DEV Community

Alex Spinov
Alex Spinov

Posted on

Kaniko Has a Free API: Build Container Images in Kubernetes Without Docker Daemon

#devops #docker #kubernetes #cicd

Why Kaniko Exists

Building Docker images inside Kubernetes is a pain — you need Docker-in-Docker or privileged containers. Kaniko builds images in unprivileged containers, no daemon required. Perfect for CI/CD in Kubernetes.

Build in a Kubernetes Job 

apiVersion: batch/v1
kind: Job
metadata:
  name: kaniko-build
spec:
  template:
    spec:
      containers:
        - name: kaniko
          image: gcr.io/kaniko-project/executor:latest
          args:
            - "--dockerfile=Dockerfile"
            - "--context=git://github.com/myorg/myapp.git"
            - "--destination=ghcr.io/myorg/myapp:latest"
          volumeMounts:
            - name: docker-config
              mountPath: /kaniko/.docker
      restartPolicy: Never
      volumes:
        - name: docker-config
          secret:
            secretName: regcred
            items:
              - key: .dockerconfigjson
                path: config.json
Enter fullscreen mode Exit fullscreen mode

Build Locally with Docker 

docker run \
  -v $(pwd):/workspace \
  -v ~/.docker/config.json:/kaniko/.docker/config.json \
  gcr.io/kaniko-project/executor:latest \
  --dockerfile /workspace/Dockerfile \
  --context /workspace \
  --destination ghcr.io/myorg/myapp:v1.0.0
Enter fullscreen mode Exit fullscreen mode

GitHub Actions Integration 

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Build with Kaniko
        uses: aevea/action-kaniko@master
        with:
          image: ghcr.io/myorg/myapp
          tag: ${{ github.sha }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
          registry: ghcr.io
Enter fullscreen mode Exit fullscreen mode

Key Features

  • No Docker daemon — builds in userspace, no privileged containers
  • Layer caching — cache to registry, S3, or GCS for fast rebuilds
  • Multi-stage builds — full Dockerfile support
  • Multiple registries — push to GCR, ECR, Docker Hub, GHCR
  • Git context — build directly from git repos

Cache for Faster Builds 

# Cache layers to registry
--cache=true \
--cache-repo=ghcr.io/myorg/cache
Enter fullscreen mode Exit fullscreen mode

Kaniko vs Alternatives

Feature Kaniko Docker-in-Docker Buildah ko
Privileged No Yes No No
Daemon No Yes No No
Dockerfile Full Full Full No
Language Any Any Any Go only
K8s native Yes Requires DinD Yes Yes

Resources

Need to extract container registry data, build logs, or image metadata at scale? Check out my Apify tools or email spinov001@gmail.com for custom solutions.

Top comments (0)