From 4593d13068d0a8e19fc511729959add4cef51a37 Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Sun, 8 Sep 2024 18:17:33 +0200
Subject: [PATCH] chore(kb): start article about kaniko

---
 knowledge base/containerd.md |   2 +
 knowledge base/docker.md     |   2 +
 knowledge base/kaniko.md     | 102 +++++++++++++++++++++++++++++++++++
 knowledge base/podman.md     |   4 ++
 4 files changed, 110 insertions(+)
 create mode 100644 knowledge base/kaniko.md

diff --git a/knowledge base/containerd.md b/knowledge base/containerd.md
index 79243f8..8b7f8cb 100644
--- a/knowledge base/containerd.md	
+++ b/knowledge base/containerd.md	
@@ -10,6 +10,7 @@ TODO
 - [Github]
 - [Docker]
 - [NerdCTL]
+- [Kaniko]
 
 <!--
   Reference
@@ -18,6 +19,7 @@ TODO
 
 <!-- Knowledge base -->
 [docker]: docker.md
+[kaniko]: kaniko.md
 [nerdctl]: nerdctl.md
 
 <!-- Upstream -->
diff --git a/knowledge base/docker.md b/knowledge base/docker.md
index ce7277d..f32ba14 100644
--- a/knowledge base/docker.md	
+++ b/knowledge base/docker.md	
@@ -391,6 +391,7 @@ docker load …
 - [Dive]
 - [Testcontainers]
 - [Containerd]
+- [Kaniko]
 
 ### Sources
 
@@ -416,6 +417,7 @@ docker load …
 <!-- Knowledge base -->
 [containerd]: containerd.md
 [dive]: dive.placeholder
+[kaniko]: kaniko.md
 [podman]: podman.md
 [testcontainers]: testcontainers.md
 
diff --git a/knowledge base/kaniko.md b/knowledge base/kaniko.md
new file mode 100644
index 0000000..99a449d
--- /dev/null
+++ b/knowledge base/kaniko.md	
@@ -0,0 +1,102 @@
+# Kaniko
+
+Tool to build container images from a Dockerfile with**out** the need of the Docker engine.
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+   1. [Sources](#sources)
+
+## TL;DR
+
+Kaniko requires to be run from a container using the `gcr.io/kaniko-project/executor` image.
+
+It builds images completely in userspace from within the container by executing the Dockerfile's commands in order and
+taking a snapshot of the file system after each command result.<br/>
+Should there be any changes to the file system, Kaniko takes a snapshot of the change as a _diff_ layer and updates the
+resulting image's metadata.
+
+kaniko supports the following storage solutions for the build contexts:
+
+- GCS Bucket
+- S3 Bucket
+- Azure Blob Storage
+- Local Directory
+- Local Tar
+- Standard Input
+- Git Repository
+
+The executor image has the following built in:
+
+- Amazon ECR credential helper.
+- Azure ACR credential helper.
+
+<details>
+  <summary>Setup</summary>
+
+```sh
+docker pull 'gcr.io/kaniko-project/executor'
+docker pull 'gcr.io/kaniko-project/executor:debug'
+docker pull 'gcr.io/kaniko-project/executor:v1.23.2-debug'
+```
+
+</details>
+
+<details>
+  <summary>Usage</summary>
+
+```sh
+docker run --rm --name 'kaniko' -ti -v "$PWD:/workspace" 'gcr.io/kaniko-project/executor' \
+  --context '/workspace/context' --dockerfile '/workspace/context/Dockerfile' --no-push
+docker run … \
+  -e "GOOGLE_APPLICATION_CREDENTIALS=/kaniko/config.json" \
+  -v "$PWD/gcp-secret.json:/kaniko/config.json:ro" \
+  -v "$HOME/.docker/config.json:/kaniko/.docker/config.json:ro" \
+  -v "$HOME/.aws:/root/.aws:ro" \
+  'gcr.io/kaniko-project/executor' \
+    --context 'dir://context' \
+    --destination 'docker-hub-repo/custom-image:1.2.3' \
+    --destination '012345678901.dkr.ecr.eu-west-1.amazonaws.com/aws-repo:1.2.3' \
+    --destination 'gcr.io/gcp-project-id/custom-image:1.2.3' \
+    --destination 'mycr.azurecr.io/azure-repository:1.2.3'
+docker run … -v "$PWD/config.json:/kaniko/.docker/config.json:ro" 'gcr.io/kaniko-project/executor:latest'
+docker run … 'gcr.io/kaniko-project/executor' … --cache true --custom-platform 'linux/amd64'
+```
+
+</details>
+
+<details>
+  <summary>Real world use cases</summary>
+
+```sh
+# Test the Dockerfile from an Ansible execution environment the way a GitLab pipeline would need to execute it.
+docker run --rm -ti -v "$PWD:/workspace" --entrypoint '' 'gcr.io/kaniko-project/executor:v1.23.2-debug' \
+  /kaniko/executor --context '/workspace/context' --dockerfile '/workspace/context/Dockerfile' --no-push
+```
+
+</details>
+
+## Further readings
+
+- [Main repository]
+
+### Sources
+
+- [Use kaniko to build Docker images]
+- [An Introduction to Kaniko]
+- [Introducing kaniko: Build container images in Kubernetes and Google Container Builder without privileges]
+
+<!--
+  Reference
+  ═╬═Time══
+  -->
+
+<!-- In-article sections -->
+<!-- Knowledge base -->
+<!-- Files -->
+<!-- Upstream -->
+[introducing kaniko: build container images in kubernetes and google container builder without privileges]: https://cloud.google.com/blog/products/containers-kubernetes/introducing-kaniko-build-container-images-in-kubernetes-and-google-container-builder-even-without-root-access
+[main repository]: https://github.com/GoogleContainerTools/kaniko
+
+<!-- Others -->
+[an introduction to kaniko]: https://www.baeldung.com/ops/kaniko
+[use kaniko to build docker images]: https://docs.gitlab.com/ee/ci/docker/using_kaniko.html
diff --git a/knowledge base/podman.md b/knowledge base/podman.md
index 6535200..878ce22 100644
--- a/knowledge base/podman.md	
+++ b/knowledge base/podman.md	
@@ -20,6 +20,8 @@ sudo zypper install 'podman'
 
 - [Website]
 - [Docker]
+- [Containerd]
+- [Kaniko]
 
 <!--
   Reference
@@ -27,7 +29,9 @@ sudo zypper install 'podman'
   -->
 
 <!-- Knowledge base -->
+[containerd]: containerd.md
 [docker]: docker.md
+[kaniko]: kaniko.md
 
 <!-- Upstream -->
 [website]: https://podman.io/