Docker Buildx 配置

本文最后更新于 2025年7月30日 晚上

gitlab ci 中使用 buildx

  1. 生成 buildx 的私有仓库配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
cat << EOF > buildkitd.toml

debug = true
insecure-entitlements = [ "network.host", "security.insecure" ]
[dns]
  nameservers=["xxxxxx","114.114.114.114"]
[worker.oci]
  enabled = true
[registry."registry.xxx.com"]
  ca=["./registry.xxx.com.cert"]
[registry."registry.xxx.com:5000"]
  http = true
  insecure = false
EOF
  1. 创建 buildx 容器
1
2
docker buildx create --name builder --use --config buildkitd.toml --driver-opt image=docker-0.unsee.tech/moby/buildkit:v0.22.0
docker buildx inspect --bootstrap
1
2
3
4
5
# 配置远程build环境
docker buildx rm test-builder
docker buildx create --name test-builder --driver docker-container --platform linux/amd64 ssh://root@xxxxx --config ./buildkitd.toml
docker buildx create --name test-builder --driver docker-container --platform linux/arm64 --append ssh://root@xxxx --config ./buildkitd.toml
docker buildx inspect test-builder --bootstrap
  1. 将证书文件加入系统信任(解决”x509: certificate signed by unknown authority”)
1
2
3
4
5
6
7
8
9
10
11
12
# Debian / Ubuntu
sudo cp ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

# Red Hat / CentOS / Fedora / Rocky / AlmaLinux
sudo cp ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract

# Arch Linux
sudo cp ca.crt /etc/ca-certificates/trust-source/anchors/
sudo trust extract-compat

  1. 检测 ca 证书是否生效
1
2
3
4
5
6
7
# Debian / Ubuntu
openssl verify -CAfile /etc/ssl/certs/ca-certificates.crt ca.crt
# Red Hat / CentOS
openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.crt my-root-ca.crt

# 测试https是否可用
curl https://xxxxx.com
  1. dockerfile 增加 cache
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# apt cache
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=test-apt-cache \
    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=test-apt-lib \
    sed -i s@/deb.debian.org/@/mirrors.aliyun.com/@g /etc/apt/sources.list && \
    sed -i s@/security.debian.org/@/mirrors.aliyun.com/@g /etc/apt/sources.list && \
    apt-get update && \
    apt-get -y --no-install-recommends install \
        wget ca-certificates curl procps

# pip cache
RUN --mount=type=cache,target=/root/.cache,id=test-poetry-cache \
    pip config set global.index-url https://mirrors.aliyun.com/pypi/simple && \
    pip install poetry

# poetry cache
RUN --mount=type=cache,target=/root/.cache,id=test-poetry-cache \
    --mount=type=bind,source=./app/poetry.lock,target=poetry.lock \
    --mount=type=bind,source=./app/pyproject.toml,target=pyproject.toml \
    poetry install --no-root --only main

  1. buildx 配置指定 cache
1
2
3
4
5
6
7
8
docker buildx build \
    --target dockerfile-target \
    --push \
    -t xxxx.com:5000/xxx:latest \
    --build-arg "VERSION=1.0.0" \
    --cache-to type=registry,ref=xxxx.com:5000/cache:latest \
    --cache-from type=registry,ref=xxxx.com:5000/cache:latest \
    -f Dockerfile .
  1. 使用认证
1
2
docker login xxxx
docker buildx build xxx

参考

  1. Configure BuildKit
  2. docker buildx build
#docker #buildx
Docker Buildx 配置
https://blog.cook369.xyz/2025/05/24/buildx-in-config/
作者
likp
发布于
2025年5月24日
更新于
2025年7月30日
许可协议