It is a common practice to build customized docker images and then push it to image repositories for future (re)use. The most common way of building images is by the use of Dockerfile which needs access to docker daemon. The access to docker daemon presents a few challenges and limitations especially around security (Open sockets) and ease of use (Docker in docker anyone?). This becomes an even more important factor for example if you want to build inside a Kubernetes cluster or inside the executor slaves created by the CI/CD pipeline.
To overcome this challenge a bunch of tools were written which can read the instructions in Dockerfile and build container images – just without needing the Docker daemon. The notable once and that I am aware of are Buildah from project atomic, Kaniko from Google and Img written by Jess Frazelle. In this tutorial, we will look at Kaniko and build a sample image which will be pushed to AWS’s ECR repository.
Kaniko is a tool a daemonless container image builder. It can run inside Kubernetes cluster as a docker image to build docker images. It also suppors running in google container builder or from within gVisor. For running locally you just need docker engine and gcloud installed. For details about the inner working of Kaniko, checkout the blog post.
Kaniko is run as a container itself, and needs the following information to build a docker image:
We will install Kaniko and build an image from a local Dockerfile and push it to AWS ECR.
$HOME/.aws/credentials
file should be correctly set with
“aws_access_key_id” and “aws_secret_access_key”.$HOME/.docker/config.json
file to have your ECR repo:
git clone https://github.com/GoogleContainerTools/kaniko.git
make images
Kaniko requires a build context (workspace) directory which would have
the necessary artifacts required at the time of building an image. We
will create a workspace directory viz. $HOME/workspace
. We will use
the Dockerfile below, which copies a simple file hello-world.txt into
the docker image. Copy this Dockerfile into your workspace.
Now, that the basic setup is in place. Lets, build an image and push it to an ECR repo.
Running the command:
run_in_docker.sh /workspace/Dockerfile /workspace/
aws_account_id.dkr.ecr.region.amazonaws.com/my-test-repo:kaniko
To verify, if the image upload was sucessful, check the AWS ECR
dashboard or pull this image from the ECR repo (make sure you have done
a docker login
for ECR repo)
AWS ECR dashboard:
Image pull:
Looking for help with your cloud native journey? do check our cloud native consulting capabilities and expertise to know how we can help with your transformation journey.