brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(kb): start article about kaniko

Browse Source
This commit is contained in:
Michele Cereda
2024-09-08 18:17:33 +02:00
parent 8943ad0ed5
commit 4593d13068
4 changed files with 110 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
knowledge base/containerd.md
View File

@@ -10,6 +10,7 @@ TODO
- [Github] - [Github]
- [Docker] - [Docker]
- [NerdCTL] - [NerdCTL]
- [Kaniko]
<!-- <!--
Reference Reference
@@ -18,6 +19,7 @@ TODO
<!-- Knowledge base --> <!-- Knowledge base -->
[docker]: docker.md [docker]: docker.md
[kaniko]: kaniko.md
[nerdctl]: nerdctl.md [nerdctl]: nerdctl.md
<!-- Upstream --> <!-- Upstream -->

2
knowledge base/docker.md
View File

@@ -391,6 +391,7 @@ docker load …
- [Dive] - [Dive]
- [Testcontainers] - [Testcontainers]
- [Containerd] - [Containerd]
- [Kaniko]
### Sources ### Sources
@@ -416,6 +417,7 @@ docker load …
<!-- Knowledge base --> <!-- Knowledge base -->
[containerd]: containerd.md [containerd]: containerd.md
[dive]: dive.placeholder [dive]: dive.placeholder
[kaniko]: kaniko.md
[podman]: podman.md [podman]: podman.md
[testcontainers]: testcontainers.md [testcontainers]: testcontainers.md

102
knowledge base/kaniko.md Normal file
View File

@@ -0,0 +1,102 @@
# Kaniko
Tool to build container images from a Dockerfile with**out** the need of the Docker engine.
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
Kaniko requires to be run from a container using the `gcr.io/kaniko-project/executor` image.
It builds images completely in userspace from within the container by executing the Dockerfile's commands in order and
taking a snapshot of the file system after each command result.<br/>
Should there be any changes to the file system, Kaniko takes a snapshot of the change as a _diff_ layer and updates the
resulting image's metadata.
kaniko supports the following storage solutions for the build contexts:
- GCS Bucket
- S3 Bucket
- Azure Blob Storage
- Local Directory
- Local Tar
- Standard Input
- Git Repository
The executor image has the following built in:
- Amazon ECR credential helper.
- Azure ACR credential helper.
<details>
<summary>Setup</summary>
```sh
docker pull 'gcr.io/kaniko-project/executor'
docker pull 'gcr.io/kaniko-project/executor:debug'
docker pull 'gcr.io/kaniko-project/executor:v1.23.2-debug'
```
</details>
<details>
<summary>Usage</summary>
```sh
docker run --rm --name 'kaniko' -ti -v "$PWD:/workspace" 'gcr.io/kaniko-project/executor' \
--context '/workspace/context' --dockerfile '/workspace/context/Dockerfile' --no-push
docker run … \
-e "GOOGLE_APPLICATION_CREDENTIALS=/kaniko/config.json" \
-v "$PWD/gcp-secret.json:/kaniko/config.json:ro" \
-v "$HOME/.docker/config.json:/kaniko/.docker/config.json:ro" \
-v "$HOME/.aws:/root/.aws:ro" \
'gcr.io/kaniko-project/executor' \
--context 'dir://context' \
--destination 'docker-hub-repo/custom-image:1.2.3' \
--destination '012345678901.dkr.ecr.eu-west-1.amazonaws.com/aws-repo:1.2.3' \
--destination 'gcr.io/gcp-project-id/custom-image:1.2.3' \
--destination 'mycr.azurecr.io/azure-repository:1.2.3'
docker run … -v "$PWD/config.json:/kaniko/.docker/config.json:ro" 'gcr.io/kaniko-project/executor:latest'
docker run … 'gcr.io/kaniko-project/executor' … --cache true --custom-platform 'linux/amd64'
```
</details>
<details>
<summary>Real world use cases</summary>
```sh
# Test the Dockerfile from an Ansible execution environment the way a GitLab pipeline would need to execute it.
docker run --rm -ti -v "$PWD:/workspace" --entrypoint '' 'gcr.io/kaniko-project/executor:v1.23.2-debug' \
/kaniko/executor --context '/workspace/context' --dockerfile '/workspace/context/Dockerfile' --no-push
```
</details>
## Further readings
- [Main repository]
### Sources
- [Use kaniko to build Docker images]
- [An Introduction to Kaniko]
- [Introducing kaniko: Build container images in Kubernetes and Google Container Builder without privileges]
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
<!-- Knowledge base -->
<!-- Files -->
<!-- Upstream -->
[introducing kaniko: build container images in kubernetes and google container builder without privileges]: https://cloud.google.com/blog/products/containers-kubernetes/introducing-kaniko-build-container-images-in-kubernetes-and-google-container-builder-even-without-root-access
[main repository]: https://github.com/GoogleContainerTools/kaniko
<!-- Others -->
[an introduction to kaniko]: https://www.baeldung.com/ops/kaniko
[use kaniko to build docker images]: https://docs.gitlab.com/ee/ci/docker/using_kaniko.html

4
knowledge base/podman.md
View File

@@ -20,6 +20,8 @@ sudo zypper install 'podman'
- [Website] - [Website]
- [Docker] - [Docker]
- [Containerd]
- [Kaniko]
<!-- <!--
Reference Reference
@@ -27,7 +29,9 @@ sudo zypper install 'podman'
--> -->
<!-- Knowledge base --> <!-- Knowledge base -->
[containerd]: containerd.md
[docker]: docker.md [docker]: docker.md
[kaniko]: kaniko.md
<!-- Upstream --> <!-- Upstream -->
[website]: https://podman.io/ [website]: https://podman.io/