Hello, Habr. We hear a lot about Kubernetis and Docker now. Probably, only the lazy doesn't know about them. But there are other options for working with containers. Here's a translation of an article by an enthusiast who decided to explore similar tools.
I want to talk about how to create containers without using Docker. I will be using OpenFaaS , which uses OCI container images for my workloads. We can say that OpenFaaS is a CaaS platform for Kubernetes that is able to run microservices and add FaaS and event management tools for free. We'll start by showing you how to use the built-in buildkit for the Docker command line interface, then describe the standalone buildkit (Linux only), and then the Google container builder , Kaniko .
What's wrong with Docker?
Yes, everything is like that with him. It works well on armhf, arm64 and on x86_64. The main Docker command line interface has gone a lot more than just build / push / run, it now comes with Docker Swarm and EE features.
Docker alternatives
There have been several attempts to bring Docker back to the familiar look we all fell in love with.
Docker - Docker itself now uses containerd to run containers and supports buildkit builds to create highly efficient caching builds.
Pouch β Alibaba Β« Β». containerd , Docker, runc Β« Β», runV. .
img β buildkit. . 2018 , . , img buildctr, buildkit, , img x86_64 armhf/arm64.
k3c β Rancher, containerd buildkit , Docker. ARM.
k3c, , , containerd buildkit.
, Β«buildΒ» , :
buildkit Docker
buildkit
Kaniko
( ) , OpenFaaS CLI Β« Β»,
HTTP Golang middleware, , , OpenFaaS.
faas-cli template store pull golang-middleware
faas-cli new --lang golang-middleware \
build-test --prefix=alexellis2--lang
build-test β
--prefix Docker Hub, OCI.
:
./
βββ build-test
β βββ handler.go
βββ build-test.yml
1 directory, 2 files, . Go.
package function
import (
"fmt"
"io/ioutil"
"net/http"
)
func Handle(w http.ResponseWriter, r *http.Request) {
var input []byte
if r.Body != nil {
defer r.Body.Close()
body, _ := ioutil.ReadAll(r.Body)
input = body
}
w.WriteHeader(http.StatusOK)
w.Write([]byte(fmt.Sprintf("Hello world, input was: %s", string(input))))
}:
faas-cli build -f build-test.yml
Dockerfile
./template/golang-middleware/Dockerfile
:
FROM openfaas/of-watchdog:0.7.3 as watchdog
FROM golang:1.13-alpine3.11 as build
FROM alpine:3.12 . , . faas-cli push -f build-test.yml.
Buildkit Docker
, .
DOCKER_BUILDKIT=1 faas-cli build -f build-test.yml
Docker buildkit. Buildkit :
, β , " " , "sdk" .
buildkit , FROM () .
buildkit , FROM () .
FROM openfaas/of-watchdog:0.7.3 as watchdog
FROM golang:1.13-alpine3.11 as build
FROM alpine:3.11Mac, buildkit Docker, .
Buildkit
Buildkit buildkit Linux, Mac.
faas-cli build docker, β . , , , :
faas-cli build -f build-test.yml --shrinkwrap
[0] > Building build-test.
Clearing temporary build folder: ./build/build-test/
Preparing ./build-test/ ./build/build-test//function
Building: alexellis2/build-test:latest with golang-middleware template. Please wait..
build-test shrink-wrapped to ./build/build-test/
[0] < Building build-test done in 0.00s.
[0] Worker done.
Total build time: 0.00 ./build/build-test/ Dockerfile.
./build/build-test/
βββ Dockerfile
βββ function
β βββ handler.go
βββ go.mod
βββ main.go
βββ template.yml
1 directory, 5 filesbuildkit.
curl -sSLf https://github.com/moby/buildkit/releases/download/v0.6.3/buildkit-v0.6.3.linux-amd64.tar.gz | sudo tar -xz -C /usr/local/bin/ --strip-components=1, buildkit, armhf arm64, .
buildkit :
sudo buildkitd
WARN[0000] using host network as the default
INFO[0000] found worker "l1ltft74h0ek1718gitwghjxy", labels=map[org.mobyproject.buildkit.worker.executor:oci org.mobyproject.buildkit.worker.hostname:nuc org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/386]
WARN[0000] skipping containerd worker, as "/run/containerd/containerd.sock" does not exist
INFO[0000] found 1 workers, default="l1ltft74h0ek1718gitwghjxy"
WARN[0000] currently, only the default worker can be used.
