-Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \org.apache.catalina.startup.Bootstrap "$@" startelseeval exec "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \-D$ENDORSED_PROP="\"$JAVA_ENDORSED_DIRS\"" \-classpath "\"$CLASSPATH\"" \-Dcatalina.base="\"$CATALINA_BASE\"" \-Dcatalina.home="\"$CATALINA_HOME\"" \-Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \org.apache.catalina.startup.Bootstrap "$@" startfielif [ "$1" = "start" ] ; thenif [ ! -z "$CATALINA_PID" ]; thenif [ -f "$CATALINA_PID" ]; thenif [ -s "$CATALINA_PID" ]; thenecho "Existing PID file found during start."if [ -r "$CATALINA_PID" ]; thenPID=`cat "$CATALINA_PID"`ps -p $PID >/dev/null 2>&1if [ $? -eq 0 ] ; thenecho "Tomcat appears to still be running with PID $PID. Start aborted."echo "If the following process is not a Tomcat process, remove the PID file and try again:"ps -f -p $PIDexit 1elseecho "Removing/clearing stale PID file."rm -f "$CATALINA_PID" >/dev/null 2>&1if [ $? != 0 ]; thenif [ -w "$CATALINA_PID" ]; thencat /dev/null > "$CATALINA_PID"elseecho "Unable to remove or clear stale PID file. Start aborted."exit 1fififielseecho "Unable to read PID file. Start aborted."exit 1fielserm -f "$CATALINA_PID" >/dev/null 2>&1if [ $? != 0 ]; thenif [ ! -w "$CATALINA_PID" ]; thenecho "Unable to remove or write to empty PID file. Start aborted."exit 1fififififishifttouch "$CATALINA_OUT"if [ "$1" = "-security" ] ; thenif [ $have_tty -eq 1 ]; thenecho "Using Security Manager"fishifteval $_NOHUP "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \-D$ENDORSED_PROP="\"$JAVA_ENDORSED_DIRS\"" \-classpath "\"$CLASSPATH\"" \-Djava.security.manager \-Djava.security.policy=="\"$CATALINA_BASE/conf/catalina.policy\"" \-Dcatalina.base="\"$CATALINA_BASE\"" \-Dcatalina.home="\"$CATALINA_HOME\"" \-Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \org.apache.catalina.startup.Bootstrap "$@" start \>> "$CATALINA_OUT" 2>&1 "&"elseeval $_NOHUP "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \-D$ENDORSED_PROP="\"$JAVA_ENDORSED_DIRS\"" \-classpath "\"$CLASSPATH\"" \-Dcatalina.base="\"$CATALINA_BASE\"" \-Dcatalina.home="\"$CATALINA_HOME\"" \-Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \org.apache.catalina.startup.Bootstrap "$@" start \>> "$CATALINA_OUT" 2>&1 "&"fiif [ ! -z "$CATALINA_PID" ]; thenecho $! > "$CATALINA_PID"fiecho "Tomcat started."elif [ "$1" = "stop" ] ; thenshiftSLEEP=5if [ ! -z "$1" ]; thenecho $1 | grep "[^0-9]" >/dev/null 2>&1if [ $? -gt 0 ]; thenSLEEP=$1shiftfifiFORCE=0if [ "$1" = "-force" ]; thenshiftFORCE=1fiif [ ! -z "$CATALINA_PID" ]; thenif [ -f "$CATALINA_PID" ]; thenif [ -s "$CATALINA_PID" ]; thenkill -0 `cat "$CATALINA_PID"` >/dev/null 2>&1if [ $? -gt 0 ]; thenecho "PID file found but no matching process was found. Stop aborted."exit 1fielseecho "PID file is empty and has been ignored."fielseecho "\$CATALINA_PID was set but the specified file does not exist. Is Tomcat running? Stop aborted."exit 1fifieval "\"$_RUNJAVA\"" $LOGGING_MANAGER $JAVA_OPTS \-D$ENDORSED_PROP="\"$JAVA_ENDORSED_DIRS\"" \-classpath "\"$CLASSPATH\"" \-Dcatalina.base="\"$CATALINA_BASE\"" \-Dcatalina.home="\"$CATALINA_HOME\"" \-Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \org.apache.catalina.startup.Bootstrap "$@" stop# stop failed. Shutdown port