Google Kaniko – Keeping Up with the Cloud

Google announced Kaniko on Monday. Kaniko is a Dockerfile builder that builds and publishes a Docker image completely within a containerized sandbox facilitated by Kubernetes, without any dependencies on interaction with a true root daemon like dockerd.

As any seasoned Linux container user knows, dockerd is prone to crashes and hangs that can leave the whole container host in a weird state. Kaniko (and similar tools img and orca-build) work to prevent such eventualities, while providing additional security and stability assurances by fully isolating the work involved in building a Docker image.

Kaniko does not support the full Dockerfile specification, so it won’t work on all Dockerfiles just yet. As of Friday, April 20, 2018, Kaniko lacks support for SHELL, HEALTHCHECK, STOPSIGNAL, ARG, and all multi-stage Dockerfiles, though the README claims multi-stage support will be done soon.