Skip to content
Branch: master
Find file History
dlorenc and knative-prow-robot Explicitly set DOCKER_CONFIG in the kaniko build template. (#87)
This resolves Kaniko issue #392 and knative/build issue #414.
At some point, Kaniko started explicitly setting DOCKER_CONFIG so google/go-containerregistry
would use the injected credential helpers. This behavior is ideal in some cases, but inside
knative we want to use the auto-injected auth token directly.
Latest commit 58f31c4 Jan 22, 2019
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md Use revision instead of branch (#31) Jul 21, 2018
kaniko.yaml Explicitly set DOCKER_CONFIG in the kaniko build template. (#87) Jan 22, 2019

README.md

Kaniko

This build template builds source into a container image using Google's kaniko tool.

kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.

kaniko is meant to be run as an image, gcr.io/kaniko-project/executor. This makes it a perfect tool to be part of a Knative build.

Create the template

kubectl apply -f https://raw.githubusercontent.com/knative/build-templates/master/kaniko/kaniko.yaml

Parameters

  • IMAGE: The Docker image name to apply to the newly built image. (required)
  • DOCKERFILE: The path to the Dockerfile to execute (default: ./Dockerfile)

ServiceAccount

kaniko builds an image and pushes it to the destination defined as a parameter. In order to properly authenticate to the remote container registry, the build needs to have the proper credentials. This is achieved using a build ServiceAccount.

For an example on how to create such a ServiceAccount to push an image to Docker hub, see the Authentication documentation page.

Usage

Write a Build manifest and use the template section to refer to the kaniko build template. Set the value of the parameters such as the destination Docker image. Note the use of the serviceAccountName to push the image to a remote registry.

apiVersion: build.knative.dev/v1alpha1
kind: Build
metadata:
  name: kaniko-build
spec:
  serviceAccountName: build-bot
  source:
    git:
      url: https://github.com/my-user/my-repo
      revision: master
  template:
    name: kaniko
    arguments:
    - name: IMAGE
      value: us.gcr.io/my-project/my-app

In this example, the Git repo being built is expected to have a Dockerfile at the root of the repository.

You can’t perform that action at this time.