Quickly and Automatically Build Container Images Using Serverless Kubernetes and Kaniko
By Xian Wei
In the cloud native era, container images are the basic carrier for distribution of all applications. In addition to Docker Hub as a popular image repository, various cloud vendors also provide function-rich image repository services, such as Alibaba Cloud’s Container Registry (ACR), and Google’s Container Registry (GCR). Being able to build container images has become the basic practical ability that all developers must master.
Whether the developer chooses to use Docker locally to build basic images, or uses a CI/CD service (such as Jenkins), in essence, the process of “pull -> build -> push” must be followed to build, distribute, and synchronize images.
This article introduces a new practice of building simple images for developers. Based on Alibaba Cloud Serverless Kubernetes Container Service, container images can be built automatically and at a low cost, which helps developers understand how to use Serverless to run CI/CD and automate tasks.
Why Serverless Kubernetes?
Building a container image requires computing resources. When developers use Docker to pull/build/push locally, the computing resources are local development machines. If developers deploy Jenkins or GitLab Runner services in traditional Kubernetes clusters, the computing resources also need to run continuously. However, building a container image is basically a highly dynamic action, which is often triggered by timing or conditions. Therefore, maintaining a fixed computing resource pool for dynamic building operations is not cost effective.
Serverless Kubernetes is different from the traditional node-based k8s cluster. A Serverless cluster will only result in a charge when a pod is running. This means that users only need to pay when building images, and after the build ends, the billing stops. Therefore, the cost is significantly reduced compared with that of the traditional k8s cluster or ECS deployment.
In a Serverless Kubernetes cluster, pods do not have the privileged permission, and cannot access Docker daemon on the host. Therefore, they cannot use the Docker-in-Docker solution to build images. So, how can we build an image without relying on the Docker on the host in a Kubernetes cluster? Obviously, this is a common requirement, and the community also has a recommended solution: Kaniko.
Kaniko works similarly to the “docker build” command, but does not rely on Docker daemon. It resolves and builds each Dockerfile layer in the pod, which allows the pod to complete the pull/build/push of the image without the privileged permission.
A Practical Example: Regularly Synchronize Container Images
Let’s use Serverless Kubernetes and Kaniko to implement a simple image building experiment, that is, to regularly synchronize images to the domestic ACR.
Step 1: Create a Serverless Kubernetes Cluster
Log on to the Container Service Console to create a Serverless cluster in 5s. (If it is a foreign source image repository, you can choose the US West region)
Step 2: Create a Secret, and Configure the ACR User Name and Password to Push the Image to ACR.
You can log on to CloudShell, and run the following command.
#docker login registry.cn-hangzhou.aliyuncs.com
#kubectl create secret generic regsecret --from-file=/root/.docker/config.json
Step 3: Create a Scheduled Task, CronJob
On the console, select a template to create the following scheduled task, to synchronize the busybox image to ACR hourly.
schedule: "*/60 * * * *"
- name: builder
- name: dockerfile
- name: secrets
- name: dockerfile
- name: secrets
After the job is executed, you can view ACR Image Repository to confirm that the image has been synchronized.
You can customize the template file as needed, such as modifying the image to be synchronized, and adding a build step. You can also set the resource limit of the pod (such as, VCPU 0.25/0.5/1) to complete the synchronization task at minimal computing cost.
From the example above, we can see that, based on the pay-as-you-go feature of Serverless Kubernetes, some scheduled and CI/CD tasks can be run at very low cost without maintaining a fixed computing resource pool. It is also applicable to other scenarios, such as stress testing, data computing, and workflow processing.
- Deploy Jenkins in a serverless Kubernetes cluster and perform an application pipeline build
- Kaniko introduction