[英]How to supply registry credential to a lifecycle
我正在查看 buildpacks.io 標准,我想制作自己的平台。
我在將圖像導出到 docker hub 時遇到問題。 我還沒有編寫導出器,但我正在使用 buildpacks.io 項目中的一個,如下所示。
平台是一個可執行文件,給定一個構建鏡像(heroku/buildpacks)
/cnb/lifecycle/creator作為對 buildah 的炮擊的最小實現將是這樣的。
#! /usr/bin/env bash
# this script is a buildpacks.io implementation of a platform
readonly SCRIPT_NAME="$(basename "$0")"
run () {
local -r builder_image="$1"
local -r app_name="$2"
local -r new_container=$(buildah from "$builder_image")
# here we can set-up all the environment variables that are
# requested by the plaftorm API
buildah config -e CNB_PLATFORM_API="0.5" "$new_container"
# this is useful for debugging what is actually happening
# during the lifecycle
buildah config -e CNB_LOG_LEVEL="debug" "$new_container"
# I have mounted my credentials directory inside this build container
# this is where it should be found
# buildah run "$new_container" cat /home/heroku/.docker/config.json
# finally we can copy what we want built and packaged as an image
buildah copy "$new_container" '.' '/workspace'
buildah run "$new_container" /cnb/lifecycle/creator "$app_name"
# remove this build container when done
#buildah rm "$new_container"
}
run "$@"
好消息是我到達了某個地方,我可以完成 buildpacks.io 生命周期中描述的階段,但是當生命周期嘗試將生成的圖像上傳到遠程時出現錯誤。
從一個僅包含一個文件的示例目錄中,我可以在運行時打印“Hello world”。
$ buildpacks docker://docker.io/heroku/buildpacks docker.io/edoput/buildpacks-example
Getting image source signatures
Copying blob 9c080d283a81 skipped: already exists
...
Copying blob e80fe5117c2a [--------------------------------------] 0.0b / 0.0b
Copying config 451cf0ce8d done
Writing manifest to image destination
Storing signatures
container ID must be specified
ERRO exit status 125
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
CNB_USER_ID=1000
CNB_GROUP_ID=1000
STACK=heroku-18
CNB_STACK_ID=heroku-18
CNB_PLATFORM_API=0.5
CNB_LOG_LEVEL=debug
HOSTNAME=1fca0b1ec107
HOME=/home/heroku
ef90cc8f4caed8241b832e8836c81a8530dada6358e3b2f43fb865ae269352ce
Warning: Not restoring or caching layer data, no cache flag specified.
===> DETECTING
======== Output: heroku/ruby@0.0.1 ========
no
======== Results ========
err: heroku/ruby@0.0.1 (1)
pass: heroku/procfile@0.6.2
======== Results ========
fail: heroku/python@0.3.1
pass: heroku/procfile@0.6.2
======== Results ========
fail: heroku/scala@0.0.90
pass: heroku/procfile@0.6.2
======== Results ========
fail: heroku/php@0.3.1
pass: heroku/procfile@0.6.2
======== Results ========
fail: heroku/go@0.3.1
pass: heroku/procfile@0.6.2
======== Results ========
pass: heroku/nodejs-engine@0.7.5
pass: heroku/nodejs-npm@0.4.5
skip: heroku/nodejs-typescript@0.2.4
fail: heroku/nodejs-function-invoker@0.1.6
Warning: Warning: buildpack heroku/jvm has a "version" key. This key is deprecated in build plan requirements in buildpack API 0.3. "metadata.version" should be used instead
======== Output: heroku/jvm@0.1.6 ========
JVM
======== Output: heroku/maven@0.2.3 ========
Could not find a pom.xml file! Please check that it exists and is committed to Git.
======== Results ========
pass: heroku/jvm@0.1.6
fail: heroku/maven@0.2.3
fail: heroku/jvm-function-invoker@0.2.11
======== Results ========
pass: heroku/nodejs-engine@0.7.4
fail: heroku/nodejs-yarn@0.1.5
skip: heroku/nodejs-typescript@0.2.3
pass: heroku/procfile@0.6.2
======== Results ========
pass: heroku/nodejs-engine@0.7.4
pass: heroku/nodejs-npm@0.4.4
skip: heroku/nodejs-typescript@0.2.3
pass: heroku/procfile@0.6.2
Resolving plan... (try #1)
3 of 4 buildpacks participating
heroku/nodejs-engine 0.7.4
heroku/nodejs-npm 0.4.4
heroku/procfile 0.6.2
===> ANALYZING
Previous image with name "docker.io/edoput/buildpacks-example" not found
Usable cache not provided, using empty cache metadata.
===> RESTORING
Usable cache not provided, using empty cache metadata.
