Jib Maven插件如何在不使用Docker守护程序的情况下构建镜像呢?

huangapple go评论138阅读模式
英文:

How does the Jib maven plugin build images without using a docker daemon?

问题

在过去的几个月中,我一直在尝试使用Docker,并享受在容器内构建和运行Java应用程序所带来的好处。

几周前,我偶然发现了jib Maven插件,并注意到jib可以将映像构建到Docker注册表中,而无需使用Docker守护程序

在将jib添加到我的一个项目中并在没有安装Docker的虚拟机上运行mvn clean install jib:build之后,我惊讶地发现jib实际上构建并推送了一个包含我的项目的映像到远程注册表。

出于好奇,我上网阅读了更多关于jib如何在没有安装Docker的情况下构建和推送Docker映像的信息,但几乎找不到任何相关信息。我找到了一篇文章,解释了一些在不使用Docker的情况下创建映像的方法,还试图通过阅读其maven目标源代码来理解jib:build在运行时的实际操作,但这两者都没有揭示出在运行jib:build时背后发生了什么。

如果有人能够更详细地分享关于jib Maven插件的信息,以及它如何在幕后构建和推送映像而无需使用Docker守护程序,我将非常感谢。

英文:

For the past few months I have been experimenting with docker and have enjoyed the benefits of building and running java applications inside containers.

A few weeks ago I stumbled upon the jib maven plugin and noticed that jib can build images to docker registries without using a docker daemon.

After adding jib to one of my projects and running mvn clean install jib:build(on a VM which doesn't have docker installed), I was surprised that jib actually built and pushed an image containing my project to a remote registry.

Out of curiosity, I went online to read more about how jib builds and pushes docker images without having docker installed but found little to no information on the subject. I managed to find an article which explains a few ways of creating images without using docker and also tried to understand how the maven goal jib:build works by reading it's [source code](https://github.com/GoogleContainerTools/jib/blob/master/jib-maven-plugin/src/main/java/com/google/cloud/tools/jib/maven/BuildImageMojo.java "https://github.com/GoogleContainerTools/jib/blob/master/jib-maven-plugin/src/main/java/com/google/cloud/tools/jib/maven/BuildImageMojo.java") but neither of the two gave me any insights on what's happening behind the sceneces when you run jib:build.

I would greatly appreciate if someone shares more about the jib maven plugin and how it actually builds and pushes an image behind the scenes without using a docker daemon.

答案1

得分: 11

(Jib 开发者在这里。我将在非常高的层次上轻微地涉及这个主题,仅概念性地介绍一下。请记住,以下内容仅涵盖了镜像构建的一个方面。)

从概念上看,容器镜像的解剖结构非常简单;它只是一组 tar 包的集合,以及有关镜像的一些元数据(大约两个 JSON 文件)。如果您以有序的方式解压一些 tar 包(具体来说是联合挂载),您将得到一些文件和目录;这些基本上是镜像的文件系统内容,在运行时您将获得并查看这些内容。在场景中添加一对小的 JSON 文件,用于描述镜像的一些元数据(例如,运行时的环境变量,镜像入口点,构成该镜像的 tar 包等),您就已经拥有了一个容器镜像。然后,通过Docker Registry API与容器注册表通信(即发送和接收 HTTP 请求和响应)以上传这些 tar 包(经过压缩)和 JSON 文件,即可完成!您已经构建并将一个镜像推送到了注册表。

因此,是的,您可以使用老旧的命令行上的 tar 创建这些 tar 包(这些 tar 包被称为“镜像层”),使用文本编辑器创建一些带有 JSON 文件,并使用 curl 将它们上传到注册表。我以前就这样做过。当然,为了使任何容器运行时能够实际运行这样的镜像,您的 tar 包可能需要包含一些最低限度所需的骨架文件和目录,以正确地进行功能操作,例如,作为一个 Linux 系统(实际上并不多)。但仍然,tar 包的内容没有任何限制;它们甚至不必是有效的 tar 存档。(是的,您可以滥用容器注册表来上传任何垃圾数据。例如,这个 shell 脚本 将 40MB 的随机字节上传到 Docker Hub。)您仍然可以通过 JSON 元数据文件声称您的(完全损坏的)“镜像”由这些垃圾 BLOBs 构成。(当然,这样的镜像将无法在运行时运行。)

英文:

(Jib dev here. I will very lightly touch on the subject at a very high level and only conceptually. Keep in mind that the following covers only one aspect of image building.)

Conceptually the anatomy of a container image is remarkably simple; it's just a collection of tarballs, plus some metadata about the image (about two JSON files). You'll get that if you untar some tarballs in an orderly fashion (union mounting, to be specific), you are left with some files and directories; these are basically the filesystem contents of an image you'll get and see at runtime. Throw in a couple small JSON files in the scene for some metadata about the image (for example, environment variables at runtime, image entrypoint, which tarballs this image is composed of, etc.), and you already have a container image in your hands. Then, you communicate with a container registry via the Docker Registry API (i.e., sending and receiving HTTP requests and responses) to upload those tarballs (after compression) and JSON files, and voila! You built and pushed an image to a registry.

So, yes, you can create those tarballs using the good old tar on the command-line (these tarballs are called "image layers"), create some JSON files with a text editor, and upload them to a registry using curl. I've done that before. Of course, in order for any container runtime to be able to actually run such an image, your tarballs may need to include some minimally required skeleton files and directories to correctly function, for example, as a Linux system (not a lot actually). But still, there's no restriction in the contents of tarballs; they don't even have to be a valid tar archive. (Yes, you can abuse a container registry to upload any garbage data. For example, this shell script uploads 40MB of random bytes to Docker Hub.) And you can still claim with the JSON metadata files that your (completely broken) "image" is composed of these garbage BLObs. (Of course, such an image will fail to run at runtime.)

huangapple
  • 本文由 发表于 2020年9月28日 23:04:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/64104769.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定