google jib容器打包工具

2019/05/27 15:26
阅读数 46

<div class="markdown_views" style="font-family:'-apple-system', 'SF UI Text', Arial, 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei', 'WenQuanYi Micro Hei', sans-serif, SimHei, SimSun;"><h1 id="简介"><a name="t0"></a><a name="t0" target="_blank"></a>简介</h1><p>Jib 是 Google 开发的可以直接构建 Java 应用的 Docker 和 OCI 镜像的类库,以 Maven 和 Gradle 插件形式提供。</p><p>通过 Jib,Java 开发者可以使用他们熟悉的 Java 工具来构建容器。Jib 是一个快速而简单的容器镜像构建工具,它负责处理将应用程序打包到容器镜像中所需的所有步骤。它不需要你编写 Dockerfile 或安装 Docker,而且可以直接集成到 Maven 和 Gradle中 —— 只需要将插件添加到构建中,就可以立即将 Java 应用程序容器化。</p><p></p><p style="color:rgb(51,51,51);font-family:'PingFang SC', 'Helvetica Neue', 'Microsoft YaHei UI', 'Microsoft YaHei', 'Noto Sans CJK SC', Sathu, EucrosiaUPC, sans-serif;background-color:rgb(255,255,255);">Docker 构建流程:</p><p style="color:rgb(51,51,51);font-family:'PingFang SC', 'Helvetica Neue', 'Microsoft YaHei UI', 'Microsoft YaHei', 'Noto Sans CJK SC', Sathu, EucrosiaUPC, sans-serif;background-color:rgb(255,255,255);"><img alt="" height="109" src="https://oscimg.oschina.net/oscnet/78ccde326ba645b505fc79d121e48cbec7e.jpg" width="594" style="border:none;"></p><p style="color:rgb(51,51,51);font-family:'PingFang SC', 'Helvetica Neue', 'Microsoft YaHei UI', 'Microsoft YaHei', 'Noto Sans CJK SC', Sathu, EucrosiaUPC, sans-serif;background-color:rgb(255,255,255);">Jib 构建流程:</p><p style="color:rgb(51,51,51);font-family:'PingFang SC', 'Helvetica Neue', 'Microsoft YaHei UI', 'Microsoft YaHei', 'Noto Sans CJK SC', Sathu, EucrosiaUPC, sans-serif;background-color:rgb(255,255,255);"><img alt="" height="42" src="https://oscimg.oschina.net/oscnet/4195dd92d923aa06c9a2152e231376ce39e.jpg" width="538" style="border:none;"></p><br><h1 id="配置"><a name="t1"></a><a name="t1" target="_blank"></a>配置</h1><h2 id="maven"><a name="t2"></a><a name="t2" target="_blank"></a>maven</h2><p>编辑pom.xml文件,添加以下内容:</p><pre style="font-family:'SFMono-Regular', Consolas, 'Liberation Mono', Menlo, Courier, monospace;font-size:13.6px;line-height:1.45;background-color:rgb(246,248,250);color:rgb(36,41,46);" class="prettyprint"> <span style="background-color:rgb(246,248,250);color:rgb(0,0,0);font-family:Consolas, Inconsolata, Courier, monospace;font-size:14px;">&lt;</span><span class="pl-ent" style="font-family:'SFMono-Regular', Consolas, 'Liberation Mono', Menlo, Courier, monospace;font-size:13.6px;color:rgb(34,134,58);">build</span><span style="color:rgb(36,41,46);font-family:'SFMono-Regular', Consolas, 'Liberation Mono', Menlo, Courier, monospace;font-size:13.6px;">&gt;</span>&lt;<span class="pl-ent" style="color:rgb(34,134,58);">plugins</span>&gt; ... &lt;<span class="pl-ent" style="color:rgb(34,134,58);">plugin</span>&gt; &lt;<span class="pl-ent" style="color:rgb(34,134,58);">groupId</span>&gt;com.google.cloud.tools&lt;/<span class="pl-ent" style="color:rgb(34,134,58);">groupId</span>&gt; &lt;<span class="pl-ent" style="color:rgb(34,134,58);">artifactId</span>&gt;jib-maven-plugin&lt;/<span class="pl-ent" style="color:rgb(34,134,58);">artifactId</span>&gt; &lt;<span class="pl-ent" style="color:rgb(34,134,58);">version</span>&gt;0.9.4&lt;/<span class="pl-ent" style="color:rgb(34,134,58);">version</span>&gt; &lt;<span class="pl-ent" style="color:rgb(34,134,58);">configuration</span>&gt; &lt;<span class="pl-ent" style="color:rgb(34,134,58);">to</span>&gt; &lt;<span class="pl-ent" style="color:rgb(34,134,58);">image</span>&gt;myimage&lt;/<span