一. Kaniko

官网

• Kaniko 是一个是谷歌开源的一款用来构建容器镜像在k8s集群内构建容器镜像的工具，使用时，需要一个 Kubernetes 集群， 可以在 Kubernetes 上无需特权的构建 image，k8s CRI无需docker
• 使用后 pull 和 push 镜像很慢

# 首选需要创建一个 Kubernetes secret，其中包含推送到镜像仓库所需的身份验证信息，创建一个secret 类型是 docker-registry， 名字是 docker-harbor
kubectl create secret docker-registry docker-harbor --docker-server=https://harbor.yeemiao.net.cn --docker-username=chenxingguang --docker-password='dw2exs6nD!dfjk122'

从yaml创建

apiVersion: v1
data:.dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL2hhcmJvci55ZWVtaWFvLm5ldC5jbiI6eyJ1c2VybmFtZSI6ImNoZW54aW5nZ3VhbmciLCJwYXNzd29yZCI6ImR3MmV4czZuRCFkZmprMTIyIiwiYXV0aCI6IlkyaGxibmhwYm1kbmRXRnVaenBrZHpKbGVITTJia1FoWkdacWF6RXlNZz09In19fQ==
kind: Secret
metadata:name: docker-harbornamespace: kube-ops
type: kubernetes.io/dockerconfigjson

buildkit

• 可以将Dockerfile写到一个 configmap 中， 或者直接在pvc中定义

apiVersion: v1
kind: ConfigMap
metadata:name: dockerfile
data:dockerfile: |FROM nginx:1.21.1-alpineRUN  date > /root/date.log

apiVersion: v1
kind: Pod
metadata:name: kaniko
spec:hostAliases:- ip: 192.168.1.185hostnames:- harbor.yeemiao.net.cncontainers:- name: kanikoimage: daocloud.io/gcr-mirror/kaniko-project-executor:latestargs:- --dockerfile=/workspace/Dockerfile	# Dockerfile位置- --context=/workspace/					# 上下文- --skip-tls-verify=true				# 跳过https- --destination=harbor.yeemiao.net.cn/library/flask-web:v1	# 定义镜像名称volumeMounts:- name: kaniko-secretmountPath: /kaniko/.docker#- name: dockerfile-storage#  mountPath: /workspace- name: dockerfilemountPath: /workspace/DockerfilereadOnly: truesubPath: dockerfilerestartPolicy: Nevervolumes:- name: kaniko-secretsecret:secretName: docker-harboritems:- key: .dockerconfigjsonpath: config.json#- name: dockerfile-storage#  persistentVolumeClaim:#    claimName: dockerfile-claim- name: dockerfileconfigMap: name: dockerfileitems: - key: dockerfilepath: dockerfile