Hacker News

BuildKit: Docker Yakavanzika Gem Iyo Inogona Kuvaka Chinenge Chero Chinhu

Comments

11 min read Via tuananh.net

Mewayz Team

Editorial Team

Hacker News

BuildKit: Docker Yakavanzika Gem Iyo Inogona Kuvaka Chinenge Chero Chinhu

Vazhinji vanogadzira vanoziva Docker sechigadziko chekumhanya chakachinja mafambisirwo esoftware anotumirwa. Vashoma zvikuru vanoziva nezveinjini ichiita ruzha pasi peiyo yega yemazuva ano Docker inovaka - BuildKit, inotevera-chizvarwa kuvaka sisitimu yanga ichitakura neDocker kubvira vhezheni 18.09 uye yakave iyo default backend muDocker 23.0. Nepo mainjiniya vachipopotedzana zvachose nezve Kubernetes kumisikidzwa uye microservice mapatani, BuildKit yanga ichishanduka zvishoma nezvishoma kuita imwe yakasimba, inochinjika kuvaka masisitimu muDevOps ecosystem. Kana wanga uchiitora sekukurumidza docker kuvaka, uri kusiya hukuru hukuru patafura. Makambani ari kufambisa mapaipi eCI/CD ane hunyanzvi akacheka nguva dzekuvaka ne50–70% nekungonzwisisa kuti BuildKit inopei chaizvo — uye ndiko kutotanga.

Chii Chinoita Kuti BuildKit Isiyane Neiyo YeClass Builder

Iyo yepakutanga Docker kuvaka injini yakateedzera Dockerfile rairo zvakatevedzana, imwe layer panguva, pasina ruzivo rwekuti ibasa ripi rinogona kuitika zvakachengeteka mukufanana. BuildKit inotsiva iyo mutsara execution modhi ine yakanangwa acyclic graph (DAG) - girafu rekutsamira rinonzwisisa kuti ndeapi matanho ekuvaka anotsamira pane imwe neimwe uye isingaite. Matanho akazvimirira anoitwa panguva imwe chete, nhanho dzisina kushandiswa dzinorambwa zvachose, uye chivakwa chese chinova tsananguro yezvauri kuda kwete kutevedzana kwakakosha kwematanho aunofanira kudzokorora nenzira kwayo.

Kuchinja kwekuvaka uku kune mhedzisiro inoenda kupfuura kumhanya. Kana Dockerfile yakawanda-nhanho ikaunganidza Go binary mune imwe nhanho, kudhawunirodha Node.js kutsamira mune imwe, uye kuunganidza mufananidzo wekugadzira muchikamu chechitatu, BuildKit inogona kumhanya nhanho mbiri dzekutanga panguva imwe chete. Chivakwa chakambotora maminetsi mana pamumhanyi ane simba weCI zvino chinopedza mukati memasekonzi makumi mapfumbamwe. Stripe, Shopify, uye zviverengero zvezvimwe zvepamusoro-soro zvikwata zveinjiniya zvakanyora zvakawanikwa zvakafanana mune yavo yemukati yekushandisa retrospectives. Iyo yeDAG modhi zvakare inoreva kuti BuildKit inogona kugadzira metadata yekuvaka yakanyatsojeka - hwaro hwezvinhu zvakaita seuchapupu hwekutanga uye software bill of materials (SBOM) chizvarwa chakakosha zvikuru pakuchengetedza cheni.

Pane zvakare shanduko yemafungiro ekuti kusashanda kwecache kunoshanda sei. Muvaki wechinyakare akakonesa dhizaini yega yega pazasi chero yakashandurwa rairo. BuildKit inoteedzera zvemukati hashes pane yega yega yekuisa, saka kushandura chirevo muDockerfile hakufemere cache yekupinda inomiririra maminetsi makumi matatu ekuunganidza. Kana cache yako yekuvaka iri mutsauko uripo pakati pemaminetsi mashanu nemaminetsi makumi mana emhinduro loop yechikwata chako cheinjiniya, kunyatsoita uku kunokosha kupfuura zvazvingaite pakutanga.

Multi-Platform Inovaka: One Command, Yese Architecture

BuildKit's --platform mureza uye kubatanidzwa kweQEMU kunoshandura chaimbova dambudziko rinorwadza re-multi-system coordination kuita murairo mumwe chete. Kumhanya docker buildx kuvaka --platform linux/amd64,linux/arm64,linux/arm/v7 . inogadzira mifananidzo mitatu yekugadzira-yakagadzirira yakafanana kubva kune imwechete kuvaka invocation. Kugona uku kwave kunetsa sezvo indasitiri inochinja yakananga kuARM - AWS Graviton3 zviitiko zvinogara zvichiunza 40% zvirinani mutengo-kuita pamabasa akaita sewebhu sevhisi uye kugadzirisa data, uye Apple Silicon yakaita ARM muchina wekusimudzira wemamiriyoni einjiniya.

