🦊 GitLabCI: easy build and deploy an image with Kaniko

I read differents post about image build and deployment with GitLab CI and i would like want to share one tip : use Kaniko 😁.

To create an image you can use the usual docker command

docker build -t <your image name>

And to push this image, this one :

docker push <your image name>:latest

All built with the docker image, and the dind services :

image: docker:stable
 services:
   - docker:dind

And finally, in your gitlab-ci.yml, you will have this :

🐳  build_and_deploy_classic: 
  stage: build
  image: docker:stable
  services:
    - docker:dind
  script:
    - docker login -u GitLabci -p "$CI_SECRET"  registry.GitLab.com
    - docker build -t <your image name> .
    - docker push <your image name>:latest

This work correctly, of course you can use this.

But on my jobs, i prefer use Kaniko. Why ? Simply because in one line you can build and push on a repository.

Juste before this, you need to write in a file your username, password and auths.

That's all 😎

🐳 build_and_deploy_kaniko:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE

In this example i deploy my image on the GitLab registry but you can deploy on others repositories.

Don't hesitate to give me comments 😋

Comments

[dcpc007]

Hi, where do you put the credential file ?
Info : I work personnaly with a selfhosted Gitlab omnibus running via docker-compose
And i have windows/linux workstations for my tests/devs working

[Jean-Phi Baconnais]

Hi, mmh what's your problem?

[Mirko Friedenhagen]

Hi Jean-Phi, how do you handle custom certificates in your scenario? E.g. when using a self-hosted instance with a private Root-CA? Would you build your own kaniko image?

[Jean-Phi Baconnais]

Hi, i don't used custom certificates. In my case, i've use kaniko in GitLab public instance and private instance but without private Root-CA, sorry.

[Nijat Shahverdiev]

Hi, how to push our image to nexus private repository? i used your ci config but it gives authentication faild

[Jean-Phi Baconnais]

Hi, the authentification line have to be changed. These variables $CI_REGISTRY, $CI_REGISTRY_USER are GitLab default variables. So you can change these with your own variables and I think it will be ok.