Example Kaniko Pod setup

Following is example configuration of kaniko-manifest.yaml that can push images to Docker Hub registry.

If you're using other registry (like e.g. Amazon ECR or Azure Container Registry) the steps are almost similar. Refer to kaniko documentation for more details.

Steps:

1. Create manifest file from template

Copy config_files_templates/kaniko-manifest.yaml into your project's config_files/kaniko-manifest.yaml

2. Add authentication section

Follow steps in kaniko docs for Docker Hub to create config.json file.

"Load" config.json on your cluster using Kubernetes Secret:

kubectl create secret generic docker-config --from-file=<path to config.json> --namespace <NAMESPACE>

Notice: <NAMESPACE> by default is kfops but if you used different one during "Per cluster setup" (in command helm install) then change it accordingly.

Modify the manifest by adding created ConfigMap as a volume mounted to /kaniko/.docker/

apiVersion: v1
kind: Pod
metadata:
  generateName: cluster-image-builder-
  labels:
    name: cluster-image-builder
  #Note: By default namespace "kfops" is applied automatically
spec:
  containers:  
  - name: cluster-image-builder
    image: gcr.io/kaniko-project/executor:latest
    # Note: Do not specify "args" because they will be overwritten 
    # args: ...
    volumeMounts:
    ########## Added section
    - name: docker-config
      mountPath: /kaniko/.docker/
    ########## Added section end  
  restartPolicy: Never
  volumes:
  ########## Added section
  - name: docker-config
    secret:
      secretName: docker-config
  ########## Added section end

3. Add Kaniko Pod cache volume

It is recommended to add cache volume to store cached docker layers from previous builds. This will significantly speed up the build process. Refer to kaniko documentation for details.

Cache volume is Pods standard Kubernets PersistentVolumeClaim.

Create file cache-pvc.yaml with example manifest:

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: dockerfile-claim
  # Change the namespace
  # By default the namespace should be kfops
  namespace: <NAMESPACE> 
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi

Run kubectl apply -f builder-pvc.yaml.

Next, adapt your manifest to mount the volume into your Kaniko pod:

apiVersion: v1
kind: Pod
metadata:
  generateName: cluster-image-builder-
  labels:
    name: cluster-image-builder
  #Note: By default namespace "kfops" is applied automatically
spec:
  containers:  
  - name: cluster-image-builder
    image: gcr.io/kaniko-project/executor:latest
    # Note: Do not specify "args" because they will be overwritten 
    # args: ...
    volumeMounts:
    - name: docker-config
      mountPath: /kaniko/.docker/
    ########## Added section  
    - name: dockerfile-storage
      mountPath: /cache
    ########## Added section end
  restartPolicy: Never
  volumes:
  - name: docker-config
    configMap:
      name: docker-config
  ########## Added section    
  - name: dockerfile-storage
    persistentVolumeClaim:
      claimName: dockerfile-claim
  ########## Added section