Improve Docker Image by BuildKit

Transcript

1. ৬৔ͷDockerϏϧυ
   Λվળͨ͠࿩
   1
   

   View Slide

2. ࣗݾ঺հ
   ໊લ: ү ݡେ(@go_vargo)
   ॴଐ: גࣜձࣾίϩϓϥ
   ɹɹ Πϯϑϥάϧʔϓ ୈ2νʔϜ
   झຯ: Ϋϥ΢υωΠςΟϒܥͷMeetup΁ͷࢀՃ
   ࠷ۙͷ೰Έ͸ɺίϯςφϫʔΫϩʔυͷҋ΁ͷ
   ཱͪ޲͔͍ํ
   2
   

   View Slide

3. ࠓ೔ͷςʔϚ
   ৬৔ͷDockerΠϝʔδɾϏϧυΛվળͨ͠࿩
   γνϡΤʔγϣϯ:
   ɾνʔϜʹ͸͢ͰʹDockerfile͕͋Δ
   (؀ڥຖʹDockerfile͕ଘࡏ͢Δ)
   ɾΠϝʔδαΠζ͸νϡʔχϯάͷ༨஍ͳ͠
   ɾݴޠ͸PHP(Laravel)
   ɾCI/CDΛ࢖ͬͯϏϧυˠσϓϩΠ͍ͯ͠Δ
   ɾϩʔΧϧ։ൃ͸Docker Compose
   ϦϞʔτ͸Kubernetes(GKE)
   3
   

   View Slide

4. ςʔϚʹࢸͬͨϞνϕʔγϣϯ
   ࠷ߴͷDockerfileΛ࡞Γ͍ͨ…
   ɾDockerfileͷϕετϓϥΫςΟεɾΞϯνύλʔϯ͸
   ݻ·Γͭͭ͋Δ…͕࣍ͷهࣄΛಡΜͰɺࠓΑΓ΋
   ΋ͬͱDockerϏϧυΛվળͰ͖ͦ͏ͩͱࢥͬͨ
   ʮDockerfileΛվળ͢ΔͨΊͷBest Practice 2019೥൛ʯ
   https://www.slideshare.net/zembutsu/dockerfile-bestpractices-19-and-advice
   ɾ؀ڥ͝ͱʹෳ਺͋ΔDockerfileʹΑͬͯ
   Infrastructure as Codeͱͯ͠ͷՄಡੑ͕མ͍ͪͯͨɻ
   ू໿ͯ͠ɺগ͠Ͱ΋ίϯςφͷҋΛ੖Β͍ͨ͠
   4
   

   View Slide

5. 5
   ؀ڥུ֓
   3FHJTUSZ ,VCFSOFUFT
   4QJOOBLFS
   (JU-BC3VOOFS
   *NBHF#VJME
   1VTI
   *NBHF#BLF
   %FQMPZ
   

   View Slide

6. 6
   ࠓ೔࿩͢ͱ͜Ζ
   3FHJTUSZ ,VCFSOFUFT
   4QJOOBLFS
   (JU-BC3VOOFS
   *NBHF#VJME
   1VTI
   *NBHF#BLF
   %FQMPZ
   

   View Slide

7. ᶃ BuildKitΛ༗ޮԽ
   ᶄ ؀ڥ(ϩʔΧϧ, ։ൃ؀ڥ,etc…)͝ͱͷDockerfileΛ
   ҰͭͷDockerfileʹ·ͱΊͯɺεςʔδͰ
   ؀ڥ͝ͱͷࠩ෼Λఆٛ
   ᶅ ηΩϡϦςΟੑͷ޲্ͱͯ͠ɺίϯςφ͔Β
   ෆཁͳSecretϑΝΠϧͷআڈ(ࠓճ͸লུ)
   7
   վળͨ͜͠ͱ
   

   View Slide

8. ͷલʹɺ؀ڥม਺Λ༗ޮԽ͢Δ͚ͩ
   8
   ᶃ BuildKitͷ༗ޮԽ
   docker build
   DOCKER_BUILDKIT=1 docker build …
   

   View Slide

9. 9
   ᶄ ؀ڥࠩ෼ΛεςʔδԽ
   मਖ਼લ मਖ਼ޙ
   Dockerfile.local
   Debugger
   Git
   Vim
   …
   Dockerfile.k8s
   FROM image AS local
   ….
   FROM image AS local debug
   ….
   FROM image AS k8s
   ….
   FROM image AS k8s-XXXX
   ….
   ҰͭͷϑΝΠϧʹू໿͢Δ͜ͱͰɺ
   ίʔυͷڞ௨ԽͱՄಡੑΛߴΊΔ
   Dockerfile.xxxx
   …
   