class="pl-ent" style="color:rgb(34,134,58);">image</span>&gt;&lt;<span class="pl-ent" style="font-size:13.6px;color:rgb(34,134,58);">credHelper</span><span style="font-size:13.6px;">&gt;osxkeychain&lt;/</span><span class="pl-ent" style="font-size:13.6px;color:rgb(34,134,58);">credHelper</span><span style="font-size:13.6px;">&gt;</span> &lt;/<span class="pl-ent" style="color:rgb(34,134,58);">to</span>&gt; &lt;/<span class="pl-ent" style="color:rgb(34,134,58);">configuration</span>&gt; &lt;/<span class="pl-ent" style="color:rgb(34,134,58);">plugin</span>&gt; ... &lt;/<span class="pl-ent" style="color:rgb(34,134,58);">plugins</span>&gt; &lt;/<span class="pl-ent" style="color:rgb(34,134,58);">build</span>&gt;</pre><p>配置说明:</p><ul style="list-style:none;"><li>from:打包docker的基础镜像,默认镜像是:gcr.io/distroless/java ,需要<code style="font-size:14px;line-height:22px;">翻墙</code></li><li>to:默认push到dockerhub指定仓库</li><li>credHelper:docker认证,这个就有点复杂了,下面再详细说明</li></ul><h1 id="credhelper"><a name="t3"></a><a name="t3" target="_blank"></a>credHelper</h1><p>这个是使用了第三方的一个docker认证工具,源码仓库:<a href="https://github.com/docker/docker-credential-helpers" rel="nofollow" target="_blank">https://github.com/docker/docker-credential-helpers</a></p><p>这里我提供一个linux的二进制压缩包:&nbsp;<a href="https://download.csdn.net/download/lusyoe/10534491" rel="nofollow" target="_blank">https://download.csdn.net/download/lusyoe/10534491</a></p><p>下面是配置操作步骤:</p><h2 id="1-解压"><a name="t4"></a><a name="t4" target="_blank"></a>1. 解压</h2><p>下载好后,将其复制到<code style="font-size:14px;line-height:22px;">/usr/bin</code>路径下,然后通过以下命令进行解压:&nbsp;<code style="font-size:14px;line-height:22px;">tar -xf docker-credential-pass-v0.6.0-amd64.tar.gz</code></p><p>验证是否可用:&nbsp;<code style="font-size:14px;line-height:22px;">docker-credential-pass version</code>&nbsp;如果打印出0.6.0就表示正常</p><h2 id="2-安装gpgpass"><a name="t5"></a><a name="t5" target="_blank"></a>2. 安装gpg、pass</h2><p>执行以下命令:&nbsp;CentOS:&nbsp;<code style="font-size:14px;line-height:22px;">sudo yum install gpg pass -y</code>&nbsp;Ubuntu:&nbsp;<code style="font-size:14px;line-height:22px;">sudo apt-get install gpg pass -y</code></p><h2 id="3-创建签名"><a name="t6"></a><a name="t6" target="_blank"></a>3. 创建签名</h2><p>通过gpg2命令生成签名:&nbsp;<code style="font-size:14px;line-height:22px;">gpg2 --gen-key</code>&nbsp;根据提示,一路确认下来就可以了。中间会提示输入密码,这个要记住了,后面会用到。</p><p>最后生成随机数的时候可能会慢一点,随便在键盘上敲点字符就可以了。&nbsp;最终生成的内容如下:</p><pre class="prettyprint" style="font-size:14px;line-height:22px;" name="code"><code class="hljs avrasm has-numbering vbnet"><ol class="hljs-ln"><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="1"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line"><span class="hljs-label">gpg:</span> /root/<span class="hljs-preprocessor">.gnupg</span>/trustdb<span class="hljs-preprocessor">.gpg</span>: trustdb created</div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="2"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line"><span class="hljs-label">gpg:</span> <span class="hljs-keyword">key</span> xxxxx marked <span class="hljs-keyword">as</span> ultimately trusted</div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="3"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line"><span class="hljs-keyword">public</span> <span class="hljs-keyword"><span class="hljs-keyword">and</span></span> secret <span class="hljs-keyword">key</span> created <span class="hljs-keyword"><span class="hljs-keyword">and</span></span> signed.