Pamberi peBuildKit's multi-platform support yakura, kuchengetedza mapaipi ekuvaka akasiyana ezvivakwa zvakasiyana yaive mutengo chaiwo. Matimu angave akachengetedza akawanda maDockerfiles, aimhanya akaparadzana CI mapaipi pane akasiyana-akavakwa evamhanyi, kana kungotumira x86 mifananidzo kwese kwese uye akabhadhara chirango chekuita pane ARM zvivakwa. NeBuildKit, iwe unotsanangura chivakwa chako kamwe uye worega iyo sisitimu inobata yekuvaka-chaiyo kuunganidzwa pachena. Ngura mapurojekiti anoda kusanganiswa-siyana, Enda mapurojekiti ane CGO zvinotsamira, Python mapakeji ane C ekuwedzera - BuildKit inobata emulation layer isingade kuti iwe unzwisise zvakadzama zvepuratifomu yega yega.

Kukosha kwebhizinesi pano kunogona kuyerwa. Chikwata chinomhanyisa midziyo mazana maviri paAWS Graviton zviitiko pamadhora 0.04 pavCPU-awa maringe neyakafanana x86 muenzaniso pamadhora 0.056 pavCPU-awa inochengetedza ingangoita madhora gumi nerimwe nemazana mashanu pagore pamazana zana evCPU - kubva pakusarudza chaiyo yekuvaka. Kuita kuti sarudzo iyi iwanikwe pasina kuedzazve kuinjiniya ndiyo chaiyo mhando yekugadzirisa zvivakwa zvinozvibhadharira nekukasika.

Chakavanzika Kutungamira Pasina Kunyudza Mumifananidzo Yezvikamu

Chimwe chezvinhu zvisingakoshesike BuildKit ndeyezvakavanzika API. Iyo yemhando yepamusoro Docker muvaki akange asina nzira yakachena yekupfuudza zvitupa muchivako pasina izvo zvitupa zvingangogumira mumufananidzo. Vagadziri vakashanda zvakatenderedza izvi nematanho akawanda ekuvaka, ARG mirairo, uye nekungwarira kuronga - asi njodzi yekubikira API kiyi kana yakavanzika SSH kiyi mumufananidzo wakatumirwa yakaramba yakakwira zvisingaite. Ma scanner ekuchengetedza anogara achiwana zvitupa zvakaomerwa mumidziyo yemidziyo yakaburitswa kuruzhinji rwevanhu, uye mazhinji eaya anoburitswa anodzokera kumashure ekubata zvakavanzika panguva yekuvaka.

BuildKit's --secret mureza unoisa data rinonzwisisika munzvimbo yekuvaka senzira yenguva pfupi yemafaira inowanikwa chete kwenguva yeiyo RUN rairo inoida uye isingambobata chero mufananidzo layer. Murairo weDockerfile senge RUN --mount=type=secret,id=npmrc cat /run/secrets/npmrc> ~/.npmrc && npm install inopa nzira yekuvaka kuwana kune yakavanzika npm zvitupa pasina izvo zvinomboonekwa zvinomboonekwa mumufananidzo wekupedzisira kana chero yepakati layer. Iyo patani imwechete inoshanda kune zvitupa zvePyPI, Maven marongero, makiyi eSSH epachivande Git repositori, uye chero zvimwe zvinhu zvinonzwisa tsitsi zvaunoda maitiro ekuvaka.

Kune zvikwata zvinovaka software inobata maindasitiri akadzorwa - mapuratifomu ehutano, zvigadzirwa zvefintech, HR software - mutsauko uripo pakati pe "zvitupa zvinogona kunge zviri pamufananidzo" uye "zvitupa hazvigone kuve pamufananidzo" ndiwo mutsauko uripo pakati pekupfuura ongororo yekuchengetedza uye kupedza mavhiki matatu achigadzirisa zvakawanikwa. Mapuratifomu akaita seMewayz, ane simba rekushandisa bhizinesi revashandisi vanopfuura 138,000 mumaindasitiri ese ekubhadhara, HR, uye invoice, zvinoenderana nerudzi urwu rwekuchengetedzeka kwechimiro mukuvaka uye kutumira mapaipi kuti varambe vachivimba nevatengi avo ku data ravo rine hunyanzvi rezvemari nerevashandi.