   View Slide

10. ޮೳᶃ:
    ༨ܭͳϨΠϠʔΛؚΊͳ͍ͨΊΠϝʔδαΠζݮগ‑
    ※ BuildKitҎલ͔Βͷޮೳ
    ޮೳᶄ:
    Ϗϧυ࣌ؒͷ୹ॖ
    10
    Ϛϧνεςʔδ × BuildKit
    Dockerfile ্͔ΒԼʹϏϧυ Dockerfile
    Stage1
    Stage2
    ฒྻϏϧυ
    BuildKitͳ͠ BuildKit͋Γ
    

    View Slide

11. 11
    मਖ਼લ
    FROM php:7.2.18-alpine
    COPY docker/files /
    COPY composer.json composer.lock /app/
    RUN cd /app \
    && apk add --no-cache --virtual .build-deps zip unzip git \
    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin/ --filename=composer \
    && composer global require hirak/prestissimo \
    && composer install --prefer-dist --no-interaction --no-scripts --no-autoloader --no-dev \
    && chown -R www-data:www-data vendor \
    && find vendor/ -type d -name ‘.git’ -print0 | xargs -0 rm -rf \
    && apk del .build-deps \
    && composer global remove hirak/prestissimo \
    && rm -rf /root/.composer/
    COPY --chown=www-data:www-data . /app
    WORKDIR /app
    CMD [“run”]
    ᶄ ؀ڥࠩ෼ΛεςʔδԽ
    ىಈεΫϦϓτΛίϐʔ
    ύοέʔδ؅ཧͷϑΝΠϧΛίϐʔ
    ϥΠϒϥϦ΍ύοέʔδ؅ཧπʔϧΛΠϯετʔϧ
    ιʔείʔυΛίϐʔ
    

    View Slide

12. 12
    ##### ComposerΠϯετʔϧ༻ #####
    FROM php:7.2.18-alpine AS builder
    COPY composer.json composer.lock /app/
    WORKDIR /app
    RUN cd /app \
    && apk add --no-cache --virtual .build-deps zip unzip git \
    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin/ --filename=composer \
    && composer global require hirak/prestissimo \
    && composer install --prefer-dist --no-interaction --no-scripts --no-autoloader —no-dev
    ##### Kubernetes༻Πϝʔδ #####
    FROM php:7.2.18-alpine AS k8s
    COPY docker/files /
    WORKDIR /app
    COPY --chown=www-data:www-data . /app/
    COPY --from= builder /usr/local/bin/composer /usr/local/bin/composer
    RUN apk add —no-cache zip unzip
    COPY --from=builder --chown=www-data:www-data /app/vendor /app/vendor
    CMD [“run”]
    मਖ਼ޙ - v1
    ىಈεΫϦϓτΛίϐʔ
    ύοέʔδ؅ཧͷϑΝΠϧΛίϐʔ
    ύοέʔδΛΠϯετʔϧ
    ੒Ռ෺Λίϐʔ
    ύοέʔδϚωʔδϟΛίϐʔ
    

    View Slide

13. 13
    ##### ComposerΠϯετʔϧ༻ #####
    FROM php:7.2.18-alpine AS builder
    COPY composer.json composer.lock /app/
    WORKDIR /app
    RUN cd /app \
    && apk add --no-cache --virtual .build-deps zip unzip git \
    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin/ --filename=composer \
    && composer global require hirak/prestissimo \
    && composer install --prefer-dist --no-interaction --no-scripts --no-autoloader —no-dev
    ##### Kubernetes༻Πϝʔδ #####
    FROM php:7.2.18-alpine AS k8s
    COPY docker/files /
    WORKDIR /app
    COPY --chown=www-data:www-data . /app/
    COPY --from= builder /usr/local/bin/composer /usr/local/bin/composer
    RUN apk add —no-cache zip unzip
    COPY --from=builder --chown=www-data:www-data /app/vendor /app/vendor
    CMD [“run”]
    मਖ਼ޙ - v1
    ‑ύοέʔδϚωʔδϟͷΠϯετʔϧ͸ຖճ࣮ߦ͢Δඞཁͳ͠
    

    View Slide

14. 14
    ##### ComposerΠϯετʔϧ༻ #####
    FROM composer:1.8.6 AS builder
    COPY composer.json composer.lock /app/
    WORKDIR /app
    RUN composer global require hirak/prestissimo \
    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin/ --filename=composer \
    && composer install --prefer-dist --no-interaction --no-scripts --no-autoloader --no-dev \
    && chown -R www-data:www-data vendor \
    && find vendor/ -type d -name ‘.git’ -print0 | xargs -0 rm -rf
    ##### Kubernetes༻Πϝʔδ #####
    FROM php:7.2.18-alpine AS k8s
    COPY docker/files /
    WORKDIR /app
    COPY --chown=www-data:www-data . /app/
    COPY --from=builder /usr/local/bin/composer /usr/local/bin/composer
    RUN apk add —no-cache zip unzip
    COPY --from=builder --chown=www-data:www-data /app/vendor /app/vendor
    CMD [“run”]
    मਖ਼ޙ - v2
    ผͷΠϝʔδͱͯ͠੾Γग़͢
    Πϯετʔϧ෦෼͸࡟আ
    

