Kanikoチュートリアルやってみました

本記事はKanikoのチュートリアルをやってみたという記事になります。 github

マニフェストファイルの準備
Dockerfile作成
認証情報の作成
デプロイ
確認

マニフェストファイルの準備

# kaniko-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: dockerfile
  labels:
    type: local
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  storageClassName: local-storage
  hostPath:
    path: /home/docker/kaniko # replace with local directory, such as "/home/<user-name>/kaniko"
---

# kaniko-volume-claim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: dockerfile-claim
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 8Gi
  storageClassName: local-storage
---

# kaniko-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: kaniko
spec:
  containers:
  - name: kaniko
    image: gcr.io/kaniko-project/executor:latest
    args: ["--dockerfile=/workspace/Dockerfile",
            "--context=dir://workspace",
            "--destination=<user-name>/<repo>"] # replace with your dockerhub account
    volumeMounts:
      - name: kaniko-secret
        mountPath: /kaniko/.docker
      - name: dockerfile-storage
        mountPath: /workspace
  restartPolicy: Never
  volumes:
    - name: kaniko-secret
      secret:
        secretName: regcred
        items:
          - key: .dockerconfigjson
            path: config.json
    - name: dockerfile-storage
      persistentVolumeClaim:
        claimName: dockerfile-claim
---

Dockerfile作成

今回はMinikube上にあるDockerfileをビルドします。

# minikubu ssh
$ mkdir kaniko && cd kaniko
$ echo 'FROM ubuntu' >> Dockerfile
$ echo 'ENTRYPOINT ["/bin/bash", "-c", "echo hello"]' >> Dockerfile
$ pwd
/home/docker/kaniko

認証情報の作成

$ kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>

--docker-serverにはDockerhubの場合はhttps://index.docker.io/v1/を渡す

デプロイ

# create persistent volume
$ kubectl create -f kaniko-volume.yml
persistentvolume/dockerfile created

# create persistent volume claim
$ kubectl create -f kaniko-volume-claim.yml
persistentvolumeclaim/dockerfile-claim created

# check whether the volume mounted correctly
$ kubectl get pv dockerfile
NAME         CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                      STORAGECLASS    REASON   AGE
dockerfile   10Gi       RWO            Retain           Bound    default/dockerfile-claim   local-storage            1m

# create pod
$ kubectl create -f kaniko-pod.yml
pod/kaniko created
$ kubectl get pods
NAME     READY   STATUS              RESTARTS   AGE
kaniko   0/1     ContainerCreating   0          7s

# check whether the build complete and show the build logs
$ kubectl get pods
NAME     READY   STATUS      RESTARTS   AGE
kaniko   0/1     Completed   0          34s
$ kubectl logs kaniko
INFO[0000] Downloading base image ubuntu
INFO[0006] Taking snapshot of full filesystem...
INFO[0007] Skipping paths under /dev, as it is a whitelisted directory
INFO[0007] Skipping paths under /kaniko, as it is a whitelisted directory
INFO[0007] Skipping paths under /proc, as it is a whitelisted directory
INFO[0007] Skipping paths under /root, as it is a whitelisted directory
INFO[0007] Skipping paths under /sys, as it is a whitelisted directory
INFO[0007] Skipping paths under /var/run, as it is a whitelisted directory
INFO[0007] Skipping paths under /workspace, as it is a whitelisted directory
INFO[0007] ENTRYPOINT ["/bin/bash", "-c", "echo hello"]

確認

ビルドしたか確認するため、ローカルにpullしてテストします。

$ docker run -it <user-name>/<repo-name>
hello