disabled? Try a normal kill.if [ $? != 0 ]; thenif [ ! -z "$CATALINA_PID" ]; thenecho "The stop command failed. Attempting to signal the process to stop through OS signal."kill -15 `cat "$CATALINA_PID"` >/dev/null 2>&1fifiif [ ! -z "$CATALINA_PID" ]; thenif [ -f "$CATALINA_PID" ]; thenwhile [ $SLEEP -ge 0 ]; dokill -0 `cat "$CATALINA_PID"` >/dev/null 2>&1if [ $? -gt 0 ]; thenrm -f "$CATALINA_PID" >/dev/null 2>&1if [ $? != 0 ]; thenif [ -w "$CATALINA_PID" ]; thencat /dev/null > "$CATALINA_PID"# If Tomcat has stopped don't try and force a stop with an empty PID fileFORCE=0elseecho "The PID file could not be removed or cleared."fifiecho "Tomcat stopped."breakfiif [ $SLEEP -gt 0 ]; thensleep 1fiif [ $SLEEP -eq 0 ]; thenecho "Tomcat did not stop in time."if [ $FORCE -eq 0 ]; thenecho "PID file was not removed."fiecho "To aid diagnostics a thread dump has been written to standard out."kill -3 `cat "$CATALINA_PID"`fiSLEEP=`expr $SLEEP - 1 `donefifiKILL_SLEEP_INTERVAL=5if [ $FORCE -eq 1 ]; thenif [ -z "$CATALINA_PID" ]; thenecho "Kill failed: \$CATALINA_PID not set"elseif [ -f "$CATALINA_PID" ]; thenPID=`cat "$CATALINA_PID"`echo "Killing Tomcat with the PID: $PID"kill -9 $PIDwhile [ $KILL_SLEEP_INTERVAL -ge 0 ]; dokill -0 `cat "$CATALINA_PID"` >/dev/null 2>&1if [ $? -gt 0 ]; thenrm -f "$CATALINA_PID" >/dev/null 2>&1if [ $? != 0 ]; thenif [ -w "$CATALINA_PID" ]; thencat /dev/null > "$CATALINA_PID"elseecho "The PID file could not be removed."fifiecho "The Tomcat process has been killed."breakfiif [ $KILL_SLEEP_INTERVAL -gt 0 ]; thensleep 1fiKILL_SLEEP_INTERVAL=`expr $KILL_SLEEP_INTERVAL - 1 `doneif [ $KILL_SLEEP_INTERVAL -lt 0 ]; thenecho "Tomcat has not been killed completely yet. The process might be waiting on some system call or might be UNINTERRUPTIBLE."fifififielif [ "$1" = "configtest" ] ; theneval "\"$_RUNJAVA\"" $LOGGING_MANAGER $JAVA_OPTS \-D$ENDORSED_PROP="\"$JAVA_ENDORSED_DIRS\"" \-classpath "\"$CLASSPATH\"" \-Dcatalina.base="\"$CATALINA_BASE\"" \-Dcatalina.home="\"$CATALINA_HOME\"" \-Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \org.apache.catalina.startup.Bootstrap configtestresult=$?if [ $result -ne 0 ]; thenecho "Configuration error detected!"fiexit $resultelif [ "$1" = "version" ] ; then"$_RUNJAVA" \-classpath "$CATALINA_HOME/lib/catalina.jar" \org.apache.catalina.util.ServerInfoelseecho "Usage: catalina.sh ( commands ... )"echo "commands:"if $os400; thenecho " debug Start Catalina in a debugger (not available on OS400)"echo " debug -security Debug Catalina with a security manager (not available on OS400)"elseecho " debug Start Catalina in a debugger"echo " debug -security Debug Catalina with a security manager"fiecho " jpda start Start Catalina under JPDA debugger"echo " run Start Catalina in the current window"echo " run -security Start in the current window with security manager"echo " start Start Catalina in a separate window"echo " start -security Start in a separate window with security manager"echo " stop Stop Catalina, waiting up to 5 seconds for the process to end"echo " stop n Stop Catalina, waiting up to n seconds for the process to end"echo " stop -force Stop Catalina, wait up to 5 seconds and then use kill -KILL if still running"echo " stop n -force Stop Catalina, wait up to n seconds and then use kill -KILL if still running"echo " configtest Run a basic syntax check on server.xml - check exit code for result"echo " version What version of tomcat are you running?"echo "Note: Waiting for the process to end and use of the -force option require that \$CATALINA_PID is defined"exit 1fi