</div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="4"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line"> </div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="5"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line"><span class="hljs-label">gpg:</span> checking the trustdb</div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="6"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line"><span class="hljs-label">gpg:</span> <span class="hljs-number"><span class="hljs-number">3</span></span> marginal(s) needed, <span class="hljs-number"><span class="hljs-number">1</span></span> complete(s) needed, PGP trust model</div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="7"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line"><span class="hljs-label">gpg:</span> depth: <span class="hljs-number"><span class="hljs-number">0</span></span> valid: <span class="hljs-number"><span class="hljs-number">1</span></span> signed: <span class="hljs-number"><span class="hljs-number">0</span></span> trust: <span class="hljs-number"><span class="hljs-number">0</span></span>-, <span class="hljs-number"><span class="hljs-number">0</span></span>q, <span class="hljs-number"><span class="hljs-number">0</span></span>n, <span class="hljs-number"><span class="hljs-number">0</span></span>m, <span class="hljs-number"><span class="hljs-number">0</span></span>f, <span class="hljs-number"><span class="hljs-number">1</span></span>u</div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="8"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line">pub <span class="hljs-number"><span class="hljs-number">2048</span></span>R/<span class="hljs-number"><span class="hljs-number">6</span></span>CC91C4E <span class="hljs-number"><span class="hljs-number">2018</span></span><span class="hljs-number">-</span><span class="hljs-number"><span class="hljs-number">07</span></span><span class="hljs-number">-</span><span class="hljs-number"><span class="hljs-number">11</span></span></div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="9"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line"> <span class="hljs-keyword">Key</span> fingerprint = <span class="hljs-number"><span class="hljs-number">8E3</span></span>C <span class="hljs-number"><span class="hljs-number">1083</span></span> <span class="hljs-number"><span class="hljs-number">6041</span></span> <span class="hljs-number"><span class="hljs-number">33</span></span>A8 <span class="hljs-number"><span class="hljs-number">99</span></span>CA DC55 <span class="hljs-number"><span class="hljs-number">1E68</span></span> <span class="hljs-number"><span class="hljs-number">4783</span></span> <span class="hljs-number"><span class="hljs-number">6</span></span>CC9 <span class="hljs-number"><span class="hljs-number">1</span></span>C4E</div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="10"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line">uid lusyoe &lt;xxxxx@xxx<span class="hljs-preprocessor">.com</span>&gt;</div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="11"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line"><span class="hljs-keyword"><span class="hljs-keyword">sub</span></span> <span class="hljs-number"><span class="hljs-number">2048</span></span>R/<span class="hljs-number"><span class="hljs-number">595</span></span>B7456 <span class="hljs-number"><span class="hljs-number">2018</span></span><span class="hljs-number">-</span><span class="hljs-number"><span class="hljs-number">07</span></span><span class="hljs-number">-</span><span class="hljs-number"><span class="hljs-number">11</span></span></div></div></li></ol></code><div class="hljs-button {2}" data-title="复制" onclick="hljs.copyCode(event)"></div></pre><h3 id="4-配置pass"><a name="t7"></a><a name="t7" target="_blank"></a>4. 