- Building Docker Images with Kaniko
- Building Docker Images with Kaniko Pushing to Docker Registries
- Building Docker Images with Kaniko Pushing to Google Container Registry (GCR)
- Building Docker Images with Kaniko Pushing to Azure Container Registry (ACR)
- Building Docker Images with Kaniko Pushing to Amazon Elastic Container Registry (ECR)
To push to Azure Container Registry (ACR) we can create an admin password for the ACR registry and use the standard Docker registry method or we can use a token. We use that token to craft both the standard Docker config file at /kaniko/.docker/config.json
plus the ACR specific file used by the Docker ACR credential helper in /kaniko/.docker/acr/config.json
. ACR does support caching and so it will push the intermediate layers to ${REGISTRY_NAME}.azurecr.io/kaniko-demo/cache:_some_large_uuid_
to be reused in subsequent builds.
RESOURCE_GROUP=kaniko-demo REGISTRY_NAME=kaniko-demo LOCATION=eastus az login # Create the resource group az group create --name $RESOURCE_GROUP -l $LOCATION # Create the ACR registry az acr create --resource-group $RESOURCE_GROUP --name $REGISTRY_NAME --sku Basic # If we want to enable password based authentication # az acr update -n $REGISTRY_NAME --admin-enabled true # Get the token token=$(az acr login --name $REGISTRY_NAME --expose-token | jq -r '.accessToken')
And to build the image with kaniko
git clone https://github.com/carlossg/kaniko-demo.git cd kaniko-demo cat << EOF > config.json { "auths": { "${REGISTRY_NAME}.azurecr.io": {} }, "credsStore": "acr" } EOF cat << EOF > config-acr.json { "auths": { "${REGISTRY_NAME}.azurecr.io": { "identitytoken": "${token}" } } } EOF docker run \ -v `pwd`/config.json:/kaniko/.docker/config.json:ro \ -v `pwd`/config-acr.json:/kaniko/.docker/acr/config.json:ro \ -v `pwd`:/workspace \ gcr.io/kaniko-project/executor:v1.0.0 \ --destination $REGISTRY_NAME.azurecr.io/kaniko-demo:kaniko-docker \ --cache
In Kubernetes
If you want to create a new Kubernetes cluster
az aks create --resource-group $RESOURCE_GROUP \ --name AKSKanikoCluster \ --generate-ssh-keys \ --node-count 2 az aks get-credentials --resource-group $RESOURCE_GROUP --name AKSKanikoCluster --admin
In Kubernetes we need to mount the docker config file and the ACR config file with the token.
token=$(az acr login --name $REGISTRY_NAME --expose-token | jq -r '.accessToken') cat << EOF | kubectl create -f - apiVersion: v1 kind: Pod metadata: name: kaniko-aks spec: restartPolicy: Never containers: - name: kaniko image: gcr.io/kaniko-project/executor:v1.0.0 imagePullPolicy: Always args: ["--dockerfile=Dockerfile", "--context=git://github.com/carlossg/kaniko-demo.git", "--destination=${REGISTRY_NAME}.azurecr.io/kaniko-demo:latest", "--cache=true"] volumeMounts: - name: docker-config mountPath: /kaniko/.docker/ - name: docker-acr-config mountPath: /kaniko/.docker/acr/ resources: limits: cpu: 1 memory: 1Gi volumes: - name: docker-config configMap: name: docker-config - name: docker-acr-config secret: name: kaniko-secret --- apiVersion: v1 kind: ConfigMap metadata: name: docker-config data: config.json: |- { "auths": { "${REGISTRY_NAME}.azurecr.io": {} }, "credsStore": "acr" } --- apiVersion: v1 kind: Secret metadata: name: kaniko-secret stringData: config.json: |- { "auths": { "${REGISTRY_NAME}.azurecr.io": { "identitytoken": "${token}" } } } EOF