Using Kaniko to build images in Jenkins without docker

Pinterest LinkedIn Tumblr

Kaniko, is an open-source tool for building container images from a Dockerfile inside a container or Kubernetes cluster. This can be done without privileged root access.

We run kaniko as a container image that takes in three arguments: a Dockerfile, a build context and the name of the registry to which it should push the final image. This image is built from scratch, and contains only a static Go binary plus the configuration files needed for pushing and pulling images.

Create a dockerfile

mkdir kaniko

cp ~/.docker/config.json .

cat > Dockerfile <<EOF
FROM alpine
ENTRYPOINT ["/bin/bash", "-c", "echo hello"]

Running locally with docker

docker run \
    -it \
    --rm \
    --name kaniko \
    -v `pwd`:/workspace \
    -v `pwd`/config.json:/kaniko/.docker/config.json:ro \
    gcr.io/kaniko-project/executor:latest \
    --dockerfile=Dockerfile \
    --verbosity debug \
    --insecure \
    --skip-tls-verify \
    --destination ektowett/alpine:latest


If you are running in a k8s cluster, do the following:

Create docker push credentials as secret in the same namespace jenkins runs:

kubectl create secret docker-registry docker-credentials \
    --docker-username=dockername  \
    --docker-password='docker-password' \
    [email protected]

Have this jenkinsfile for the app:


def podLabel = "kaniko-${UUID.randomUUID().toString()}"

pipeline {
    agent {
        kubernetes {
            label podLabel
            defaultContainer 'jnlp'
            yaml """
apiVersion: v1
kind: Pod
    jenkins-build: app-build
    some-label: "build-app-${BUILD_NUMBER}"
  - name: kaniko
    image: gcr.io/kaniko-project/executor:v1.5.1-debug
    imagePullPolicy: IfNotPresent
    - /busybox/cat
    tty: true
      - name: jenkins-docker-cfg
        mountPath: /kaniko/.docker
  - name: jenkins-docker-cfg
      - secret:
          name: docker-credentials
            - key: .dockerconfigjson
              path: config.json

    environment {
        GITHUB_ACCESS_TOKEN  = credentials('github-token')

    stages {

        stage('Checkout Code') {
            steps {
              checkout scm

        stage('Build with Kaniko') {
          steps {
            container(name: 'kaniko', shell: '/busybox/sh') {
              withEnv(['PATH+EXTRA=/busybox']) {
                sh '''#!/busybox/sh -xe
                  /kaniko/executor \
                    --dockerfile Dockerfile \
                    --context `pwd`/ \
                    --verbosity debug \
                    --insecure \
                    --skip-tls-verify \
                    --destination dockername/myapp:v0.1.0 \
                    --destination dockername/myapp:latest


If you intend to run shell and inspect:

docker run --rm --name kaniko -it gcr.io/kaniko-project/executor:latest --entrypoint=/busybox/sh

I am a Devops Engineer, but I would describe myself as a Tech Enthusiast who is a fan of Open Source, Linux, Automations, Cloud and Virtualization. I love learning and exploring new things so I blog in my free time about Devops related stuff, Linux, Automations and Open Source software. I can also code in Python and Golang.

Write A Comment