    View Slide

15. 15
    ##### ComposerΠϯετʔϧ༻ #####
    FROM composer:1.8.6 AS builder
    COPY composer.json composer.lock /app/
    WORKDIR /app
    RUN composer global require hirak/prestissimo \
    && composer install --prefer-dist --no-interaction --no-scripts --no-autoloader --no-dev \
    && chown -R www-data:www-data vendor \
    && find vendor/ -type d -name ‘.git’ -print0 | xargs -0 rm -rf
    ##### Kubernetes༻Πϝʔδ #####
    FROM php:7.2.18-alpine AS k8s
    COPY docker/files /
    WORKDIR /app
    COPY --chown=www-data:www-data . /app/
    COPY --from=builder /usr/local/bin/composer /usr/local/bin/composer
    RUN apk add —no-cache zip unzip
    COPY --from=builder --chown=www-data:www-data /app/vendor /app/vendor
    CMD [“run”]
    मਖ਼ޙ - v2
    ‏builderͷ଴ͪ߹Θ͕ͤൃੜ
    

    View Slide

16. 16
    ##### Composerίϐʔ༻ #####
    FROM composer:1.8.6 AS copy
    ##### ComposerΠϯετʔϧ༻ #####
    FROM composer:1.8.6 AS builder
    COPY composer.json composer.lock /app/
    WORKDIR /app
    RUN composer global require hirak/prestissimo \
    && composer install --prefer-dist --no-interaction --no-scripts --no-autoloader --no-dev \
    && chown -R www-data:www-data vendor \
    && find vendor/ -type d -name ‘.git’ -print0 | xargs -0 rm -rf
    ##### Kubernetes༻Πϝʔδ #####
    FROM php:7.2.18-alpine AS k8s
    COPY docker/files /
    WORKDIR /app
    COPY --chown=www-data:www-data . /app/
    COPY --from=copy /usr/local/bin/composer /usr/local/bin/composer
    RUN apk add —no-cache zip unzip
    COPY --from=builder --chown=www-data:www-data /app/vendor /app/vendor
    मਖ਼ޙ - v3
    ‏଴ͪ߹ΘͤΛճආ
    ‏͜͜͸଴ͪ߹Θͤ
    

    View Slide

17. 17
    BuildKitʹΑΔฒྻϏϧυ
    0 1
    2
    3
    Stage0, 1͸ฒྻ࣮ߦ
    Stage2͸0,1ͷ׬ྃ଴ͪ
    Stage3͸2ͷ׬ྃ଴ͪ
    

    View Slide

18. 18
    BuildKitʹΑΔฒྻϏϧυ
    0 1 2 3
    εςʔδؒͷґଘؔ܎͕ͳ͍
    ࣮ߦ࣌ؒΛ୹ॖ͢Δʹ͸…
    ཧ૝
    0 1 2
    3
    εςʔδؒͷґଘؔ܎͕গͳ͍
    ࣍ળ
    

    View Slide

19. 19
    BuildKitʹΑΔฒྻϏϧυ
    ͍͔ʹαΠζΛখ͘͢͞Δ͔…
    ͍͔ʹϨΠϠʔΛগͳ͘͢Δ͔…
    BuildKitΛಋೖ͢Δͱ೰Έ΋มԽ͢Δ
    ͍͔ʹґଘؔ܎͕ͳ͍ΠϝʔδΛઃܭ͢Δ͔…
    ಋೖޙ
    ಋೖલ
    ͍͔ʹεςʔδΛ෼ׂ͢Δ͔…
    

    View Slide

20. 20
    վળ݁Ռ
    ϩʔΧϧ༻Πϝʔδ मਖ਼લ मਖ਼ޙ
    αΠζ 357MB 355MB
    Ϗϧυ࣌ؒ(1ճ) 88s 41s
    Ϗϧυ࣌ؒ(2ճ໨Ҏ߱) 12s 2s
    K8s༻Πϝʔδ मਖ਼લ मਖ਼ޙ
    αΠζ 209MB 209MB
    Ϗϧυ࣌ؒ(1ճ) 78s 41s
    Ϗϧυ࣌ؒ(2ճ໨Ҏ߱) 16s 2s
    

    View Slide

21. 21
    • BuildKit × ϚϧνεςʔδͰDockerfile؀ڥΛ੔උͰ͖ͨ
    • BuildKitΛ࢖͏͜ͱͷϝϦοτΛײ͡Δ͕ɺ
    σϝϦοτ͸ײ͡ͳ͍(͋͘·Ͱݸਓతʹ͸)
    • ڧ͍ͯݴ͑͹ɺͨͩͰ͑͞৬ਓܳʹ͍ۙDockerϏϧυ͕
    ɹΑΓ೉͘͠ͳ͍ͬͯΔ(޻ܳ඼ʹͳ͍ͬͯΔ)͔΋͠Εͳ͍
    • ࠷ߴͷDockerfileΛٻΊΔཱྀ͸ଓ͘…
    ·ͱΊ
    

    View Slide