update

nerdctl/README.md

@@ -48,3 +48,116 @@ Rootful mode: /etc/nerdctl/nerdctl.toml
 Rootless mode: ~/.config/nerdctl/nerdctl.toml
 
 需要安装RootlessKit和slirp4netns，并且设置Nerdctl使用这些工具。参照 [Rootless模式文档](https://github.com/containerd/nerdctl/blob/main/docs/rootless.md) 进行配置。
+
+## 构建镜像时候没有使用缓存的原因
+
+[参考 nerdctl build](https://github.com/containerd/nerdctl/blob/main/docs/build.md)
+
+BuildKit 的两种工作模式：
+
+containerd worker：允许 BuildKit 使用 containerd 管理的本地镜像缓存，也就是说 nerdctl 构建的镜像能够用作基础镜像。
+OCI worker：不使用 containerd 管理的镜像缓存，这意味着无法访问由 nerdctl 构建的镜像，因为它们被 containerd 所管理。因此，若使用 OCI worker，BuildKit 只能直接从镜像仓库拉取镜像，无法利用本地缓存。
+
+默认情况下，如果没有特别设置，BuildKit 很可能使用 OCI worker，因此无法使用 containerd 管理的镜像。
+若要确保 BuildKit 使用 containerd worker，需要配置 /etc/buildkit/buildkitd.toml (/etc/buildkit/buildkit.toml) 文件，将 [worker.containerd] 设置为 enabled = true 并指定 namespace 为 "default"（或你指定的 namespace）。
+
+sudo systemctl status buildkit
+
+sudo systemctl enable --now buildkit
+
+编辑文件`/etc/buildkit/buildkit.toml`
+
+```shell
+[worker.oci]
+  # 关闭OCI
+  enabled = false
+
+[worker.containerd]
+  enabled = true
+  # namespace should be "k8s.io" for Kubernetes (including Rancher Desktop)
+  namespace = "buildkit" # 修改为'k8s.io' 可以从这里进行缓存镜像。
+  platforms = [ "linux/amd64", "linux/arm64" ]
+  gc = true
+  # gckeepstorage sets storage limit for default gc profile, in MB.
+  gckeepstorage = 9000
+
+# registry configures a new Docker register used for cache import or output.
+[registry."docker.io"]
+  # mirror configuration to handle path in case a mirror registry requires a /project path rather than just a host:port
+  mirrors = ["https://upnuemce.mirror.aliyuncs.com", "core.harbor.domain/proxy.docker.io"]
+  http = true
+  insecure = true
+  #ca=["/etc/config/myca.pem"]
+  #[[registry."docker.io".keypair]]
+    #key="/etc/config/key.pem"
+    #cert="/etc/config/cert.pem"
+```
+
+https://docker.unsee.tech https://dockerhub.icu
+
+sudo systemctl restart buildkit
+
+## root 用户创建 buildkit.service
+
+```shell
+    echo "配置 buildkitd 服务..."
+
+    # 创建 buildkitd 配置文件目录
+    sudo mkdir -p /etc/buildkit
+    # https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
+    sudo tee /etc/buildkit/buildkit.toml > /dev/null <<EOT
+[worker.oci]
+  enabled = false
+
+[worker.containerd]
+  enabled = true
+  # namespace should be "k8s.io" for Kubernetes (including Rancher Desktop)
+  namespace = "buildkit"
+  platforms = [ "linux/amd64", "linux/arm64" ]
+  gc = true
+  # gckeepstorage sets storage limit for default gc profile, in MB.
+  gckeepstorage = 9000
+
+# registry configures a new Docker register used for cache import or output.
+[registry."docker.io"]
+  # mirror configuration to handle path in case a mirror registry requires a /project path rather than just a host:port
+  mirrors = ["https://upnuemce.mirror.aliyuncs.com", "core.harbor.domain/proxy.docker.io"]
+  http = true
+  insecure = true
+  #ca=["/etc/config/myca.pem"]
+  #[[registry."docker.io".keypair]]
+    #key="/etc/config/key.pem"
+    #cert="/etc/config/cert.pem"
+EOT
+
+    sudo tee /etc/systemd/system/buildkit.service > /dev/null <<EOT
+[Unit]
+Description=BuildKit Daemon
+Documentation=https://github.com/moby/buildkit
+Requires=buildkit.socket
+After=network.target buildkit.socket
+
+[Service]
+Type=notify
+ExecStart=/usr/local/bin/buildkitd --config /etc/buildkit/buildkit.toml --addr fd://
+Restart=always
+RestartSec=10s
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target
+EOT
+
+    sudo tee /etc/systemd/system/buildkit.socket > /dev/null <<EOT
+[Unit]
+Description=BuildKit
+Documentation=https://github.com/moby/buildkit
+
+[Socket]
+ListenStream=%t/buildkit/buildkitd.sock
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target
+EOT
+```