Using Kaniko in a K8S Cluster
Kaniko is a tool developed to build and push container images into a container image registry inside a container.
Imagine if you have a scenario, where you have to build and push a docker image to a remote container registry inside a containerized environment. What would you do?
To do that, you need to run a container with Docker installed (Docker daemon), and build and push the Docker image you need.
But there could be scenarios where it is difficult to run docker daemon secure and convenient way. That’s where Kaniko comes into play.
As mentioned in the Kaniko documentation, Kaniko does not depend on the Docker daemon. It executed Docker command within Docker file in the userspace. Hence it avoids the aforementioned issue.
In this article, I would explain how to use Kaniko in K8S cluster to build/push the docker image to a dockerhub registry.
To fulfil your purpose with Kaniko, you need to pass 4 inputs to the Kaniko pod.
apiVersion: v1
kind: Pod
metadata:
name: kaniko
spec:
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args: ["--dockerfile=<path to Dockerfile within the build context>",
"--context=<path to the build context>",
"--destination=<dockerHubRepo/image:tag>"]
volumeMounts:
- name: <volume-names>
mountPath: <mount path in the Kaniko pod>
restartPolicy: Never
volumes:
- name: <volume-name>
secret:
secretName: <volume artifact name (configmap/secret/pvc) >- Build context (To be referred by the Dockerfile)
- Dockerfile ( To build the image)
- Docker config (To push the image to a docker registry)
- Destination ( Where to push the image)
As mentioned above spec, I need to pass the build context. Here I have it mounted it to the Kaniko pod and in the arguments, and I am providing the path for the build-context as an argument. For the demo purpose, I have my build context in a config map and I am attaching it to the Kaniko pod. Volume mount can be varied such as PVC even.
Now that we have the build context, we need to provide the path to the Dockerfile also as an argument. Since I have mounted it locally, I can provide the path to the Docker file.
Docker configurations related to the docker destination has to be passed to the Kaniko pod as a secret. This should be in the form of a typical docker configuration, which is similar to the configuration resides in home/<user>/.docker/config.json. Mount location of this Docker configurations is /kaniko/.docker/ directory. Since this contains confidential information, this can be mounted to the Kaniko pod as a k8s secret.
Finally, we need to provide the destination, where the image would be pushed after building the image within the Kaniko container.
The following depicts the deployment of the Kaniko that I used to build a docker image within the k8s cluster and push the image to the docker registry. As mentioned in the above steps, I have configured the following deployment to achieve it
Once you deploy this on the k8s cluster, it will create a Pod using the Kaniko image, and build the container image and push it to the registry using the provided arguments.
Following the above steps, you would not have to worry about unnecessary things since Kaniko takes care of all the things from building the image to pushing the image.
I believe you may get something valuable from the article.