INFO[0000] running server on /run/buildkit/buildkitd.sock , . buildctl. buildctl β , , , , , tar, .
buildctl build --help
NAME:
buildctl build - build
USAGE:
To build and push an image using Dockerfile:
$ buildctl build --frontend dockerfile.v0 --opt target=foo --opt build-arg:foo=bar --local context=. --local dockerfile=. --output type=image,name=docker.io/username/image,push=true
OPTIONS:
--output value, -o value Define exports for build result, e.g. --output type=image,name=docker.io/username/image,push=true
--progress value Set type of progress (auto, plain, tty). Use plain to show container output (default: "auto")
--trace value Path to trace file. Defaults to no tracing.
--local value Allow build access to the local directory
--frontend value Define frontend used for build
--opt value Define custom options for frontend, e.g. --opt target=foo --opt build-arg:foo=bar
--no-cache Disable cache for all the vertices
--export-cache value Export build cache, e.g. --export-cache type=registry,ref=example.com/foo/bar, or --export-cache type=local,dest=path/to/dir
--import-cache value Import build cache, e.g. --import-cache type=registry,ref=example.com/foo/bar, or --import-cache type=local,src=path/to/dir
--secret value Secret value exposed to the build. Format id=secretname,src=filepath
--allow value Allow extra privileged entitlement, e.g. network.host, security.insecure
--ssh value Allow forwarding SSH agent to the builder. Format default|<id>[=<socket>|<key>[,<key>]] , Docker DOCKER_BUILDKIT :
sudo -E buildctl build --frontend dockerfile.v0 \
--local context=./build/build-test/ \
--local dockerfile=./build/build-test/ \
--output type=image,name=docker.io/alexellis2/build-test:latest,push=true docker login $HOME/.docker/config.json` .
ASCII .
img buildkit
img , , .
, , , . armhf ARM64 .
x86_64 v0.5.7 7 2019, Go 1.11, 1.13 Go :
sudo curl -fSL "https://github.com/genuinetools/img/releases/download/v0.5.7/img-linux-amd64" -o "/usr/local/bin/img" \
&& sudo chmod a+x "/usr/local/bin/img" buildctl:
img build --help
Usage: img build [OPTIONS] PATH
Build an image from a Dockerfile.
Flags:
-b, --backend backend for snapshots ([auto native overlayfs]) (default: auto)
--build-arg Set build-time variables (default: [])
-d, --debug enable debug logging (default: false)
-f, --file Name of the Dockerfile (Default is 'PATH/Dockerfile') (default: <none>)
--label Set metadata for an image (default: [])
--no-cache Do not use cache when building the image (default: false)
--no-console Use non-console progress UI (default: false)
--platform Set platforms for which the image should be built (default: [])
-s, --state directory to hold the global state (default: /home/alex/.local/share/img)
-t, --tag Name and optionally a tag in the 'name:tag' format (default: [])
--target Set the target build stage to build (default: <none>):
sudo img build -f ./build/build-test/Dockerfile -t alexellis2/build-test:latest ./build/build-test/ img . , root-.
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0xe5 pc=0x7f84d067c420]
runtime stack:
runtime.throw(0xfa127f, 0x2a)
/home/travis/.gimme/versions/go1.11.10.linux.amd64/src/runtime/panic.go:608 +0x72
runtime.sigpanic()
/home/travis/.gimme/versions/go1.11.10.linux.amd64/src/runtime/signal_unix.go:374 +0x2f2
goroutine 529 [syscall]:
runtime.cgocall(0xc9d980, 0xc00072d7d8, 0x29)
/home/travis/.gimme/versions/go1.11.10.linux.amd64/src/runtime/cgocall.go:128 +0x5e fp=0xc00072d7a0 sp=0xc00072d768 pc=0x4039ee
os/user._Cfunc_mygetgrgid_r(0x2a, 0xc000232260, 0x7f84a40008c0, 0x400, 0xc0004ba198, 0xc000000000)Kaniko
Kaniko β Google, . .
docker run -v $PWD/build/build-test:/workspace \
-v ~/.docker/config.json:/kaniko/config.json \
--env DOCKER_CONFIG=/kaniko \
gcr.io/kaniko-project/executor:latest \
-d alexellis2/build-test:latestβd, .-vKaniko,config.json.
Kaniko , , Kaniko one-shot , , Buildkit.
β . Docker , . , . , Docker, , IP-.
buildkit. .
DOCKER_BUILDKIT=1buildkit. , Docker, CI box runner. Linux, MacOS. , TCP?
. faasd, containerd CNI, Docker Kubernetes.
Kaniko. , Kaniko, - Docker, .
OpenFaaS faas-cli build βshrinkwrap . OpenFaaS:
OpenFaaS CI/CD shrinkwrap buildkit. Docker Docker buildkit.
faasd containerd docker, buildkit.
We have not touched on one of the important parts of the workflow - deployment. Any OCI container can be deployed in the OpenFaaS control plane on top of Kubernetes as long as it meets the definition of a serverless workload .