配置pass</h3><ul style="list-style:none;"><li><p>初始化&nbsp;<br>生成完签名后,通过pass工具进行初始化一下,执行以下命令:&nbsp;<br><code style="font-size:14px;line-height:22px;">pass init &lt;gpg-key&gt;</code>&nbsp;<br><span style="font-weight:700;">gpg-key</span>就是上一步生成内容的第二行key后面的xxxxx内容。</p></li><li><p>插入密钥检查&nbsp;<br><code style="font-size:14px;line-height:22px;">pass insert docker-credential-helpers/docker-pass-initialized-check</code>&nbsp;<br>这里会提示输入密码,最好保持跟之前的gpg一致即可,后面还会提示输入gpg的密码</p></li><li><p>验证pass是否已初始化&nbsp;<br><code style="font-size:14px;line-height:22px;">pass show docker-credential-helpers/docker-pass-initialized-check</code></p></li></ul><h3 id="5-配置docker"><a name="t8"></a><a name="t8" target="_blank"></a>5. 配置docker</h3><p>编辑<code style="font-size:14px;line-height:22px;">~/.docker/config.json</code>文件,添加以下内容:</p><pre class="prettyprint" style="font-size:14px;line-height:22px;" name="code"><code class="hljs json has-numbering java"><ol class="hljs-ln"><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="1"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line">{</div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="2"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line"> <span class="hljs-string">"</span><span class="hljs-attribute"><span class="hljs-string">credsStore</span></span><span class="hljs-string">"</span>: <span class="hljs-value"><span class="hljs-string"><span class="hljs-string">"</span><span style="font-size:13.6px;color:rgb(36,41,46);font-family:'SFMono-Regular', Consolas, 'Liberation Mono', Menlo, Courier, monospace;"><span class="hljs-string">osxkeychain</span></span><span class="hljs-string">"</span></span></span></div></div></li><li><div class="hljs-ln-numbers"><div class="hljs-ln-line hljs-ln-n" data-line-number="3"></div></div><div class="hljs-ln-code"><div class="hljs-ln-line">}</div></div></li></ol></code><div class="hljs-button {2}" data-title="复制" onclick="hljs.copyCode(event)"></div></pre><p>配置完后,就可以使用:<code style="font-size:14px;line-height:22px;">docker login</code>开始登陆了。</p><h1 id="构建"><a name="t9"></a><a name="t9" target="_blank"></a>构建</h1><p>先编译,然后再打包镜像,当然也可以绑定maven构建周期,自动打包镜像。&nbsp;<br><code style="font-size:14px;line-height:22px;">mvn compile</code>&nbsp;<br><code style="font-size:14px;line-height:22px;">mvn jib:build</code></p><h5><strong>githhub</strong>:https://github.com/GoogleContainerTools/jib</h5><h1 id="优点"><a name="t10"></a><a name="t10" target="_blank"></a>优点</h1><ul style="list-style:none;"><li>无需编写Dockerfile,甚至无需安装docker</li><li>无需再执行docker build、push命令了</li><li>增量构建镜像,无需每次编译项目先打包jar</li></ul><h1 id="缺点"><a name="t11"></a><a name="t11" target="_blank"></a>缺点</h1><ul style="list-style:none;"><li>默认拉取的基础镜像是gcr仓库的,需要翻墙,并且jdk默认是openjdk</li><li>在拉取自定义的基础镜像和push构建的镜像这块,设计的不够友好,依赖需要第三方的加密组件(<code style="font-size:14px;line-height:22px;">折腾了好一会</code>);</li><li>侵入性太强,需要每个项目都添加上maven插件。如果是现有方案,只需要添加一个Dockerfile就可以了,而且定制化高</li><li>只支持java平台</li></ul></div> 原文地址:https://blog.csdn.net/u010978040/article/details/81011855

展开阅读全文
打赏
0
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部