Cache Exports: Kugadzira CI Mapaipi Chaizvoizvo Kukurumidza

CI mapaipi ndipo panovaka mashandiro anonyanya kukosha uye uko iyo yekusagadzika Docker yekuvaka ruzivo yagara ichirwadza zvakanyanya. Vatsva veCI vamhanyi vanowanzotanga nemacache asina chinhu, zvichireva kuti pombi yega yega inomhanya inodzosera zvese kubva pakutanga. Kune sevhisi yeJava ine mazana ekutsamira kweMaven, purojekiti yeRust, kana Python application ine inorema yekuwedzera yekuzvarwa, izvi zvinoreva nguva dzekuvaka dzakayerwa mumakumi emaminetsi kwete masekonzi. Mutengo webhizinesi wekunonoka CI wakakurisa - wakadzikiswa mafambiro ekutumira, kureba kwemhinduro, uye mainjiniya akagara asina chaanoita akamirira kuti mapaipi apedze asati asangana nekuenderera mberi.

BuildKit's cache export feature inogadzirisa izvi neexportable cache manifests. Uchishandisa --cache-to type=registry,ref=myregistry/myapp:cache uye --cache-from type=registry,ref=myregistry/myapp:cache, BuildKit inosaidzira yakadzama cache snapshot kune registry mushure mekutanga kwega kwega kwekutanga nekudhonza. Iyo cache ndeyemukati-yakagadziriswa, saka chete akachinjirwa maseru anotorwa patsva. Zvikwata zvinoshandisa iyi patani muGitHub Zviito, GitLab CI, uye CircleCI zvinogaro cheka pombi nguva kubva pamaminetsi gumi neshanu kuenda pasi pematatu pakumhanya kunotevera. GitHub's own zvinyorwa pane advanced Docker kuvaka workflows inokurudzira zvikuru iyi pateni nekuda kweichi chikonzero.

Iyo inokurumidza kuvaka ndiyo yausingazombofanire kumhanya zvakare. BuildKit's layered, content-addressed cache system haingokurumidze kuvaka - inoita kuti pfungwa yese ye "build" ive nehungwaru, ichishandura kuunganidzwa kwakadzokororwa kuita mutsauko wekuwedzera wezvakachinja chaizvo.

Cache kunze kwenyika inobatanidza zvakachena nebazi-based development workflows. Unogona kumisikidza pombi yako yeCI kuti idzoke kubva kubazi-chaiyo cache kuenda kuhombe yebazi cache kana pasina cache yebazi iripo, zvichireva kuti matavi matsva anobva abatsirikana kubva kune inodziya cache yakaunganidzwa nemutsara wako mukuru wekusimudzira. Mainjiniya vanowana mhinduro nekukurumidza kubva pakuzvipira kwavo kwekutanga pabazi idzva pane kumirira murango unotonhora.

💡 DID YOU KNOW?

Mewayz replaces 8+ business tools in one platform

CRM · Invoicing · HR · Projects · Booking · eCommerce · POS · Analytics. Free forever plan available.

Start Free →

BuildKit Frontends: Kuvaka Kupfuura Dockerfiles

Pamwe kugona kusingazivikanwe kweBuildKit ndeyekuti Dockerfiles ingori imwe chete inogoneka yekuisa fomati - kwete iyo yega. BuildKit ine pluggable frontend architecture inobvumira zvachose tsika kuvaka tsanangudzo mitauro uye mafomati. Nzvimbo yekumberi inotsanangurwa ne # syntax= rairo riri pamusoro pefaira rako rekuvaka, iro rinoudza BuildKit kuti idhonze imwe mufananidzo wemberi uye ishandise kupenengura nekuita rimwe faira.

Ichi chivakwa chakagonesa mapurojekiti akati wandei. Kubatanidzwa kweBuildpacks kunobvumira BuildKit kuti ivake mifananidzo yemidziyo kubva kune yekushandisa sosi kodhi isina chero Dockerfile zvachose - inoona mutauro, inosarudza yakakodzera base mifananidzo, uye inounganidza otomatiki mudziyo wakagadzirira kugadzira. HPC uye nharaunda dzesainzi dzemakomputa dzakashandisa tsika dzepamberi kutsanangura zvivakwa mumitauro-yakatarwa inounganidza kusvika kuBuildKit's yemukati LLB (Low-Level Build) inomiririra. Iyo docker/dockerfile:labs syntax frontend kuyedza ine zvinhu zvakaita serutsigiro rweheredoc, --network kudzora parairo, uye anonatsiridza cache mazano asati amhara muDockerfile syntax yakagadzikana.

