summaryrefslogtreecommitdiff
path: root/doc/ci/docker/using_kaniko.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/ci/docker/using_kaniko.md')
-rw-r--r--doc/ci/docker/using_kaniko.md35
1 files changed, 34 insertions, 1 deletions
diff --git a/doc/ci/docker/using_kaniko.md b/doc/ci/docker/using_kaniko.md
index 13d3c607f8a..7eb2a8286c7 100644
--- a/doc/ci/docker/using_kaniko.md
+++ b/doc/ci/docker/using_kaniko.md
@@ -14,7 +14,7 @@ container images from a Dockerfile, inside a container or Kubernetes cluster.
kaniko solves two problems with using the
[Docker-in-Docker
-build](using_docker_build.md#use-docker-in-docker-workflow-with-docker-executor) method:
+build](using_docker_build.md#use-the-docker-executor-with-the-docker-image-docker-in-docker) method:
- Docker-in-Docker requires [privileged mode](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities)
to function, which is a significant security concern.
@@ -70,6 +70,39 @@ build:
- if: $CI_COMMIT_TAG
```
+### Building an image with kaniko behind a proxy
+
+If you use a custom GitLab Runner behind an http(s) proxy, kaniko needs to be set
+up accordingly. This means:
+
+- Adding the proxy to `/kaniko/.docker/config.json`
+- Passing the `http_proxy` environment variables as build args so the Dockerfile
+ instructions can use the proxy when building the image.
+
+The previous example can be extended as follows:
+
+```yaml
+build:
+ stage: build
+ image:
+ name: gcr.io/kaniko-project/executor:debug
+ entrypoint: [""]
+ script:
+ - mkdir -p /kaniko/.docker
+ - |-
+ KANIKOPROXYBUILDARGS=""
+ KANIKOCFG="{ \"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}"
+ if [ "x${http_proxy}" != "x" -o "x${https_proxy}" != "x" ]; then
+ KANIKOCFG="${KANIKOCFG}, \"proxies\": { \"default\": { \"httpProxy\": \"${http_proxy}\", \"httpsProxy\": \"${https_proxy}\", \"noProxy\": \"${no_proxy}\"}}"
+ KANIKOPROXYBUILDARGS="--build-arg http_proxy=${http_proxy} --build-arg https_proxy=${https_proxy} --build-arg no_proxy=${no_proxy}"
+ fi
+ KANIKOCFG="${KANIKOCFG} }"
+ echo "${KANIKOCFG}" > /kaniko/.docker/config.json
+ - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile $KANIKOPROXYBUILDARGS --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+ only:
+ - tags
+```
+
## Using a registry with a custom certificate
When trying to push to a Docker registry that uses a certificate that is signed
View Lorry Controller Status