kaniko试用

kaniko介绍

官网：https://github.com/GoogleContainerTools/kaniko
参考：http://dockone.io:82/article/4933
与Jenkins对比：https://yq.aliyun.com/ask/494251/?order=vote_num&p=1

在K8S中运行

apiVersion: v1
kind: Secret
metadata:
  name: kaniko-secret
type: kubernetes.io/basic-auth
stringData:
  username: [destination对应镜像仓库账号]
  password: [destination对应镜像仓库密码]


---
apiVersion: v1
kind: Pod
metadata:
  name: kaniko
spec:
  nodeSelector:
    kubernetes.io/hostname: prod-l27-4-23
  containers:
  - name: kaniko
    image: registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-executor:latest
    args:
    - --dockerfile=/root/kaniko-test/context/Dockerfile
    - --context=/root/kaniko-test/context
    - --tarPath=/root/kaniko-test/context/context.tar
    - --destination=registry.cn-hangzhou.aliyuncs.com/shenshouer/ayena:test
    volumeMounts:
      - name: kaniko-secret
        mountPath: /secret
      - name: context-data
        mountPath: /root/kaniko-test/context
    env:
      - name: GOOGLE_APPLICATION_CREDENTIALS
        value: /secret/kaniko-secret.json
  restartPolicy: Never
  volumes:
    - name: context-data
      hostPath:
        path: /root/kaniko-test/context
        type: Directory
    - name: kaniko-secret
      secret:
        secretName: kaniko-secret

在Docker中运行

docker rm -f kaniko
docker run --name kaniko \
    -v $HOME/.docker/:/kaniko/.docker \
    -v `pwd`:/workspace \
    registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-executor:latest \
    --dockerfile /workspace/Dockerfile \
    --destination registry.cn-hangzhou.aliyuncs.com/shenshouer/ayena:test \
    --context dir:///workspace/

注意：认证信息需要挂载-v $HOME/.docker/:/kaniko/.docker