Kugona kutsanangura yako yekumberi zvinorevawo kuti masangano ane zvimiro zvekuvaka zvisina kujairika haafanire kusarudza pakati pe "shoehorn zvese muDockerfile syntax" uye "kusiya midziyo zvachose." Chikwata chinovaka FPGA firmware, yakamisikidzwa masisitimu mifananidzo, kana nyanzvi yeML modhi midziyo inogona kutsanangura kuvaka kwavo nenzira inonzwisisika kune yavo dura vachiri kugadzira yakajairwa OCI-inoenderana nemidziyo mifananidzo inotumira chero midziyo inomhanya. Kuwedzeredzwa uku kunobatsira pakuvaka pane masisitimu ekuvaka anobata maitiro avo ekuisa seakagadziriswa.

Provenance uye SBOM: Kuvaka iyo Post-SolarWinds World

Kuchengetedzwa kweSoftware Supplier cheni yakasimuka kubva pakunetsekana kuenda padanho rekutanga mushure mekutyorwa kweSolarWinds muna 2020 uye nekusagadzikana kweLog4Shell muna 2021. Hurumende yeUS Executive Order 14028 pacybersecurity, yakapihwa muna Chivabvu 2021, yakaraira software bhiri rezvinhu zvevashandi vemubatanidzwa. BuildKit's provenance attestations uye SBOM chizvarwa maficha imhinduro yakananga kune ino kudzora uye kuchengetedza mamiriro.

Ne--provenance=true uye --sbom=true mireza, BuildKit inogadzira zvipupuriro zvakasainwa necryptographically zvinotsanangura chaizvo zvakapinda mumufananidzo wemudziyo - iyo mifananidzo yepasi yakashandiswa, iyo Dockerfile mirairo yakatevedzwa, mafaera epi aivepo, uye ndeapi ekunze akatorwa. Huchapupu uhu hunotevera SLSA (Supply-chain Levels for Software Artifacts) chimiro uye in-toto atestation fomati, zvichiita kuti zvionekwe nemuchina nemainjini ebumbiro seSigstore's Cosign neOPA (Open Policy Agent).

Mafambiro ekushanda anogonesa anotaridzika seizvi:

  1. Mugadziri anosundira kodhi; CI pombi inokonzeresa kuvaka kweBuildKit ine provenance yakagoneswa.
  2. BuildKit inogadzira SOM yakasainwa inonyora zvikamu zvese neshanduro dzazvo.
  3. The SBOM inotsikiswa kune registry yemidziyo pamwe chete nemufananidzo.
  4. Madhizaini ekubvumidzwa muKubernetes cluster anoongorora kuti ndeapi asati abvumira kushandiswa.
  5. Ma scanner eVulnerability anobvunza kuSBOM kuti ione mifananidzo yakakanganiswa kana maCVE matsva aburitswa.

Zvikwata zvinoshandisa pombi iyi yakazara vanogona kupindura zvinoburitswa nenjodzi mumaawa kwete mazuva, nekuti vane mepu chaiyo, inoverengeka nemuchina yechikamu chese mumudziyo wese unomhanya. Kumabhizinesi akaita seMewayz anobatanidza zvakadzika mukushanda kwevatengi kufambiswa kwemabasa - kumhanya kwemubhadharo, kutonga data rezvikepe, kugadzirisa mainvoice - kugona kuratidza kuomarara, kutarisika kwekutengesa cheni kuri kuwedzera kudikanwa kwekukurukurirana kwekutengesa kwebhizinesi, kwete kungove nekunaka-kuva-.

Kutanga: Kubva Kuvaka Kunovaka kusvika Kumapaipi Epamusoro

BuildKit yave kutomhanya munzvimbo yako yeDocker kana uri kushandisa shanduro yazvino - Docker 23.0 uye wozoigonesa nekukasira. Yekutanga nhanho inoshanda yezvikwata zvakawanda kugonesa iyo Docker Buildx plugin, iyo inofumura BuildKit yakazara chimiro chakaiswa kuburikidza ne docker buildx subcommand. Kumhanya docker buildx gadzira --use inomisikidza BuildKit muvaki muenzaniso ane kugona kwakawanda kupfuura mutyairi akasarudzika. Kubva ipapo, kuwedzera kutorwa kwezvinhu zvepamberi zvine musoro pane kuedza kutora zvese kamwechete.

Nzira inonzwisisika yekurera yechikwata chiri kuita basic docker kuvaka invocation inoita senge kuwedzera cache kutumira kunze kune CI kutanga - izvi zvinounza nekukurumidza, inoyerika kumhanya kuvandudzwa nekushoma kwekuchinja shanduko. Multi-platform inovaka inova yakakosha kana timu yatanga kunangana neARM zvivakwa. Kukwirisa kwakavanzika kwakakodzera kutora chero nguva yakavanzika pasuru registries kana SSH makiyi anoonekwa mukuvaka mamiriro. Provenance hupupuriro hune musoro kugonesa kana kuteedzera zvinodiwa kana bhizinesi zvinodiwa nevatengi zvichiita kuti zvinyorwa zvekutengesa zvive zvakakosha.

Chidzidzo chakadzama cheBuildKit ndechekuvaka nemaune. Kunyangwe iwe uri kutumira mudziyo weiyo microservice, muchina wekudzidza inference endpoint, kana chikuva chakaomarara senge Mewayz's suite ye207 bhizinesi mamodule, maitiro ekuvaka haisi maitiro aunomhanyisa mauri munzira yekuendeswa - inyanzvi yekugadzira iyo inoratidza hunhu, kuchengetedzwa kwemaitiro, uye kukura kwekushanda kubva pane zvese zvinotakura. BuildKit inokupa iwe maturusi ekugadzira iyo artifact yakanaka. Mubvunzo ndewokuti unotora nguva yekuashandisa here.

Mibvunzo Inowanzo bvunzwa

Chii chinonzi BuildKit uye chakasiyana sei neyekare Docker kuvaka system?

BuildKit ndiyo Docker inotevera-chizvarwa kuvaka injini, yakaunzwa muDocker 18.09 uye yakaita default muDocker 23.0. Kusiyana neanovaka wekirasi, BuildKit inotsigira parallel layer kuuraya, epamberi caching mazano, zvakavanzika kukwira, uye muchinjika-chikuva kuvaka. Inobata maitiro ekuvaka seyakatungamirwa acyclic graph (DAG), ichigonesa kutsamira kugadzirisa uye nekukurumidza zvinoshamisa nguva dzekuvaka dzakaoma, dzakawanda-nhanho Dockerfiles.

Ndinoda kuisa chero chimwe chinhu kuti nditange kushandisa BuildKit neDocker?

Hapana kumwe kuisirwa kunodiwa kana uchimhanyisa Docker 23.0 kana gare gare - BuildKit inogoneswa nekusarudzika. Pane mavhezheni ekare, unokwanisa kuimutsa nekuseta shanduko yezvakatipoteredza DOCKER_BUILDKIT=1 usati waita mirairo yako yekuvaka. Kumakesi ekushandisa epamberi senge kure kuvaka cache kana akawanda-chikuva anovaka, ungangoda kumisikidza yakatsaurwa yeBuildx muvaki muenzaniso uchishandisa docker buildx gadzira.

BuildKit inogona kushandiswa kugadzira zvinhu kunze kwemifananidzo yemabhokisi?

Hongu, uye ichi ndicho chimwe cheBuildKit isingakosheswe zvakanyanya. Ichishandisa magariro emberi uye --output mureza, BuildKit inogona kugadzira mbishi mabhinari, tarballs, static mawebhusaiti, uye mamwe maartifacts efaera — kwete mifananidzo yeOCI chete. Izvi zvinoita kuti ive injini yekuvaka-yechinangwa inoenderana nemasikirwo mupolyglot monorepos uye yakaoma CI mapaipi apo zvikwata zvakasiyana zvinoda mafomati akasiyana ekubuda kubva kune yakabatana toolchain.

BuildKit inopinda sei mupuratifomu yeDevOps padivi pemidziyo yakaita seMewayz?

BuildKit inobata yakaderera-level yekuvaka layer, asi zvikwata zvemazuva ano zvekusimudzira zvinodawo kubata bhizinesi mafambiro, kuunza vatengi, uye maitiro ekushanda. Mapuratifomu akaita seMewayz — a 207-module business OS inotangira pa$19/mo — inopindirana nekugadzirisa zvivakwa nekuvhara divi rekushanda kwemabhizinesi esoftware. Kubatanidza mapaipi ekuvaka anofambiswa neBuildKit ine-in-one chikuva seMewayz inopa zvikwata murwi wakazara kubva kukodhi artifact kusvika kukutumira vatengi.