Quickly and Automatically Build Container Images Using Serverless Kubernetes and Kaniko

By Xian Wei

Preface

In the cloud native era, container images are the basic carrier for distribution of all applications. In addition to Docker Hub as a popular image repository, various cloud vendors also provide function-rich image repository services, such as Alibaba Cloud’s Container Registry (ACR), and Google’s Container Registry (GCR). Being able to build container images has become the basic practical ability that all developers must master.

Whether the developer chooses to use Docker locally to build basic images, or uses a CI/CD service (such as Jenkins), in essence, the process of “pull -> build -> push” must be followed to build, distribute, and synchronize images.

This article introduces a new practice of building simple images for developers. Based on Alibaba Cloud Serverless Kubernetes Container Service, container images can be built automatically and at a low cost, which helps developers understand how to use Serverless to run CI/CD and automate tasks.

Why Serverless Kubernetes?

Building a container image requires computing resources. When developers use Docker to pull/build/push locally, the computing resources are local development machines. If developers deploy Jenkins or GitLab Runner services in traditional Kubernetes clusters, the computing resources also need to run continuously. However, building a container image is basically a highly dynamic action, which is often triggered by timing or conditions. Therefore, maintaining a fixed computing resource pool for dynamic building operations is not cost effective.

Serverless Kubernetes is different from the traditional node-based k8s cluster. A Serverless cluster will only result in a charge when a pod is running. This means that users only need to pay when building images, and after the build ends, the billing stops. Therefore, the cost is significantly reduced compared with that of the traditional k8s cluster or ECS deployment.

Image for post
Image for post

Kaniko

In a Serverless Kubernetes cluster, pods do not have the privileged permission, and cannot access Docker daemon on the host. Therefore, they cannot use the Docker-in-Docker solution to build images. So, how can we build an image without relying on the Docker on the host in a Kubernetes cluster? Obviously, this is a common requirement, and the community also has a recommended solution: Kaniko.

Kaniko works similarly to the “docker build” command, but does not rely on Docker daemon. It resolves and builds each Dockerfile layer in the pod, which allows the pod to complete the pull/build/push of the image without the privileged permission.

Image for post
Image for post

A Practical Example: Regularly Synchronize Container Images

Let’s use Serverless Kubernetes and Kaniko to implement a simple image building experiment, that is, to regularly synchronize images to the domestic ACR.

Step 1: Create a Serverless Kubernetes Cluster

Log on to the Container Service Console to create a Serverless cluster in 5s. (If it is a foreign source image repository, you can choose the US West region)

Image for post
Image for post

Step 2: Create a Secret, and Configure the ACR User Name and Password to Push the Image to ACR.

You can log on to CloudShell, and run the following command.

Step 3: Create a Scheduled Task, CronJob

On the console, select a template to create the following scheduled task, to synchronize the busybox image to ACR hourly.

After the job is executed, you can view ACR Image Repository to confirm that the image has been synchronized.

You can customize the template file as needed, such as modifying the image to be synchronized, and adding a build step. You can also set the resource limit of the pod (such as, VCPU 0.25/0.5/1) to complete the synchronization task at minimal computing cost.

Conclusion

From the example above, we can see that, based on the pay-as-you-go feature of Serverless Kubernetes, some scheduled and CI/CD tasks can be run at very low cost without maintaining a fixed computing resource pool. It is also applicable to other scenarios, such as stress testing, data computing, and workflow processing.

Image for post
Image for post

Happy Hacking!

References

  1. Deploy Jenkins in a serverless Kubernetes cluster and perform an application pipeline build
  2. Kaniko introduction

Original Source

https://www.alibabacloud.com/blog/quickly-and-automatically-build-container-images-using-serverless-kubernetes-and-kaniko_594927?spm=a2c41.13057645.0.0

Written by

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store