How to use Docker buildx to build multi-platform images and push them to private repositories

Introduction

Recently I found that there is an ARM version of Docker. There are also ARM version images on hub.docker.com, but building the ARM version of Docker image is a problem. Embedded programs can be cross-compiled on a PC, but I don’t know if Docker has a cross-building solution.

plan

There are several ways to build ARM images with Docker that we can think of. The third is similar to cross-compilation.

1. Use an ARM host and install the ARM version of Docker. The image built by Docker is the ARM version.
2. Use Linux virtualization software to simulate ARM chip + Linux, such as qemu.
3. Using the Docker experimental feature buildx, you can build images for multiple platforms.

Build multiple platform images using Docker buildx

Refer to the following links.
https://docs.docker.com/engine/reference/commandline/manifest/
https://docs.docker.com/buildx/working-with-buildx/
https://engineering.docker.com/2019/06/getting-started-with-docker-for-arm-on-linux/

Two experimental functions of docker are used, and you need to enable the experimental functions when using them.

Docker manifest, manifest is a file that contains image information. Manifest list is an image list used to store image information of different OS/arch. We can create a manifest list to point to the two images and then support multiple platforms.

docker buildx, buildx is a plug-in for docker and is the next generation of docker image building. This plug-in translates the instruction sets of different platforms through qemu-user-static to run programs of other platforms on x64. buildx actually uses the moby/buildkit:buildx-stable-1 image for multi-platform builds.

Build a multi-platform version of docker registry

Refer to the following link to build the docker registry image.
https://community.arm.com/developer/tools-software/tools/b/tools-software-ides-blog/posts/deploying-multi-architecture-docker-registry

Build a DNS server to solve the buildx bug

The buildx plugin does not use the local hosts file and must use DNS. This is a bug, https://github.com/docker/buildx/issues/218, and no one in the community cares about it.
Solution: Build your own DNS, point the mirror address buildx.com to the registry machine, and use nginx later. Ubuntu has a default systemd-resolved, which is disabled and then enabled on dnsmasq.

Using nginx proxy to solve naming problems

Added nginx proxy to support both HTTP and HTTPS. The buildx plugin forced the use of HTTPS and there was no way to turn it off.
It prompts a certificate problem. The certificate is not for this domain name. The solution is: regenerate a certificate and fill in your own domain name.
Certificate problem. Do not trust the self-signed certificate. Add the self-signed certificate to the certificate trust chain of the buildx daemon container. https://github.com/docker/buildx/issues/80#issuecomment-533844117

Nginx adds two configurations to solve several problems when the client pushes.

# nignx.conf configuration proxy_ignore_client_abort on; # Ignore client warning client_max_body_size 0; # Unlimited upload file size # Virtual host configuration server {
  listen 443;
  server_name buildx.com;
  ssl on;
  ssl_certificate crt/server.crt;
  ssl_certificate_key crt/server.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #Configure according to this protocol ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; #Configure according to this suite ssl_prefer_server_ciphers on;
  location / {
    proxy_pass http://192.168.1.11:81;
  }
}

server {
  listen 80;
  server_name buildx.com;
  location / {
    proxy_pass http://192.168.1.11:81;
  }
}

Setting up a local Docker environment

The local Docker needs to enable experimental features.

1. Configure "experimental": true in /etc/docker/daemon.json and restart Docker. Enable experimental features of the Docker daemon.
2. Execute export DOCKER_CLI_EXPERIMENTAL=enabled locally to enable the experimental features of the Docker Client.
3. Use docker version to check whether the experimental function is enabled.
4. Execute docker run --rm --privileged docker/binfmt:820fdd95a9972a5308930a2bdfb8573dd4447ad3 to enable the kernel binfmt_misc function, so that you can execute programs on multiple platforms on the current platform.
5. Check if aarch64 programs are supported. cat /proc/sys/fs/binfmt_misc/qemu-aarch64
6. At this point, the local docker can run docker containers of various platforms. For example, arm64. You can use the following command to test.

# Pull the arm64 version image and run docker pull --platform arm64 alpine:3.10
docker run --rm -it alpine:3.10 sh

Make a base image

You can get versions of multiple platforms from hub.docker.com, generate a manifest list, and upload it to the registry.

# Pull arm64 version, rename, and upload. You can check whether the specific image supports multiple platforms on hub.docker.com.
docker pull --platform arm64 centos:7
docker tag centos:7 buildx.com/base/centos-arm64:7
docker push buildx.com/base/centos-arm64:7
# pull amd64 version, rename, upload docker pull --platform amd64 centos:7
docker tag centos:7 buildx.com/base/centos-amd64:7
docker push buildx.com/base/centos-amd64:7
# Create a manifest list and upload it.
docker manifest create --insecure buildx.com/base/centos:7 buildx.com/base/centos-amd64:7 buildx.com/base/centos-arm64:7
docker manifest push --insecure buildx.com/base/centos:7

Build business image

# buildx can specify multiple platforms, but requires that the FROM image in the Dockerfile must have a corresponding version.
# The image packaged by buildx will not be stored locally. Add --push to upload the docker repository. Alternatively, you can use --output to specify the output method.
docker buildx build --platform linux/amd64,linux/arm64 -t buildx.com/base/java-base:openjdk-8-centos7 . --push

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.