2.6. 使用 Buildah 自定义镜像构建

流程

1. 从空目录着手，使用以下内容创建名为 Dockerfile 的文件：

   Copy to Clipboard Toggle word wrap

   FROM registry.redhat.io/rhel8/buildah
   # In this example, `/tmp/build` contains the inputs that build when this
   # custom builder image is run. Normally the custom builder image fetches
   # this content from some location at build time, by using git clone as an example.
   ADD dockerfile.sample /tmp/input/Dockerfile
   ADD build.sh /usr/bin
   RUN chmod a+x /usr/bin/build.sh
   # /usr/bin/build.sh contains the actual custom build logic that will be run when
   # this custom builder image is run.
   ENTRYPOINT ["/usr/bin/build.sh"]

2. 在同一目录中，创建名为 dockerfile.sample 的文件。此文件将包含在自定义构建镜像中，并且定义将由自定义构建生成的镜像：

   Copy to Clipboard Toggle word wrap

   FROM registry.access.redhat.com/ubi8/ubi
   RUN touch /tmp/build

3. 在同一目录中，创建名为 build.sh 的文件。此文件包含自定义生成运行时将要执行的逻辑：

   Copy to Clipboard Toggle word wrap

   #!/bin/sh
   # Note that in this case the build inputs are part of the custom builder image, but normally this
   # is retrieved from an external source.
   cd /tmp/input
   # OUTPUT_REGISTRY and OUTPUT_IMAGE are env variables provided by the custom
   # build framework
   TAG="${OUTPUT_REGISTRY}/${OUTPUT_IMAGE}"
   
   
   # performs the build of the new image defined by dockerfile.sample
   buildah --storage-driver vfs bud --isolation chroot -t ${TAG} .
   
   
   # buildah requires a slight modification to the push secret provided by the service
   # account to use it for pushing the image
   cp /var/run/secrets/openshift.io/push/.dockercfg /tmp
   (echo "{ \"auths\": " ; cat /var/run/secrets/openshift.io/push/.dockercfg ; echo "}") > /tmp/.dockercfg
   
   
   # push the new image to the target for the build
   buildah --storage-driver vfs push --tls-verify=false --authfile /tmp/.dockercfg ${TAG}

流程

1. 定义要用于构建自定义构建器镜像的 BuildConfig 对象：

   Copy to Clipboard Toggle word wrap

   $ oc new-build --binary --strategy=docker --name custom-builder-image

2. 从您在其中创建自定义构建镜像的目录中，运行构建：

   Copy to Clipboard Toggle word wrap

   $ oc start-build custom-builder-image --from-dir . -F

   构建完成后，新自定义构建器镜像将在名为 custom-builder-image:latest 的镜像流标签中的项目内可用。

流程

1. 创建名为 buildconfig.yaml 的文件。此文件定义要在项目中创建并执行的 BuildConfig 对象：

   Copy to Clipboard Toggle word wrap

   kind: BuildConfig
   apiVersion: build.openshift.io/v1
   metadata:
     name: sample-custom-build
     labels:
       name: sample-custom-build
     annotations:
       template.alpha.openshift.io/wait-for-ready: 'true'
   spec:
     strategy:
       type: Custom
       customStrategy:
         forcePull: true
         from:
           kind: ImageStreamTag
           name: custom-builder-image:latest
           namespace: <yourproject> 

   1

   
     output:
       to:
         kind: ImageStreamTag
         name: sample-custom:latest

   1

   指定项目的名称。

2. 创建 BuildConfig:

   Copy to Clipboard Toggle word wrap

   $ oc create -f buildconfig.yaml

3. 创建名为 imagestream.yaml 的文件。此文件定义构建要将镜像推送到的镜像流：

   Copy to Clipboard Toggle word wrap

   kind: ImageStream
   apiVersion: image.openshift.io/v1
   metadata:
     name: sample-custom
   spec: {}

4. 创建镜像流：

   Copy to Clipboard Toggle word wrap

   $ oc create -f imagestream.yaml

5. 运行自定义构建：

   Copy to Clipboard Toggle word wrap

   $ oc start-build sample-custom-build -F

   构建运行时，它会启动一个 Pod 来运行之前构建的自定义构建器镜像。该 Pod 将运行定义为自定义构建器镜像入口点的 build.sh 逻辑。build.sh 逻辑调用 Buildah 来构建自定义构建器镜像中嵌入的 dockerfile.sample，然后使用 Buildah 将新镜像推送到 sample-custom 镜像流。