主要是一个集成,同时可以提供方便的alpine apk 包管理以及维护
参考集成
备注:以上中使用git 进行配置管理,使用melange 进行apk 包的构建,同时可以结合s3 将数据存储到s3中,如果构建基于alpine 镜像的可以直接使用构建的私服,同时
也可以结合apko 进行oci 镜像构建,也比较高效方便
参考使用
- apk 构建 yaml 定义
package:
name: hello
version: 2.12
description: "the GNU hello world program"
copyright:
- paths:
- "*"
attestation: |
Copyright 1992, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2005,
2006, 2007, 2008, 2010, 2011, 2013, 2014, 2022 Free Software Foundation,
Inc.
license: GPL-3.0-or-later
dependencies:
runtime:
environment:
contents:
repositories:
- https://mirrors.aliyun.com/alpine/edge/main
packages:
- alpine-baselayout-data
- busybox
- build-base
- scanelf
- ssl_client
- ca-certificates-bundle
pipeline:
- uses: fetch
with:
uri: https://ftp.gnu.org/gnu/hello/hello-${{package.version}}.tar.gz
expected-sha256: cf04af86dc085268c5f4470fbae49b18afbc221b78096aab842d934a76bad0ab
- uses: autoconf/configure
- uses: autoconf/make
- uses: autoconf/make-install
- uses: strip
- apko yaml 定义
contents:
repositories:
- https://mirrors.aliyun.com/alpine/edge/main
- /work/packages
packages:
- alpine-base
- curl
- tree
- tzdata
- hello
entrypoint:
command: /bin/sh -l
paths:
- path: /etc/localtime
type: symlink
source: /usr/share/zoneinfo/Asia/Shanghai
# optional environment configuration
environment:
PATH: /usr/sbin:/sbin:/usr/bin:/bin
archs:
- amd64
- 生成证书
docker run --rm -v "${PWD}":/work cgr.dev/chainguard/melange keygen
- 构建apk
docker run --rm --privileged -v "${PWD}":/work \
cgr.dev/chainguard/melange build demo.yaml \
--arch amd64 \
--signing-key melange.rsa
- 构建镜像
docker run --rm -v "${PWD}":/work \
cgr.dev/chainguard/apko build --debug app-base.yaml \
dalongdemoapp:v1 dalongdemoapp.tar -k melange.rsa.pub \
--arch amd64
- 效果
- 加载运行效果
docker load < dalongdemoapp.tar
docker run -it dalongdemoapp:v1-amd64
效果
说明
基于melange+apko 对于构建基于alpine apk 的容器镜像是一个不错的选择
参考资料
https://docs.sigstore.dev/cosign/sign/
https://github.com/rongfengliang/melange_apko_learning
https://github.com/chainguard-dev/apko
https://github.com/chainguard-dev/melange