digitalocean/kaniko

digitalocean/kaniko

Description: Build Container Images In Kubernetes

License: Apache-2.0

Stars: 0

Forks: 0

Open issues: 15

Created: 2026-02-23T14:33:22Z

Pushed: 2026-05-21T22:06:59Z

Default branch: main

Fork: yes

Parent repository: GoogleContainerTools/kaniko

Archived: no

README:

🧊 This project is archived and no longer developed or maintained. 🧊

The code remains available for historic purposes.

The README as of the archival date remains unchanged below for historic purposes.

-----

kaniko - Build Images In Kubernetes

🚨NOTE: kaniko is not an officially supported Google product🚨

   


kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster.

kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.

kaniko is meant to be run as an image: gcr.io/kaniko-project/executor. We do not recommend running the kaniko executor binary in another image, as it might not work as you expect - see [Known Issues](#known-issues).

We'd love to hear from you! Join us on #kaniko Kubernetes Slack

:mega: Please fill out our [quick 5-question survey](https://forms.gle/HhZGEM33x4FUz9Qa6) so that we can learn how satisfied you are with kaniko, and what improvements we should make. Thank you! :dancers:

_If you are interested in contributing to kaniko, see [DEVELOPMENT.md](DEVELOPMENT.md) and [CONTRIBUTING.md](CONTRIBUTING.md)._

Table of Contents _generated with DocToc_

• [kaniko - Build Images In Kubernetes](#kaniko---build-images-in-kubernetes)
• [🚨NOTE: kaniko is not an officially supported Google product🚨](#note-kaniko-is-not-an-officially-supported-google-product)
• [Community](#community)
• [How does kaniko work?](#how-does-kaniko-work)
• [Known Issues](#known-issues)
• [Demo](#demo)
• [Tutorial](#tutorial)
• [Using kaniko](#using-kaniko)
• [kaniko Build Contexts](#kaniko-build-contexts)
• [Using Azure Blob Storage](#using-azure-blob-storage)
• [Using Private Git Repository](#using-private-git-repository)
• [Using Standard Input](#using-standard-input)
• [Running kaniko](#running-kaniko)
• [Running kaniko in a Kubernetes cluster](#running-kaniko-in-a-kubernetes-cluster)
• [Kubernetes secret](#kubernetes-secret)
• [Running kaniko in gVisor](#running-kaniko-in-gvisor)
• [Running kaniko in Google Cloud Build](#running-kaniko-in-google-cloud-build)
• [Running kaniko in Docker](#running-kaniko-in-docker)
• [Caching](#caching)
• [Caching Layers](#caching-layers)
• [Caching Base Images](#caching-base-images)
• [Pushing to Different Registries](#pushing-to-different-registries)
• [Pushing to Docker Hub](#pushing-to-docker-hub)
• [Pushing to Google GCR](#pushing-to-google-gcr)
• [Pushing to GCR using Workload Identity](#pushing-to-gcr-using-workload-identity)
• [Pushing to Amazon ECR](#pushing-to-amazon-ecr)
• [Pushing to Azure Container Registry](#pushing-to-azure-container-registry)
• [Pushing to JFrog Container Registry or to JFrog Artifactory](#pushing-to-jfrog-container-registry-or-to-jfrog-artifactory)
• [Additional Flags](#additional-flags)
• [Flag --build-arg](#flag---build-arg)
• [Flag --cache](#flag---cache)
• [Flag --cache-dir](#flag---cache-dir)
• [Flag --cache-repo](#flag---cache-repo)
• [Flag --cache-copy-layers](#flag---cache-copy-layers)
• [Flag --cache-run-layers](#flag---cache-run-layers)
• [Flag --cache-ttl duration](#flag---cache-ttl-duration)
• [Flag --cleanup](#flag---cleanup)
• [Flag --compressed-caching](#flag---compressed-caching)
• [Flag --context-sub-path](#flag---context-sub-path)
• [Flag --custom-platform](#flag---custom-platform)
• [Flag --digest-file](#flag---digest-file)
• [Flag --dockerfile](#flag---dockerfile)
• [Flag --force](#flag---force)
• [Flag --git](#flag---git)
• [Flag --image-name-with-digest-file](#flag---image-name-with-digest-file)
• [Flag --image-name-tag-with-digest-file](#flag---image-name-tag-with-digest-file)
• [Flag --insecure](#flag---insecure)
• [Flag --insecure-pull](#flag---insecure-pull)
• [Flag --insecure-registry](#flag---insecure-registry)
• [Flag --label](#flag---label)
• [Flag --log-format](#flag---log-format)
• [Flag --log-timestamp](#flag---log-timestamp)
• [Flag --no-push](#flag---no-push)
• [Flag --no-push-cache](#flag---no-push-cache)
• [Flag --oci-layout-path](#flag---oci-layout-path)
• [Flag --push-retry](#flag---push-retry)
• [Flag --registry-certificate](#flag---registry-certificate)
• [Flag --registry-client-cert](#flag---registry-client-cert)
• [Flag --registry-map](#flag---registry-map)
• [Flag --registry-mirror](#flag---registry-mirror)
• [Flag --skip-default-registry-fallback](#flag---skip-default-registry-fallback)
• [Flag --reproducible](#flag---reproducible)
• [Flag --single-snapshot](#flag---single-snapshot)
• [Flag --skip-push-permission-check](#flag---skip-push-permission-check)
• [Flag --skip-tls-verify](#flag---skip-tls-verify)
• [Flag --skip-tls-verify-pull](#flag---skip-tls-verify-pull)
• [Flag --skip-tls-verify-registry](#flag---skip-tls-verify-registry)
• [Flag --skip-unused-stages](#flag---skip-unused-stages)
• [Flag --snapshot-mode](#flag---snapshot-mode)
• [Flag --tar-path](#flag---tar-path)
• [Flag --target](#flag---target)
• [Flag --use-new-run](#flag---use-new-run)
• [Flag --verbosity](#flag---verbosity)
• [Flag --ignore-var-run](#flag---ignore-var-run)
• [Flag…