===> BUILDING
Starting build
Running build for buildpack heroku/nodejs-engine@0.7.4
Looking up buildpack
Finding plan
Running build for buildpack Node Buildpack 0.7.4
Updating buildpack plan entries
Creating plan directory
Preparing paths
Running build command
[INFO] Node.js Buildpack
[INFO] Setting NODE_ENV to production
[INFO] Installing toolbox
[INFO] - yj
[Installing Node]
[INFO] Getting Node version
[INFO] Resolving Node version
[INFO] Downloading and extracting Node v16.3.0
[Parsing package.json]
[INFO] Parsing package.json
Processing layers
Updating environment
Reading output files
Updating buildpack processes
Updating process list
Finished running build for buildpack heroku/nodejs-engine@0.7.4
Running build for buildpack heroku/nodejs-npm@0.4.4
Looking up buildpack
Finding plan
Running build for buildpack NPM Buildpack 0.4.4
Updating buildpack plan entries
Creating plan directory
Preparing paths
Running build command
[INFO] Using npm v7.15.1 from Node
[INFO] Installing node modules
up to date, audited 1 package in 778ms
found 0 vulnerabilities
npm notice
npm notice New minor version of npm available! 7.15.1 -> 7.18.1
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v7.18.1>
npm notice Run `npm install -g npm@7.18.1` to update!
npm notice
[Warning: Skip pruning because NODE_ENV is not 'production'.]
Processing layers
Updating environment
Reading output files
Updating buildpack processes
Updating process list
Finished running build for buildpack heroku/nodejs-npm@0.4.4
Running build for buildpack heroku/procfile@0.6.2
Looking up buildpack
Finding plan
Running build for buildpack Procfile 0.6.2
Updating buildpack plan entries
Creating plan directory
Preparing paths
Running build command
[INFO] Discovering process types
[INFO] Procfile declares types -> (none)
Processing layers
Updating environment
Reading output files
Updating buildpack processes
Updating process list
Finished running build for buildpack heroku/procfile@0.6.2
Listing processes
Finished build
===> EXPORTING
no project metadata found at path '/layers/project-metadata.toml', project metadata will not be exported
Reusing tarball for layer "heroku/nodejs-engine:nodejs" with SHA: sha256:22b14cf125adb65ab87e7dc2dcbfddc9e80e3d1916536be195709424b91be64d
Adding layer 'heroku/nodejs-engine:nodejs'
Layer 'heroku/nodejs-engine:nodejs' SHA: sha256:22b14cf125adb65ab87e7dc2dcbfddc9e80e3d1916536be195709424b91be64d
Layer 'slice-1' SHA: sha256:62f98a22a3bd756b22102aacc338bbc61810fac32149d4a213f74fdb7e64759d
Adding 1/1 app layer(s)
Reusing tarball for layer "launcher" with SHA: sha256:20e1cf6014bd25720eb257f028b876dae49298820951982fa57cc2f64c086e66
Adding layer 'launcher'
Layer 'launcher' SHA: sha256:20e1cf6014bd25720eb257f028b876dae49298820951982fa57cc2f64c086e66
Reusing tarball for layer "config" with SHA: sha256:c8c42576a4717d5b075ea911146c10b8843b45a1f8b59c492eb866e418522a19
Adding layer 'config'
Layer 'config' SHA: sha256:c8c42576a4717d5b075ea911146c10b8843b45a1f8b59c492eb866e418522a19
Reusing tarball for layer "process-types" with SHA: sha256:83d85471d9f8a3834b4e27cf701e3f0aef220cc816d9c173c7d32cd73909a590
Adding layer 'process-types'
Layer 'process-types' SHA: sha256:83d85471d9f8a3834b4e27cf701e3f0aef220cc816d9c173c7d32cd73909a590
Adding label 'io.buildpacks.lifecycle.metadata'
Adding label 'io.buildpacks.build.metadata'
Adding label 'io.buildpacks.project.metadata'
Setting CNB_LAYERS_DIR=/layers
Setting CNB_APP_DIR=/workspace
Setting CNB_PLATFORM_API=0.5
Setting CNB_DEPRECATION_MODE=quiet
Prepending /cnb/process and /cnb/lifecycle to PATH
Setting default process type 'web'
Setting ENTRYPOINT: '/cnb/process/web'
Saving docker.io/edoput/buildpacks-example...
