使用docker manifest制作本地多架构镜像

前言：越来越多的k8s集群使用混合异构节点（x86和arm），但k8s workload yaml中镜像的tag只能配置成一个，其实节点在拉取镜像时能够根据系统架构自动判断并拉取对应架构镜像，只需要我们准备好多架构镜像即可。
目的：通过一个tag来管理多种架构的镜像
前置条件：准备一个本地镜像仓库，例如harbor

1.拉取同一镜像不同架构版本

Dockerhub官网：hub.docker.com
找到镜像的不同架构版本，例如nginx: 1.28.0-alpine镜像：

拉取对应镜像的不同架构版本，找到对应架构的degest：

amd64镜像：

docker pull nginx:1.28.0-alpine@sha256:07273e8eb118b64e6d2c1e7e0f7404566bde3901e22871f42b68422c317904c7
# 查看下载结果：
docker images --digests | grep 07273
# 找到镜像id，查看镜像架构信息：
docker inspect a97d82f709e2 | grep -i arch
# 返回："Architecture": "amd64",

arm64 镜像：

docker pull nginx:1.28.0-alpine@sha256:77f95364263e19d9d8213f0ed350573120cdd5626c61f9c080dfbe1a907be936
# 查看下载结果：
docker images --digests | grep 77f953
# 找到镜像id，查看镜像架构信息：
docker inspect 4fafb5d15201 | grep -i arch
# 返回："Architecture": "arm64",

2.将多架构镜像推送至本地仓库

将两个镜像推送至harbor本地仓库：

docker tag a97d82f709e2 172.16.49.122:880/library/nginx-amd64:1.28.0-alpine
docker tag 4fafb5d15201 172.16.49.122:880/library/nginx-arm64:1.28.0-alpinedocker push 172.16.49.122:880/library/nginx-amd64:1.28.0-alpine
docker push 172.16.49.122:880/library/nginx-arm64:1.28.0-alpine

3.使用docker manifest 制作多架构镜像

可以使用 docker manifest 的子命令create创建一个manifest list，即将多个平台的镜像合并为一个镜像。

[root@atomci tmp]# docker manifest create --insecure 172.16.49.122:880/library/nginx:1.28.0-alpine-mult 172.16.49.122:880/library/nginx-amd64:1.28.0-alpine 172.16.49.122:880/library/nginx-arm64:1.28.0-alpine 
Created manifest list 172.16.49.122:880/library/nginx:1.28.0-alpine-mult

推送manifest 到harbor镜像仓库：

[root@atomci tmp]# docker manifest push --insecure 172.16.49.122:880/library/nginx:1.28.0-alpine-mult 
Pushed ref 172.16.49.122:880/library/nginx@sha256:c958e0f81fac91f79df7dae348f21081074d09f38c08b80915c56ce00f8ebdf0 with digest: sha256:c958e0f81fac91f79df7dae348f21081074d09f38c08b80915c56ce00f8ebdf0
Pushed ref 172.16.49.122:880/library/nginx@sha256:20cb2948dfe0f154a42bd0092384685c24381e070c9b52b18339cb4250e15d85 with digest: sha256:20cb2948dfe0f154a42bd0092384685c24381e070c9b52b18339cb4250e15d85
sha256:0461976f555856a4ea1a21ce87f883205be11004016ff843e8b282a39eb2c7e5

登录harbor查看推送情况

4.多架构镜像验证

在amd64机器拉取harbor对应nginx:1.28.0-alpine-mult 镜像：

[root@atomci tmp]# uname -a
Linux atomci 4.18.0-553.el8_10.x86_64 #1 SMP Fri May 24 13:05:10 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
[root@atomci tmp]# docker pull 172.16.49.122:880/library/nginx:1.28.0-alpine-mult
1.28.0-alpine-mult: Pulling from library/nginx
Digest: sha256:0461976f555856a4ea1a21ce87f883205be11004016ff843e8b282a39eb2c7e5
Status: Downloaded newer image for 172.16.49.122:880/library/nginx:1.28.0-alpine-mult
172.16.49.122:880/library/nginx:1.28.0-alpine-mult
[root@atomci tmp]# docker inspect 172.16.49.122:880/library/nginx:1.28.0-alpine-mult | grep -i arch"Architecture": "amd64",

在arm64机器拉取harbor对应nginx:1.28.0-alpine-mult 镜像：

[root@localhost ~]# uname -a
Linux localhost.localdomain 5.10.0-216.0.0.115.oe2203sp4.aarch64 #1 SMP Thu Jun 27 15:22:10 CST 2024 aarch64 aarch64 aarch64 GNU/Linux
[root@localhost ~]# docker pull 172.16.49.122:880/library/nginx:1.28.0-alpine-mult
1.28.0-alpine-mult: Pulling from library/nginx
d06c6b665c9b: Pull complete 
8d7a34873ed7: Pull complete 
8e6a496a7389: Pull complete 
1c6d1fe6cbe2: Pull complete 
34dbac7ab734: Pull complete 
d17a55bb04d0: Pull complete 
d4841cb53dc6: Pull complete 
dbe481995e28: Pull complete 
Digest: sha256:0461976f555856a4ea1a21ce87f883205be11004016ff843e8b282a39eb2c7e5
Status: Downloaded newer image for 172.16.49.122:880/library/nginx:1.28.0-alpine-mult
172.16.49.122:880/library/nginx:1.28.0-alpine-mult
[root@localhost ~]# docker inspect 172.16.49.122:880/library/nginx:1.28.0-alpine-mult | grep -i arch"Architecture": "arm64",

PS: k8s拉取镜像同理（使用containerd or docker）