Kaniko is an open-source tool for building container images from a Dockerfile inside a container or Kubernetes cluster without privileged root access.
Stuff you wanna know:
- You can run kaniko in a standard Kubernetes cluster where you can’t have access to privileges or a Docker daemon.
- Kaniko doesn’t depend on a Docker daemon.
- Kaniko executes each command within a Dockerfile completely in userspace.
- Kaniko is meant to be run as an image:
gcr.io/kaniko-project/executor
.
More stuff:
- Building container images in Kubernetes and Google Container Builder without privileges — https://cloud.google.com/blog/products/containers-kubernetes/introducing-kaniko-build-container-images-in-kubernetes-and-google-container-builder-even-without-root-access
- On GitHub — https://github.com/GoogleContainerTools/kaniko
- Building Docker containers on Kubernetes with Jenkins and Kaniko — https://www.teracloud.io/single-post/build-docker-containers-on-kubernetes-with-jenkins-and-kaniko