3、构建镜像
把dockerfile相关文件介绍清楚后,现在开始构建镜像
这里使用脚本构建,查看脚本内容,这里镜像的tag可以自己在脚本后面传递参数定义
root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# cat build-command.sh #!/bin/bash TAG=$1nerdctl build -t harbor.magedu.net/magedu/tomcat-app1:${TAG} . nerdctl push harbor.magedu.net/magedu/tomcat-app1:${TAG}root@master1:/opt/k8s-data/dockerfile/web/magedu/tomcat-app1# bash build-command.sh v1查看本地镜像已经构建完成了
查看镜像已经把这个业务镜像上传至harbor服务器上了
至此就把业务镜像tomcat准备好了,就可以把它运行在K8S上了
4、测试镜像可用性
1.1、下面先测试下这个镜像是否正常可用
1.2、访问一下master1节点的地址,显示可以访问
访问myapp
测试说明镜像是没问题的,下面就可以把它运行在K8S上
八、基于业务镜像,运行tomcat后端业务
1、部署tomcat容器
1、编写yaml文件 root@master1:~# vim tomcat-app1.yaml kind: Deployment apiVersion: apps/v1 metadata:labels:app: tomcat-deployment-labelname: tomcat-deploymentnamespace: myserver spec:replicas: 1selector:matchLabels:app: tomcat-selectortemplate:metadata:labels:app: tomcat-selectorspec:containers:- name: tomcat-app1-containerimage: harbor.magedu.net/magedu/tomcat-app1:v1imagePullPolicy: IfNotPresentports:- containerPort: 8080protocol: TCPname: httpenv:- name: "password"value: "123456"- name: "age"value: "18"volumeMounts:- name: imagesmountPath: /usr/local/nginx/html/webapp/imagesreadOnly: false- name: staticmountPath: /usr/local/nginx/html/webapp/staticreadOnly: falsevolumes:- name: imagesnfs:server: 172.31.7.109path: /data/k8sdata/magedu/images- name: staticnfs:server: 172.31.7.109path: /data/k8sdata/magedu/static --- kind: Service apiVersion: v1 metadata:labels:app: tomcat-service-labelname: tomcat-servicenamespace: myserver spec:type: NodePortports:- name: httpport: 80protocol: TCPtargetPort: 8080nodePort: 30092selector:app: tomcat-selector2、yaml文件中存储卷,在172.31.7.109主机作为共享存储服务器配置共享存储服务器配置参照博客 https://blog.csdn.net/weixin_46476452/article/details/127985493 第三步、nfs共享存储内容创建共享目录 root@haproxy02:~# mkdir -p /data/k8sdata/magedu/images -p root@haproxy02:~# mkdir -p /data/k8sdata/magedu/static配置生效,查看/etc/export
到客户master端查验
创建资源 root@master1:~# kubectl apply -f tomcat-app1.yaml deployment.apps/tomcat-deployment created service/tomcat-service created
2、查看资源
查看pod资源和service资源都已经创建成功
访问下node节点的30092端口就可以访问到tomcat pod的80端口服务了
再访问下tomcat的首页,这个首页文件就相当于开发写的代码包,运维只负责把代码包部署起来;到此为止就已经把后端服务部署起来了,后面再部署一个前端服务
九、制作nginx前端业务镜像,运行nginx前端服务
1、制作nginx基础镜像
1、制作基础镜像
root@master1:~# ls build-command.sh Dockerfile nginx-1.22.0.tar.gz1、编写dockerfile文件 root@master1:~# cat Dockerfile #Nginx Base Image FROM harbor.magedu.net/baseimages/magedu-centos-base:7.9.2009 #这个是基础镜像,安装好了编译环境的MAINTAINER 2569220198@qq.comRUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop ADD nginx-1.22.0.tar.gz /usr/local/src/ RUN cd /usr/local/src/nginx-1.22.0 && ./configure && make && make install && ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx &&rm -rf /usr/local/src/nginx-1.22.0.tar.gz2、编写构建镜像上传镜像脚本 root@master1:~# cat build-command.sh #!/bin/bash nerdctl build -t harbor.magedu.net/pub-images/nginx-base:v1.22.0 .nerdctl push harbor.magedu.net/pub-images/nginx-base:v1.22.03、下载nginx-1.22.0.tar.gz二进制包到当前目录4、构建镜像 root@master1:~# bash build-command.sh查看本地镜像已经构建完成
查看是否上传到了harbor服务器上
至此就把nginx的base基础镜像构建完成了,下面再基于这个base镜像,进行nginx的业务镜像的构建
2、构建nginx业务镜像,作为前端的web服务镜像
构建业务镜像
1、看一下dockerfile同级需要的文件 root@master1:/opt/k8s-data/dockerfile/web/magedu/nginx# ls app1.tar.gz build-command.sh Dockerfile index.html nginx.conf webapp2、编写dockerfile文件 root@master1:/opt/k8s-data/dockerfile/web/magedu/nginx# cat Dockerfile #Nginx 1.22.0 FROM harbor.magedu.net/pub-images/nginx-base:v1.22.0ADD nginx.conf /usr/local/nginx/conf/nginx.conf #把代码放到了webapp ADD app1.tar.gz /usr/local/nginx/html/webapp/ ADD index.html /usr/local/nginx/html/index.html #静态资源挂载路径 RUN mkdir -p /usr/local/nginx/html/webapp/static /usr/local/nginx/html/webapp/imagesEXPOSE 80 443CMD ["nginx"] #最后通过nginx命令把它跑起来,之所以能跑起来是因为在nginx.conf配置文件中加了参数daemon off把终端从后台关掉,从前台执行,不然nginx起不来3、查看下首页文件 root@master1:/opt/k8s-data/dockerfile/web/magedu/nginx# cat index.html nginx web1 magedu n70 v14、查看下webapp/index.html文件,是通过把它打包成app1.tar.gz再传递到容器中 root@master1:/opt/k8s-data/dockerfile/web/magedu/nginx# cat webapp/index.html <!DOCTYPE html> <html lang="en"> <head><meta charset="UTF-8"><title>Devops</title> </head> <body> <h1>magedu devops v11111111</h1> </body> </html>5、解包app1.tar.gz看下文件内容,就是webapp/index.html文件打包而成的 root@master1:/opt/k8s-data/dockerfile/web/magedu/nginx# tar xvf app1.tar.gz -C /tmp/ index.html root@master1:/opt/k8s-data/dockerfile/web/magedu/nginx# cat /tmp/index.html <!DOCTYPE html> <html lang="en"> <head><meta charset="UTF-8"><title>Devops</title> </head> <body> <h1>magedu devops v11111111</h1> </body> </html>nginx.conf配置文件添加下面内容,主要是用于观看,具体详细可看下面的文件
查看下nginx.conf配置文件
root@master1:/opt/k8s-data/dockerfile/web/magedu/nginx# cat nginx.conf
user nginx nginx;
worker_processes auto;#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;#pid logs/nginx.pid;
daemon off;events {worker_connections 1024;
}http {include mime.types;default_type application/octet-stream;#log_format main '$remote_addr - $remote_user [$time_local] "$request" '# '$status $body_bytes_sent "$http_referer" '# '"$http_user_agent" "$http_x_forwarded_for"';#access_log logs/access.log main;sendfile on;#tcp_nopush on;#keepalive_timeout 0;keepalive_timeout 65;#gzip on;upstream tomcat_webserver {server tomcat-service:80;
}server {listen 80;server_name localhost;#charset koi8-r;#access_log logs/host.access.log main;location / {root html;index index.html index.htm;}location /webapp {root html;index index.html index.htm;}location /myapp {proxy_pass http://tomcat_webserver;proxy_set_header Host $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Real-IP $remote_addr;}#error_page 404 /404.html;# redirect server error pages to the static page /50x.html#error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}# proxy the PHP scripts to Apache listening on 127.0.0.1:80##location ~ \.php$ {# proxy_pass http://127.0.0.1;#}# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000##location ~ \.php$ {# root html;# fastcgi_pass 127.0.0.1:9000;# fastcgi_index index.php;# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;# include fastcgi_params;#}# deny access to .htaccess files, if Apache's document root# concurs with nginx's one##location ~ /\.ht {# deny all;#}}# another virtual host using mix of IP-, name-, and port-based configuration##server {# listen 8000;# listen somename:8080;# server_name somename alias another.alias;# location / {# root html;# index index.html index.htm;# }#}# HTTPS server##server {# listen 443 ssl;# server_name localhost;# ssl_certificate cert.pem;# ssl_certificate_key cert.key;# ssl_session_cache shared:SSL:1m;# ssl_session_timeout 5m;# ssl_ciphers HIGH:!aNULL:!MD5;# ssl_prefer_server_ciphers on;# location / {# root html;# index index.html index.htm;# }#}}
3、构建业务镜像
查看构建镜像脚本
root@master1:/opt/k8s-data/dockerfile/web/magedu/nginx# cat build-command.sh
#!/bin/bash
TAG=$1
nerdctl build -t harbor.magedu.net/magedu/nginx-web1:${TAG} .nerdctl push harbor.magedu.net/magedu/nginx-web1:${TAG}执行脚本构建镜像,并上传到harbor
root@master1:/opt/k8s-data/dockerfile/web/magedu/nginx# bash build-command.sh v24、查看镜像
在本地查看镜像是否构建完成
在harbor服务器端查看镜像是否上传成功
5、创建nginx前端服务
5.1、编写yaml文件
root@master1:/opt/k8s-data/yaml/magedu/nginx# cat nginx.yaml
kind: Deployment
apiVersion: apps/v1
metadata:labels:app: nginx-deployment-labelname: nginx-deploymentnamespace: myserver
spec:replicas: 1selector:matchLabels:app: nginx-selectortemplate:metadata:labels:app: nginx-selectorspec:containers:- name: nginx-containerimage: harbor.magedu.net/magedu/nginx-web1:v2imagePullPolicy: Alwaysports:- containerPort: 80protocol: TCPname: http- containerPort: 443protocol: TCPname: httpsenv:- name: "password"value: "123456"- name: "age"value: "20"resources:limits:cpu: 500mmemory: 512Mirequests:cpu: 500mmemory: 256MivolumeMounts:- name: nginx-imagesmountPath: /usr/local/nginx/html/webapp/imagesreadOnly: false- name: nginx-staticmountPath: /usr/local/nginx/html/webapp/staticreadOnly: falsevolumes:- name: nginx-imagesnfs:server: 172.31.7.109path: /data/k8sdata/images- name: nginx-staticnfs:server: 172.31.7.109path: /data/k8sdata/static---
kind: Service
apiVersion: v1
metadata:labels:app: nginx-service-labelname: nginx-servicenamespace: myserver
spec:type: NodePortports:- name: httpport: 80protocol: TCPtargetPort: 80nodePort: 30090- name: httpsport: 443protocol: TCPtargetPort: 443nodePort: 30091selector:app: nginx-selector
5.2、创建资源
root@master1:/opt/k8s-data/yaml/magedu/nginx# kubectl apply -f nginx.yaml查看pod资源和service资源是否启动成功
6、访问测试
访问下node节点的30090端口是否通,可以正常访问就行
可选项:可以把访问放到负载均衡器上
把三个node节点上的30090端口的访问,放入到负载均衡VIP7.189的80端口上
重启haproxy服务后访问下VIP80端口即可访问到服务
访问webapp是由nginx处理的
访问myapp是由tomcat处理的,一访问myapp就由nginx转发到tomcat了
进入tomcat容器下载个图片
容器中有两个挂载images是用来存放图片的
进入容器的/usr/local/nginx/html/webapp/images目录下载个图片 [root@tomcat-deployment-686bdd6c68-5dmbb ~]# cd /usr/local/nginx/html/webapp/images [root@tomcat-deployment-686bdd6c68-5dmbb images]# wget http://i0.hdslb.com/bfs/banner/bda2dea2ee9cff46a7a855276f99f12b22b7393d.png [root@tomcat-deployment-686bdd6c68-5dmbb images]# ls bda2dea2ee9cff46a7a855276f99f12b22b7393d.png把名字该短点 [root@tomcat-deployment-686bdd6c68-5dmbb images]# mv bda2dea2ee9cff46a7a855276f99f12b22b7393d.png 222.png [root@tomcat-deployment-686bdd6c68-5dmbb images]# ls 222.png这个图片其实最终是存储在存储服务器的共享目录下
并且这个其实是由tomcat写进存储的,但是nignx前端是可以访问
访问http://172.31.7.189/webapp/images/222.jpg看看能否访问到这个图片资源
基于nerdctl + buildkitd构建容器镜像,运行tomcat后端服务和nginx前端服务相关推荐
- 利用Serverless Kubernetes和Kaniko快速自动化构建容器镜像
前言: 在云原生时代中,容器镜像是一切应用分发的基础载体,除了dockerhub作为流行的镜像仓库外,各大公有云厂商也都提供了功能丰富镜像仓库服务,如ACR(Aliyun Container Regi ...