*** Images (sha256:30279532d29d797bc9fd61d705b6701a62ded6e857150f2cabf176b698351d20):
docker.io/edoput/buildpacks-example - POST https://index.docker.io/v2/edoput/buildpacks-example/blobs/uploads/?from=heroku%2Fpack&mount=sha256%3Ad2e110be24e168b42c1a2ddbc4a476a217b73cccdba69cdcb212b812a88f5726: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:edoput/buildpacks-example Type:repository] map[Action:push Class: Name:edoput/buildpacks-example Type:repository] map[Action:pull Class: Name:heroku/pack Type:repository]]
*** Digest: sha256:30279532d29d797bc9fd61d705b6701a62ded6e857150f2cabf176b698351d20
*** Manifest Size: 2209
ERROR: failed to export: failed to write image to the following tags: [docker.io/edoput/buildpacks-example: POST https://index.docker.io/v2/edoput/buildpacks-example/blobs/uploads/?from=heroku%2Fpack&mount=sha256%3Ad2e110be24e168b42c1a2ddbc4a476a217b73cccdba69cdcb212b812a88f5726: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:edoput/buildpacks-example Type:repository] map[Action:push Class: Name:edoput/buildpacks-example Type:repository] map[Action:pull Class: Name:heroku/pack Type:repository]]]
error while running runtime: exit status 246
ERRO exit status 246
container ID must be specified
ERRO exit status 125
正如日志指出的那樣,我缺少拉/推到我已設置且可公開訪問的遙控器的授權。
我提供了一個令牌作為訪問憑證,它在構建容器中作為安裝在/home/heroku/.docker/config.json的文件可用,運行創建者進程的用戶可以讀取該文件。
配置看起來像這樣,帶有 base64 編碼的“$user:$password”值。
{
"auths": {
"docker.io": {
"auth": "REDACTED"
}
}
}
如何調試導出過程而不必使用自定義生命周期實現打包我自己的圖像?
我已經在另一個圖像存儲庫上測試了我的憑據的使用情況,如下所示,並且身份驗證正在按照 docker 注冊表的預期工作。
$ skopeo copy docker://docker.io/heroku/buildpacks docker://docker.io/edoput/buildpacks --debug --authfile .docker/config.json
DEBU[0000] Returning credentials from .docker/config.json
DEBU[0000] Using registries.d directory /etc/containers/registries.d for sigstore configuration
DEBU[0000] No signature storage configuration found for docker.io/edoput/buildpacks:latest, using built-in default file:///home/edoput/.local/share/containers/sigstore
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/docker.io
DEBU[0000] Loading registries configuration "/home/edoput/.config/containers/registries.conf"
DEBU[0000] Trying to access "docker.io/heroku/buildpacks:latest"
DEBU[0000] Trying to access "docker.io/heroku/buildpacks:latest"
DEBU[0000] Returning credentials from .docker/config.json
DEBU[0000] Using registries.d directory /etc/containers/registries.d for sigstore configuration
DEBU[0000] No signature storage configuration found for docker.io/heroku/buildpacks:latest, using built-in default file:///home/edoput/.local/share/containers/sigstore
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/docker.io
DEBU[0000] GET https://registry-1.docker.io/v2/
DEBU[0000] Ping https://registry-1.docker.io/v2/ status 401
DEBU[0000] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aheroku%2Fbuildpacks%3Apull&service=registry.docker.io
DEBU[0001] GET https://registry-1.docker.io/v2/heroku/buildpacks/manifests/latest
DEBU[0001] Content-Type from manifest GET is "application/vnd.docker.distribution.manifest.v2+json"
DEBU[0001] Using blob info cache at /home/edoput/.local/share/containers/cache/blob-info-cache-v1.boltdb
DEBU[0001] IsRunningImageAllowed for image docker:docker.io/heroku/buildpacks:latest
DEBU[0001] Using default policy section
DEBU[0001] Requirement 0: allowed
DEBU[0001] Overall: allowed
Getting image source signatures
DEBU[0001] Reading /home/edoput/.local/share/containers/sigstore/heroku/buildpacks@sha256=e30ff30cbabe53acd6e55fb43e831dd0274b318247d681215ec24bf341241ef7/signature-1
DEBU[0001] Manifest has MIME type application/vnd.docker.distribution.manifest.v2+json, ordered candidate list [application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.docker.distribution.manifest.v1+json]
DEBU[0001] ... will first try using the original manifest unmodified
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:9c080d283a816b19233adfe7339c4666d4ad207cc1d88b6523d233c73dfb0240
DEBU[0001] GET https://registry-1.docker.io/v2/
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:889a7173dcfeb409f9d88054a97ab2445f5a799a823f719a5573365ee3662b6f
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:d839a7ccb751206cf9d53204ad13da59c9a271f3bb725b632d38b938d97ea961
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:4bbfd2c87b7524455f144a03bf387c88b6d4200e5e0df9139a9d5e79110f89ca
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:d2e110be24e168b42c1a2ddbc4a476a217b73cccdba69cdcb212b812a88f5726
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:1fb371fdf5afa4bc49d73dc64613efa9276525cbb8f95cbfbe94815726089124
DEBU[0002] Ping https://registry-1.docker.io/v2/ status 401
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2Cpush&service=registry.docker.io
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2Cpush&service=registry.docker.io
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2Cpush&service=registry.docker.io
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2Cpush&service=registry.docker.io
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2Cpush&service=registry.docker.io
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2Cpush&service=registry.docker.io
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:1fb371fdf5afa4bc49d73dc64613efa9276525cbb8f95cbfbe94815726089124
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:9c080d283a816b19233adfe7339c4666d4ad207cc1d88b6523d233c73dfb0240
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:d839a7ccb751206cf9d53204ad13da59c9a271f3bb725b632d38b938d97ea961
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:4bbfd2c87b7524455f144a03bf387c88b6d4200e5e0df9139a9d5e79110f89ca
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:889a7173dcfeb409f9d88054a97ab2445f5a799a823f719a5573365ee3662b6f
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:d2e110be24e168b42c1a2ddbc4a476a217b73cccdba69cdcb212b812a88f5726
DEBU[0003] ... already exists
DEBU[0003] ... already exists
DEBU[0003] Skipping blob sha256:d2e110be24e168b42c1a2ddbc4a476a217b73cccdba69cdcb212b812a88f5726 (already present):
Copying blob d2e110be24e1 skipped: already exists
...
