How to use Kaniko in cloudbuild.yaml?

Question

I just learned that one can speed up the build process in Google Cloud build by using Kaniko cache. I looked at the docs and it provided a small example. However, I'm not sure how to apply it in my use case. I am basically pushing a Nuxt app into my Github repo and cloud builds it every time I make a push. The docs example says we need to replace cloud-builders/docker with kaniko-project/executor:latest. Below is a snippet of my cloudbuild.yaml

steps:
# Create .npmrc file from Fontawesome secret
- name: gcr.io/cloud-builders/gcloud
  entrypoint: 'bash'
  args: [ '-c', 'gcloud secrets versions access latest --secret=fontawesome > .npmrc' ]
# Build the container image
- name: 'gcr.io/cloud-builders/docker'
  args: ['build', '-t', 'gcr.io/PROJECTNAME/IMAGENAME:$COMMIT_SHA', '.']
# Push the image to Container Registry
- name: 'gcr.io/cloud-builders/docker'
  args: ['push', 'gcr.io/PROJECTNAME/IMAGENAME:$COMMIT_SHA']

Kaniko docs says I need the following:

steps:
- name: 'gcr.io/kaniko-project/executor:latest'
  args:
  - --destination=gcr.io/$PROJECT_ID/image
  - --cache=true
  - --cache-ttl=XXh

This is what I tried (but not sure if that's how it should be):

steps:
    # Create .npmrc file from Fontawesome secret
    - name: gcr.io/cloud-builders/gcloud
      entrypoint: 'bash'
      args: [ '-c', 'gcloud secrets versions access latest --secret=fontawesome > .npmrc' ]
    # Build the container image
    - name: 'gcr.io/kaniko-project/executor:latest'
      args: ['--destination=gcr.io/$PROJECT_ID/image', '--cache=true', '--cache-ttl=6h'
,'build', '-t', 'gcr.io/PROJECTNAME/IMAGENAME:$COMMIT_SHA', '.']
    # Push the image to Container Registry
    - name: 'gcr.io/kaniko-project/executor:latest'
      args: ['--destination=gcr.io/$PROJECT_ID/image', '--cache=true', '--cache-ttl=6h'
, 'push', 'gcr.io/PROJECTNAME/IMAGENAME:$COMMIT_SHA']

Your cloudbuild.yaml file seems complaint as what is advised on the [docs](https://cloud.google.com/build/docs/kaniko-cache#kaniko-build). Are you facing any other difficulties? Have you noticed an increase in your build steps? I'll suggest first to enable the Kaniko cache property with `gcloud config set builds/use_kaniko True` and check if the speed improves when running `gcloud builds submit --tag [IMAGE]`. — Daniel Ocando, Feb 18 '21 at 10:21
@DanielOcando The build fails with the Kaniko one, and I get the following error: `unknown command "build" for "executor"` — nTuply, Feb 18 '21 at 14:58

score 9 · Accepted Answer · answered Feb 23 '21 at 10:16

9

Kaniko doesn't have push and build command. It will do that implicitly (build and push) when you specify it as a build step in cloudbuild.yaml.

an example would be:

steps:
  # Build the container image and push it with Kaniko
  - name: 'gcr.io/kaniko-project/executor:latest'
    args:
      [
        "--dockerfile=<DOCKER-FILE-DIST>",
        "--context=dir://<BUILD_CONTEXT>",
        "--cache=true",
        "--cache-ttl=6h",
        "--destination=gcr.io/$PROJECT_ID/hello:$COMMIT_SHA"
      ]
  # Deploy image to Cloud Run
  - name: "gcr.io/cloud-builders/gcloud"
    args:
      - "run"
      - "deploy"
      - "hello"
      - "--image"
      - "gcr.io/$PROJECT_ID/hello:$COMMIT_SHA"
      - "--region"
      - "us-central1"
      - "--platform"
      - "managed"

answered Feb 23 '21 at 10:16

Methkal Khalawi

2,368
1
8
13

This is very helpful, thank you! I just wanted to ask what exactly is the `--context` here? I tried it and placed the path as `gcr.io/$PROJECT_ID/hello:$COMMIT_SHA` but it gave me the following error: `building image: error building stage: failed to optimize instructions: failed to get files used from context: failed to resolve sources`. After removing the `--context`, it kinda worked but I'm not sure about the speedup. I would really appreciate if you could also point me to some resources to learn those stuff? Thanks – nTuply Feb 26 '21 at 02:19
1

The context is the path where the Dockerfile needed to build the image is located. You are not using any of the [supported storage options](https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts), that might be why you are getting that error message. – mgoya Mar 14 '21 at 08:33
How do we provide the private jfrog repository in destination argument of kaniko with username and password? – Sneha Sep 14 '22 at 09:17

How to use Kaniko in cloudbuild.yaml?

1 Answers1