This is how I'm using kaniko to build docker images in my gitlab CI, which is working great.
But I need to read a json file to get some values. Therefore I need to get access to jq
.
.gilab-ci.yml
deploy:
stage: deployment
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64)\"}}}" > /kaniko/.docker/config.json
- |
/kaniko/executor \
--context $CI_PROJECT_DIR \
--dockerfile $CI_PROJECT_DIR/app/Dockerfile \
--destination $CI_REGISTRY_IMAGE/app:latest \
done
- jq # <- Is not working, as jq is not installed
Is it possible to add jq to the image to avoid installing it always and repeatedly on this stage?
On all other stages I'm using my own alpine image to which I added everything I need in my CI pipeline. So another option would be to add kaniko to this image - if possible. That would result in one image which has all utilities needed.
Dockerfile
FROM alpine:3.14.2
RUN apk --update add \
bash \
curl \
git \
jq \
npm
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.4/bin/linux/amd64/kubectl
RUN chmod u+x kubectl && mv kubectl /bin/kubectl
# Add kaniko to this image??
Official Kaniko Docker image is built from scratch
using standalone Go binaries (see Dockerfile from Kaniko's GitHub repository). You can re-use the same binaries from official image and copy them in your image such as:
# Use this FROM instruction as shortcut to use --copy=from kaniko below
# It's also possible to use directly COPY --from=gcr.io/kaniko-project/executor
FROM gcr.io/kaniko-project/executor AS kaniko
FROM alpine:3.14.2
RUN apk --update add \
bash \
curl \
git \
jq \
npm
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.4/bin/linux/amd64/kubectl
RUN chmod u+x kubectl && mv kubectl /bin/kubectl
#
# Add kaniko to this image by re-using binaries and steps from official image
#
COPY --from=kaniko /kaniko/executor /kaniko/executor
COPY --from=kaniko /kaniko/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=kaniko /kaniko/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=kaniko /kaniko/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf
COPY --from=kaniko /kaniko/.docker /kaniko/.docker
ENV PATH $PATH:/usr/local/bin:/kaniko
ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
EDIT: for the debug image, Dockerfile would be:
FROM gcr.io/kaniko-project/executor:debug AS kaniko
FROM alpine:3.14.2
RUN apk --update add \
bash \
curl \
git \
jq \
npm
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.4/bin/linux/amd64/kubectl
RUN chmod u+x kubectl && mv kubectl /bin/kubectl
#
# Add kaniko to this image by re-using binaries and steps from official image
#
COPY --from=kaniko /kaniko/ /kaniko/
COPY --from=kaniko /kaniko/warmer /kaniko/warmer
COPY --from=kaniko /kaniko/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=kaniko /kaniko/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=kaniko /kaniko/docker-credential-acr /kaniko/docker-credential-acr
COPY --from=kaniko /kaniko/.docker /kaniko/.docker
COPY --from=busybox:1.32.0 /bin /busybox
ENV PATH $PATH:/usr/local/bin:/kaniko:/busybox
ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
Note that you need to use gcr.io/kaniko-project/executor:debug
(for latest version) or gcr.io/kaniko-project/executor:v1.6.0-debug
as source (or another tag)
Tested building a small image, seems to work fine:
# Built above example with docker build . -t kaniko-alpine
# And ran container with docker run -it kaniko-alpine sh
echo "FROM alpine" > Dockerfile
echo "RUN echo hello" >> Dockerfile
echo "COPY Dockerfile Dockerfile" >> Dockerfile
executor version
executor -c . --no-push
# Output like:
#
# Kaniko version : v1.6.0
#
# INFO[0000] Retrieving image manifest alpine
# INFO[0000] Retrieving image alpine from registry index.docker.io
# INFO[0000] GET KEYCHAIN
# [...]
# INFO[0001] RUN echo hello
# INFO[0001] Taking snapshot of full filesystem...
# INFO[0001] cmd: /bin/sh
# INFO[0001] args: [-c echo hello]
# INFO[0001] Running: [/bin/sh -c echo hello]
# [...]
Note that using Kaniko binaries outside of their official image is not recommended, even though it may still work fine:
kaniko is meant to be run as an image:
gcr.io/kaniko-project/executor
. We do not recommend running the kaniko executor binary in another image, as it might not work.