Jenkins Agent Docker Kaniko contains the Jenkins Remoting library and Kaniko. It can be used with Amazon EC2 Container Service Plugin to build Docker images from a container running on an Amazon ECS cluster.
Jenkins Agent Docker Kaniko contains the following images:
jenkins/jnlp-slave contains Jenkins Remoting, a library which implements the communication layer in Jenkins.
gcr.io/kaniko-project/executor contains Kaniko, a tool that can build container images from a Dockerfile inside a container or Kubernetes cluster without a Docker daemon.
busybox (busybox.net) combines tiny versions of many common UNIX utilities into a single small executable.
Jenkins Agent Docker Kaniko can be run via Docker using the following command:
$ docker run \
-it \
--rm \
-v ~/path/to/repository:/repository: \
-v ~/.docker/config.json:/kaniko/.docker/config.json: \
-w /repository \
dwolla/jenkins-agent-kaniko:latest \
/bin/shThe Kaniko executor can be invoked using the following:
IMAGE_ID=registry/repository && \
IMAGE_TAG=$(git rev-parse HEAD) && \
export DOCKER_CONFIG=/kaniko/.docker && \
/kaniko/executor \
--context $(pwd) \
--dockerfile $(pwd)/Dockerfile \
--destination $IMAGE_ID:$IMAGE_TAG \
--destination $IMAGE_ID:latest \
--forceKaniko uses the Docker configuration file (typically $HOME/.docker/config.json) for configuration and authentication.
In order to provide Kaniko with this file, config.json can be mounted from the host:
docker run \
...
-v ~/.docker/config.json:/kaniko/.docker/config.json: \The path to config.json can then be set using the DOCKER_CONFIG environment variable:
export DOCKER_CONFIG=/kaniko/.dockerIt should be noted that config.json is mounted within /kaniko, since this directory is whitelisted by Kaniko and therefore its contents are persisted between stages.
Kaniko works by fetching and extracting the filesystem of a Docker image (designated by the FROM instruction) to root (/). It executes each command in order and takes a snapshot of the filesystem after each command. This snapshot is created in user space by walking the filesystem and comparing it to the prior state that was stored in memory. It appends any modifications to the filesystem as a new layer to the base image and makes any relevant changes to image metadata. After executing every command in the Dockerfile, the executor pushes the newly built image to the desired registry.
The Kaniko executor image is built from scratch and contains only a static Go binary plus the configuration files needed for pushing and pulling images. As such, it is normally invoked directly and not included in an image as a new build stage. We have found that images built using a Docker image that includes the Kaniko executor as a dependency (FROM gcr.io/kaniko-project/executor:v0.10.0 as kaniko) may differ from those built using Docker.
For this reason, it is recommended that you include as few utilities or libraries as possible it the Kaniko image.
However, if, for example, you need access to AWS CLI in order to pull config.json or secrets from an S3 bucket, you can do so using the following:
RUN apk add --update --no-cache \
curl \
python3
# install the AWS CLI using the bundled installer
RUN curl 'https://s3.amazonaws.com/aws-cli/awscli-bundle.zip' \
-o 'awscli-bundle.zip' && \
unzip awscli-bundle.zip && \
python3 ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws