How to use Kaniko to build container image on Jenkins
How to do you build container images? If you are looking for an answer to such a question that you can answer this question with docker image build, which is a good option. You know generally, we use Jenkins pod or docker agent in build and push steps. Normally, When we use docker build.
Let’s understand how this docker works. We need to dockerfile from docker image which is a set of instructions that are needed to make your docker image. you have a dockerfile in the source repository, docker daemon up and running so we can use any of docker CLI commands as docker build so we need to have a docker daemon up and running. Docker CLI can talk to the docker daemon for building the docker image.
How do you build container images inside Kubernetes clusters? if your answer is still docker, it is a terrible option. I am going to demonstrate that docker can not run inside containers or inside Kubernetes. Clusters need to communicate with docker daemon. As we all know, Docker is deprecated in Kubernetes, we need another way to build container images within the Kubernetes cluster, we know that docker in docker requires privileged mode to function so which is a kind of security concern.
Let me explain how to build an image with Kaniko without docker.
Kaniko is an open-source tool for building container images from a dockerfile inside a container or Kubernetes cluster basically Kaniko provides an executor image. The Kaniko executor image is responsible for building an image from a Dockerfile and pushing it to a registry.
Kaniko solves two problems with using the Docker-in-Docker build method:
- Docker-in-Docker requires privileged mode to function, which is a significant security concern.
- Docker-in-Docker generally incurs a performance penalty and can be quite slow
We’ll run Kaniko in Kubernetes environment with a simple pipeline. Remember, we installed Jenkins and made Kubernetes configurations in previous articles please you can read them.
Now, we need a container on Jenkins whose name is Kaniko. We will do the build step on the pipeline using Kaniko container. Let’s fill in the container template information as follows:
name: kaniko
docker-image: gcr.io/kaniko-project/executor:debug
working directory: /home/jenkins/agent
We need a volume because it will be our docker hub authentication. When we get built, we need to push the image to the docker hub. I open a git CLI and write the following commands.
echo -n username:password | base64
This command will generate a base64 password for you. Now I want you to create a config.json file, the content should be as follows:
After creating our JSON file, you should come to the command line and run the following command, this command will create a secret on Kubernetes.
kubectl create secret generic kaniko-secret — from-file=config.json — namespace=jenkins
Our configurations are ready. I have a sample spring boot application on GitHub and have simple a dockerfile, before I write the pipeline
yes, you can go to Jenkins main page and click on the new item, add a new pipeline job then I write a simple script pipeline.
There is something I want to draw your attention to, We have three different stages and have two different containers, We built and test stage with the maven container. The first stage is “Build”, we pull my application from git and build it then we will run the test command with a Test stage and in the last stage, we will build an image with Kaniko container. We give our own docker hub information to the destination parameter in Kaniko container.
we have built the application image using dockerfile and push it to the docker hub repository now we are ready for the deployment stage.
Thank you
Ertuğrul Şen
