lingyuzeng/shellscripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Your Name
2024-11-12 20:59:01 +08:00
parent da19176e27
commit 36e5154be0
1 changed files with 114 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
nerdctl/README.md
View File

@@ -48,3 +48,116 @@ Rootful mode: /etc/nerdctl/nerdctl.toml
Rootless mode: ~/.config/nerdctl/nerdctl.toml Rootless mode: ~/.config/nerdctl/nerdctl.toml
需要安装RootlessKit和slirp4netns并且设置Nerdctl使用这些工具。参照 [Rootless模式文档](https://github.com/containerd/nerdctl/blob/main/docs/rootless.md) 进行配置。 需要安装RootlessKit和slirp4netns并且设置Nerdctl使用这些工具。参照 [Rootless模式文档](https://github.com/containerd/nerdctl/blob/main/docs/rootless.md) 进行配置。
## 构建镜像时候没有使用缓存的原因
[参考 nerdctl build](https://github.com/containerd/nerdctl/blob/main/docs/build.md)
BuildKit 的两种工作模式:
containerd worker允许 BuildKit 使用 containerd 管理的本地镜像缓存,也就是说 nerdctl 构建的镜像能够用作基础镜像。
OCI worker不使用 containerd 管理的镜像缓存,这意味着无法访问由 nerdctl 构建的镜像,因为它们被 containerd 所管理。因此,若使用 OCI workerBuildKit 只能直接从镜像仓库拉取镜像,无法利用本地缓存。
默认情况下如果没有特别设置BuildKit 很可能使用 OCI worker因此无法使用 containerd 管理的镜像。
若要确保 BuildKit 使用 containerd worker需要配置 /etc/buildkit/buildkitd.toml (/etc/buildkit/buildkit.toml) 文件,将 [worker.containerd] 设置为 enabled = true 并指定 namespace 为 "default"(或你指定的 namespace
sudo systemctl status buildkit
sudo systemctl enable --now buildkit
编辑文件`/etc/buildkit/buildkit.toml`
```shell
[worker.oci]
# 关闭OCI
enabled = false
[worker.containerd]
enabled = true
# namespace should be "k8s.io" for Kubernetes (including Rancher Desktop)
namespace = "buildkit" # 修改为'k8s.io' 可以从这里进行缓存镜像。
platforms = [ "linux/amd64", "linux/arm64" ]
gc = true
# gckeepstorage sets storage limit for default gc profile, in MB.
gckeepstorage = 9000
# registry configures a new Docker register used for cache import or output.
[registry."docker.io"]
# mirror configuration to handle path in case a mirror registry requires a /project path rather than just a host:port
mirrors = ["https://upnuemce.mirror.aliyuncs.com", "core.harbor.domain/proxy.docker.io"]
http = true
insecure = true
#ca=["/etc/config/myca.pem"]
#[[registry."docker.io".keypair]]
#key="/etc/config/key.pem"
#cert="/etc/config/cert.pem"
```
https://docker.unsee.tech https://dockerhub.icu
sudo systemctl restart buildkit
## root 用户创建 buildkit.service
```shell
echo "配置 buildkitd 服务..."
# 创建 buildkitd 配置文件目录
sudo mkdir -p /etc/buildkit
# https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
sudo tee /etc/buildkit/buildkit.toml > /dev/null <<EOT
[worker.oci]
enabled = false
[worker.containerd]
enabled = true
# namespace should be "k8s.io" for Kubernetes (including Rancher Desktop)
namespace = "buildkit"
platforms = [ "linux/amd64", "linux/arm64" ]
gc = true
# gckeepstorage sets storage limit for default gc profile, in MB.
gckeepstorage = 9000
# registry configures a new Docker register used for cache import or output.
[registry."docker.io"]
# mirror configuration to handle path in case a mirror registry requires a /project path rather than just a host:port
mirrors = ["https://upnuemce.mirror.aliyuncs.com", "core.harbor.domain/proxy.docker.io"]
http = true
insecure = true
#ca=["/etc/config/myca.pem"]
#[[registry."docker.io".keypair]]
#key="/etc/config/key.pem"
#cert="/etc/config/cert.pem"
EOT
sudo tee /etc/systemd/system/buildkit.service > /dev/null <<EOT
[Unit]
Description=BuildKit Daemon
Documentation=https://github.com/moby/buildkit
Requires=buildkit.socket
After=network.target buildkit.socket
[Service]
Type=notify
ExecStart=/usr/local/bin/buildkitd --config /etc/buildkit/buildkit.toml --addr fd://
Restart=always
RestartSec=10s
StartLimitInterval=0
[Install]
WantedBy=multi-user.target
EOT
sudo tee /etc/systemd/system/buildkit.socket > /dev/null <<EOT
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Socket]
ListenStream=%t/buildkit/buildkitd.sock
SocketMode=0660
[Install]
WantedBy=sockets.target
EOT
```