brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ed00719fe61c6eacd0b6ca26a60db169fdd3e130
oam/knowledge base/kaniko.md
Michele Cereda 4593d13068 chore(kb): start article about kaniko
2024-09-08 18:17:33 +02:00

3.4 KiB
Raw Blame History

Kaniko

Tool to build container images from a Dockerfile without the need of the Docker engine.

  1. TL;DR
  2. Further readings
    1. Sources

TL;DR

Kaniko requires to be run from a container using the gcr.io/kaniko-project/executor image.

It builds images completely in userspace from within the container by executing the Dockerfile's commands in order and taking a snapshot of the file system after each command result.
Should there be any changes to the file system, Kaniko takes a snapshot of the change as a diff layer and updates the resulting image's metadata.

kaniko supports the following storage solutions for the build contexts:

  • GCS Bucket
  • S3 Bucket
  • Azure Blob Storage
  • Local Directory
  • Local Tar
  • Standard Input
  • Git Repository

The executor image has the following built in:

  • Amazon ECR credential helper.
  • Azure ACR credential helper.
Setup 
docker pull 'gcr.io/kaniko-project/executor'
docker pull 'gcr.io/kaniko-project/executor:debug'
docker pull 'gcr.io/kaniko-project/executor:v1.23.2-debug'
Usage 
docker run --rm --name 'kaniko' -ti -v "$PWD:/workspace" 'gcr.io/kaniko-project/executor' \
  --context '/workspace/context' --dockerfile '/workspace/context/Dockerfile' --no-push
docker run … \
  -e "GOOGLE_APPLICATION_CREDENTIALS=/kaniko/config.json" \
  -v "$PWD/gcp-secret.json:/kaniko/config.json:ro" \
  -v "$HOME/.docker/config.json:/kaniko/.docker/config.json:ro" \
  -v "$HOME/.aws:/root/.aws:ro" \
  'gcr.io/kaniko-project/executor' \
    --context 'dir://context' \
    --destination 'docker-hub-repo/custom-image:1.2.3' \
    --destination '012345678901.dkr.ecr.eu-west-1.amazonaws.com/aws-repo:1.2.3' \
    --destination 'gcr.io/gcp-project-id/custom-image:1.2.3' \
    --destination 'mycr.azurecr.io/azure-repository:1.2.3'
docker run … -v "$PWD/config.json:/kaniko/.docker/config.json:ro" 'gcr.io/kaniko-project/executor:latest'
docker run … 'gcr.io/kaniko-project/executor' … --cache true --custom-platform 'linux/amd64'
Real world use cases 
# Test the Dockerfile from an Ansible execution environment the way a GitLab pipeline would need to execute it.
docker run --rm -ti -v "$PWD:/workspace" --entrypoint '' 'gcr.io/kaniko-project/executor:v1.23.2-debug' \
  /kaniko/executor --context '/workspace/context' --dockerfile '/workspace/context/Dockerfile' --no-push

Further readings

Sources