红帽全球峰会7.2. 从最小状态构建基础镜像
在以前的版本中,您可以使用 RHEL 的镜像模式只构建标准镜像。标准镜像大致是一个无头服务器安装,虽然您也可以将其用于桌面,并包含用于网络、CLI 工具的许多建议软件包。
现在,您可以选择从标准镜像生成一个新的最小镜像,该镜像仅从 bootc、kernel 和 dnf 开始。然后可在多阶段构建中进一步扩展此镜像。在当前时间,registry 中未预先提供该镜像。
基础镜像包括 /usr/libexec/bootc-base-imagectl 工具,可让您生成自定义基础镜像。通过使用该工具,您可以构建基于基础镜像中选择的 RPM 软件包的根文件系统。
先决条件
- 标准 bootc 基础镜像。
流程
以下示例创建自定义最小基础镜像:
Begin with a standard bootc base image that is reused as a "builder" for the custom image. Configure and override source RPM repositories, if necessary. This step is not required when building up from minimal unless referencing specific content views or target mirrored/snapshotted/pinned versions of content. Add additional repositories to apply customizations to the image. However, referencing a custom manifest in this step is not currently supported without forking the code. Build the root file system by using the specified repositories and non-RPM content from the "builder" base image. If no repositories are defined, the default build will be used. You can modify the scope of packages in the base image by changing the manifest between the "standard" and "minimal" sets. Create a new, empty image from scratch. Copy the root file system built in the previous step into this image. Apply customizations to the image. This syntax uses "heredocs" https://www.docker.com/blog/introduction-to-heredocs-in-dockerfiles/ to pass multi-line arguments in a more readable format. Set pipefail to display failures within the heredoc and avoid false-positive successful builds. Install required packages for our custom bootc image. Note that using a minimal manifest means we need to add critical components specific to our use case and environment. Remove package caches Clean up all logs and caches Run the bootc linter to perform build-time verification. Keep this as the last command in your build instructions. Close the shell command. Define required labels for this bootc image to be recognized as such. Optional labels that only apply when running this image as a container. These keep the default entry point running under systemd.
# Begin with a standard bootc base image that is reused as a "builder" for the custom image. FROM registry.redhat.io/rhel10/rhel-bootc:latest # Configure and override source RPM repositories, if necessary. This step is not required when building up from minimal unless referencing specific content views or target mirrored/snapshotted/pinned versions of content. # Add additional repositories to apply customizations to the image. However, referencing a custom manifest in this step is not currently supported without forking the code. # Build the root file system by using the specified repositories and non-RPM content from the "builder" base image. # If no repositories are defined, the default build will be used. You can modify the scope of packages in the base image by changing the manifest between the "standard" and "minimal" sets. RUN /usr/libexec/bootc-base-imagectl build-rootfs --manifest=minimal /target-rootfs # Create a new, empty image from scratch. FROM scratch # Copy the root file system built in the previous step into this image. COPY --from=builder /target-rootfs/ / # Apply customizations to the image. This syntax uses "heredocs" https://www.docker.com/blog/introduction-to-heredocs-in-dockerfiles/ to pass multi-line arguments in a more readable format. RUN <<EORUN # Set pipefail to display failures within the heredoc and avoid false-positive successful builds. set -xeuo pipefail # Install required packages for our custom bootc image. # Note that using a minimal manifest means we need to add critical components specific to our use case and environment. dnf -y install NetworkManager openssh-server # Remove package caches dnf clean all # Clean up all logs and caches rm /var/{log,cache,lib}/* -rf # Run the bootc linter to perform build-time verification. Keep this as the last command in your build instructions. bootc container lint # Close the shell command. EORUN # Define required labels for this bootc image to be recognized as such. LABEL containers.bootc 1 LABEL ostree.bootable 1 # Optional labels that only apply when running this image as a container. These keep the default entry point running under systemd. STOPSIGNAL SIGRTMIN+3 CMD ["/sbin/init"]Copy to Clipboard Copied!
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}