- Building Docker Images with Kaniko
- Building Docker Images with Kaniko Pushing to Docker Registries
- Building Docker Images with Kaniko Pushing to Google Container Registry (GCR)
- Building Docker Images with Kaniko Pushing to Azure Container Registry (ACR)
- Building Docker Images with Kaniko Pushing to Amazon Elastic Container Registry (ECR)
We can build a Docker image with kaniko and push it to Docker Hub or any other standard Docker registry.
Running kaniko from a Docker daemon does not provide much advantage over just running a docker build, but it is useful for testing or validation. It also helps understand how kaniko works and how it supports the different registries and authentication mechanisms.
git clone https://github.com/carlossg/kaniko-demo.git
cd kaniko-demo
# if you just want to test the build, no pushing
docker run \
-v `pwd`:/workspace gcr.io/kaniko-project/executor:v1.0.0 \
--no-push
Building by itself is not very useful, so we want to push to a remote Docker registry.
To push to DockerHub or any other username and password Docker registries we need to mount the Docker config.json file that contains the credentials. Caching will not work for DockerHub as it does not support repositories with more than 2 path sections (acme/myimage/cache), but it will work in Artifactory and maybe other registry implementations.
DOCKER_USERNAME=[...]
DOCKER_PASSWORD=[...]
AUTH=$(echo -n "${DOCKER_USERNAME}:${DOCKER_PASSWORD}" | base64)
cat << EOF > config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "${AUTH}"
}
}
}
EOF
docker run \
-v `pwd`/config.json:/kaniko/.docker/config.json:ro \
-v `pwd`:/workspace \
gcr.io/kaniko-project/executor:v1.0.0 \
--destination $DOCKER_USERNAME/kaniko-demo:kaniko-docker
In Kubernetes
In Kubernetes we can manually create a pod that will do our Docker image build. We need to provide the build context, containing the same files that we would put in the directory used when building a Docker image with a Docker daemon. It should contain the Dockerfile and any other files used to build the image, ie. referenced in COPY commands.
As build context we can use multiple sources
- GCS Bucket (as a
tar.gzfile)gs://kaniko-bucket/path/to/context.tar.gz
- S3 Bucket (as a
tar.gzfile) `s3://kaniko-bucket/path/to/context.tar.gz
- Azure Blob Storage (as a
tar.gzfile)https://myaccount.blob.core.windows.net/container/path/to/context.tar.gz
- Local Directory, mounted in the
/workspacedir as shown abovedir:///workspace
- Git Repository
git://github.com/acme/myproject.git#refs/heads/mybranch
Depending on where we want to push to, we will also need to create the corresponding secrets and config maps.
We are going to show examples building from a git repository as it will be the most typical use case.
Deploying to Docker Hub or a Docker registry
We will need the Docker registry credentials in a config.json file, the same way that we need them to pull images from a private registry in Kubernetes.
DOCKER_USERNAME=[...]
DOCKER_PASSWORD=[...]
DOCKER_SERVER=https://index.docker.io/v1/
kubectl create secret docker-registry regcred \
--docker-server=${DOCKER_SERVER} \
--docker-username=${DOCKER_USERNAME} \
--docker-password=${DOCKER_PASSWORD}
cat << EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
name: kaniko-docker
spec:
restartPolicy: Never
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:v1.0.0
imagePullPolicy: Always
args: ["--dockerfile=Dockerfile",
"--context=git://github.com/carlossg/kaniko-demo.git",
"--destination=${DOCKER_USERNAME}/kaniko-demo"]
volumeMounts:
- name: docker-config
mountPath: /kaniko/.docker
resources:
limits:
cpu: 1
memory: 1Gi
volumes:
- name: docker-config
projected:
sources:
- secret:
name: regcred
items:
- key: .dockerconfigjson
path: config.json
EOF
Carlos Sanchez's Weblog 
Pingback: Building Docker Images with Kaniko | Carlos Sanchez's Weblog