- Building Docker Images with Kaniko
- Building Docker Images with Kaniko Pushing to Docker Registries
- Building Docker Images with Kaniko Pushing to Google Container Registry (GCR)
- Building Docker Images with Kaniko Pushing to Azure Container Registry (ACR)
- Building Docker Images with Kaniko Pushing to Amazon Elastic Container Registry (ECR)
To push to Azure Container Registry (ACR) we can create an admin password for the ACR registry and use the standard Docker registry method or we can use a token. We use that token to craft both the standard Docker config file at /kaniko/.docker/config.json
plus the ACR specific file used by the Docker ACR credential helper in /kaniko/.docker/acr/config.json
. ACR does support caching and so it will push the intermediate layers to ${REGISTRY_NAME}.azurecr.io/kaniko-demo/cache:_some_large_uuid_
to be reused in subsequent builds.
RESOURCE_GROUP=kaniko-demo
REGISTRY_NAME=kaniko-demo
LOCATION=eastus
az login
# Create the resource group
az group create --name $RESOURCE_GROUP -l $LOCATION
# Create the ACR registry
az acr create --resource-group $RESOURCE_GROUP --name $REGISTRY_NAME --sku Basic
# If we want to enable password based authentication
# az acr update -n $REGISTRY_NAME --admin-enabled true
# Get the token
token=$(az acr login --name $REGISTRY_NAME --expose-token | jq -r '.accessToken')
And to build the image with kaniko
git clone https://github.com/carlossg/kaniko-demo.git
cd kaniko-demo
cat << EOF > config.json
{
"auths": {
"${REGISTRY_NAME}.azurecr.io": {}
},
"credsStore": "acr"
}
EOF
cat << EOF > config-acr.json
{
"auths": {
"${REGISTRY_NAME}.azurecr.io": {
"identitytoken": "${token}"
}
}
}
EOF
docker run \
-v `pwd`/config.json:/kaniko/.docker/config.json:ro \
-v `pwd`/config-acr.json:/kaniko/.docker/acr/config.json:ro \
-v `pwd`:/workspace \
gcr.io/kaniko-project/executor:v1.0.0 \
--destination $REGISTRY_NAME.azurecr.io/kaniko-demo:kaniko-docker \
--cache
In Kubernetes
If you want to create a new Kubernetes cluster
az aks create --resource-group $RESOURCE_GROUP \
--name AKSKanikoCluster \
--generate-ssh-keys \
--node-count 2
az aks get-credentials --resource-group $RESOURCE_GROUP --name AKSKanikoCluster --admin
In Kubernetes we need to mount the docker config file and the ACR config file with the token.
token=$(az acr login --name $REGISTRY_NAME --expose-token | jq -r '.accessToken')
cat << EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
name: kaniko-aks
spec:
restartPolicy: Never
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:v1.0.0
imagePullPolicy: Always
args: ["--dockerfile=Dockerfile",
"--context=git://github.com/carlossg/kaniko-demo.git",
"--destination=${REGISTRY_NAME}.azurecr.io/kaniko-demo:latest",
"--cache=true"]
volumeMounts:
- name: docker-config
mountPath: /kaniko/.docker/
- name: docker-acr-config
mountPath: /kaniko/.docker/acr/
resources:
limits:
cpu: 1
memory: 1Gi
volumes:
- name: docker-config
configMap:
name: docker-config
- name: docker-acr-config
secret:
name: kaniko-secret
---
apiVersion: v1
kind: ConfigMap
metadata:
name: docker-config
data:
config.json: |-
{
"auths": {
"${REGISTRY_NAME}.azurecr.io": {}
},
"credsStore": "acr"
}
---
apiVersion: v1
kind: Secret
metadata:
name: kaniko-secret
stringData:
config.json: |-
{
"auths": {
"${REGISTRY_NAME}.azurecr.io": {
"identitytoken": "${token}"
}
}
}
EOF