What is Kaniko?

Kaniko is an open-source tool that allows users to create container images in their Dockerfile without root access. It can be run in standard Kubernetes cluster, Google Kubernetes Engine, or any other environment.

Kaniko takes in three arguments:

• Dockerfile
• Build context
• Name of output registry

The image is built from scratch. The Kaniko executor fetches and extracts the base image file system to root. It then executes each command, taking a snapshot at each one. The snapshot is created in user-space by walking the file system and comparing it to the previous snapshot.

It appends modification to the filesystem as a new layer to the base image, which makes changes to the image metadata.

Then, the image is pushed to the given registry where Kaniko unpacks the filesystem and executes commands and snapshots created in the user-space.

Running Kaniko on Kubernetes cluster

Before running, ensure that the pod specs look something like this:

A user needs to mount a Kubernetes secret to push the final image onto a registry.

Running Kaniko in Google Cloud container

To run it on Google Cloud Container, Kaniko needs to be added as a build step to the build config.

The executor builds and pushes the image onto the registry in this step:

The official documentation for Kaniko can be found herehttps://cloud.google.com/blog/products/containers-kubernetes/introducing-kaniko-build-container-images-in-kubernetes-and-google-container-builder-even-without-root-access.