- 容器学习Day11-docker commit构建容器镜像
目录 前言 一.docker commit 构建镜像 1.基于OS基础镜像构建 2.基于厂商提供的基础镜像构建 二.docker commit 构建镜像的缺点 总结 前言 前面了解了镜像仓库的搭建,那 ...
- kaniko-在k8s集群中构建容器镜像
微信公众号搜索 DevOps和k8s全栈技术 ,即可关注公众号,也可扫描文章最后的二维码关注公众号,每天会分享技术文章供大家阅读参考哈~ 前言 通常情况下,我们在使用dockerfile构建镜像的时候 ...
- 利用Img构建容器镜像
本系列文章一共6篇,本文是该系列的第3篇文章,前2篇文章如下: <未来我们如何构建容器镜像?> <利用Podman和Buildah构建容器镜像> Img[1]是一个开源项目,由 ...
- 利用Podman和Buildah构建容器镜像
这是有关构建容器镜像的一系列博客文章中的第二篇.该系列从<未来我们如何构建容器镜像?>开始.该文章探讨了自Docker首次发布以来构建镜像的变化以及如何克服使用Dockerfile的诸多限 ...
- GCP发布Kaniko:在非特权容器和Kubernetes中构建容器镜像的工具
\ 看新闻很累?看技术新闻更累?试试下载InfoQ手机客户端,每天上下班路上听新闻,有趣还有料! \ \\ Google发布了"Kaniko",一种用于在未授权容器或Kuberne ...
- 如何使用 Buildah 构建容器镜像
Project Atomic 通过他们在 Open Container Initiative(OCI)上的努力创造了一个名为 Buildah 的伟大工具.Buildah 能帮助创建.构建和更新,它支持 ...
- Dockerfile构建容器镜像 - 运维笔记
在Docker的运用中,从下载镜像,启动容器,在容器中输入命令来运行程序,这些命令都是手工一条条往里输入的,无法重复利用,而且效率很低.所以就需要一 种文件或脚本,我们把想执行的操作以命令的方式写入其 ...
- 流水线中使用 docker in pod 方式构建容器镜像
上个月参加了 Rancher 社区举办的 <Dockershim 即将被移除,你准备好了么?[1]>直播分享后,得知自 1.24 版本之后,Kubernetes 社区将正式放弃对 dock ...
最新文章
- Android10.0 Binder通信原理(八)-Framework层分析
- uid(组件id) = userId + appId (android多用户)
- 【struts2】struts2工作流程
- Hibernate HQL基础 调用数据库存储过程
- mutilprocess模块的用法
- c多线程并发处理方式_Java并发基础,不怕你看不懂
- 利用CNN和迁移学习方法识别植物叶片疾病
- 『原创·翻译』如何阅读论文
- 一篇文章让你拥有用不完的ip代理
- 我的同学总结关于linux
- 汉字编码与拼音输入法
- 2021充电必备:推荐一些免费的电子书网站及TXT阅读器
- vc中cout如何解除fixed控制_C++ fixed用法详解
- mysql对单引号的模糊查询_SQL语句中的单引号处理以及模糊查询
- 【转载】xp用户自动登录
- python-22-使用Kivy开发手机app
- 图的概念与主要类型、图模型的应用场景
- 2022-2028年全球与中国蛋白质补充剂行业市场需求预测分析
- php 判断下载状态,关于php:如何检测文件的下载是否已经完成?
- Netty自学-Netty学习(一)