DEBU[0003] Checking /v2/edoput/buildpacks/blobs/sha256:5da6b0533d17399a58d377f0eaf0e6d6ecd24d0d3a222b483f45fb1cc612774b
DEBU[0003] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:5da6b0533d17399a58d377f0eaf0e6d6ecd24d0d3a222b483f45fb1cc612774b
Copying blob d2e110be24e1 skipped: already exists
...
DEBU[0003] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:0427fe92c4f9f6578c1ad74d625c1e411d2421e674e4b9c77a01f53d9dd9c834
DEBU[0003] ... already exists
DEBU[0003] ... already exists
DEBU[0003] Skipping blob sha256:1fb371fdf5afa4bc49d73dc64613efa9276525cbb8f95cbfbe94815726089124 (already present):
Copying blob d2e110be24e1 skipped: already exists
...
DEBU[0005] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:f18d74887f79510e979837ddd7330678832b0b7e99e9c8bb59de423a5d400f76
Copying blob d2e110be24e1 skipped: already exists
...
Copying blob 4f4fb700ef54 [--------------------------------------] 0.0b / 0.0b
DEBU[0006] Downloading /v2/heroku/buildpacks/blobs/sha256:1b0fecc52ded060857a931d07ec4e5b629cd6ce293d981846093cebacfe159d6
DEBU[0006] GET https://registry-1.docker.io/v2/heroku/buildpacks/blobs/sha256:1b0fecc52ded060857a931d07ec4e5b629cd6ce293d981846093cebacfe159d6
DEBU[0007] No compression detected
DEBU[0007] Using original blob without modification
DEBU[0007] Checking /v2/edoput/buildpacks/blobs/sha256:1b0fecc52ded060857a931d07ec4e5b629cd6ce293d981846093cebacfe159d6
DEBU[0007] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:1b0fecc52ded060857a931d07ec4e5b629cd6ce293d981846093cebacfe159d6
Copying config 1b0fecc52d [--------------------------------------] 0.0b / 15.7KiB
DEBU[0007] ... already exists
Writing manifest to image destination
DEBU[0007] PUT https://registry-1.docker.io/v2/edoput/buildpacks/manifests/latest
Storing signatures
您可以嘗試在配置docker.io更新為https://index.docker.io/v1/ 。 你能使用相同的 config.json docker push到遠程嗎?
Heroku 帶有 CNB 生命周期創建者的 Buildpacks - 如何指定自定義圖像標簽?
[英]Heroku Buildpacks with the CNB lifecycle creator - how to specifiy custom image labels?
將私有 buildpack 注冊表與 spring-boot:build-image 一起使用的正確方法是什么?
[英]What is the correct way to use a private buildpack registry with spring-boot:build-image?
使用 Cloud Native Build Packs/Paketo.io 和 spring-boot-maven-plugin 為 GitHub 容器注冊表鏈接配置自定義容器映像 LABEL
[英]Configure custom container image LABEL using Cloud Native Build Packs/Paketo.io with spring-boot-maven-plugin for GitHub Container Registry link
使用 CNB Paketo Image-Labels-Buildpack 和生命周期創建器配置容器鏡像標簽
[英]Configure container image labels using CNB Paketo Image-Labels-Buildpack and the lifecycle creator
如何使用java_buildpack向Cloud Foundry實例添加其他資源?
[英]How to add additional resources to cloud foundry instance with java_buildpack?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.