第 6 章 使用 Buildah 自定义镜像构建

流程

1. 从空目录着手，使用以下内容创建名为 Dockerfile 的文件：

   FROM docker.io/centos:7
   RUN yum install -y buildah
   # For simplicity, /tmp/build contains the inputs we’ll be building when we
   # run this custom builder image. Normally the custom builder image would
   # fetch this content from some location at build time. (e.g. via git clone).
   ADD Dockerfile.sample /tmp/input/Dockerfile
   ADD build.sh /usr/bin
   RUN chmod a+x /usr/bin/build.sh
   # /usr/bin/build.sh contains the actual custom build logic that will be executed when
   # this custom builder image is executed.
   ENTRYPOINT ["/usr/bin/build.sh"]

   Copy to Clipboard Toggle word wrap

2. 在同一目录中，创建名为 Dockerfile.sample 的文件。此文件将包含在自定义构建镜像中，并且定义将由自定义构建生成的镜像：

   FROM docker.io/centos:7
   RUN touch /tmp/built

   Copy to Clipboard Toggle word wrap

3. 在同一目录中，创建名为 build.sh 的文件。此文件包含自定义生成运行时将要执行的逻辑：

   #!/bin/sh
   # Note that in this case the build inputs are part of the custom builder image, but normally this
   # would be retrieved from an external source.
   cd /tmp/input
   # OUTPUT_REGISTRY and OUTPUT_IMAGE are env variables provided by the custom
   # build framework
   TAG="${OUTPUT_REGISTRY}/${OUTPUT_IMAGE}"
   
   
   # performs the build of the new image defined by Dockerfile.sample
   buildah --storage-driver vfs bud --isolation chroot -t ${TAG} .
   
   
   # buildah requires a slight modification to the push secret provided by the service
   # account in order to use it for pushing the image
   cp /var/run/secrets/openshift.io/push/.dockercfg /tmp
   (echo "{ \"auths\": " ; cat /var/run/secrets/openshift.io/push/.dockercfg ; echo "}") > /tmp/.dockercfg
   
   
   # push the new image to the target for the build
   buildah --storage-driver vfs push --tls-verify=false --authfile /tmp/.dockercfg ${TAG}

   Copy to Clipboard Toggle word wrap