Kaniko Container Image Builder

Kaniko is an open-source tool for building container images from a Dockerfile inside a container or Kubernetes cluster without requiring a Docker daemon, making it ideal for unprivileged and daemonless image builds in CI/CD pipelines. Developed by Google in 2018, with over 15,000 stars as of 2026. Key features include: daemonless builds (executes Dockerfile instructions directly without a running Docker daemon, eliminating Docker-in-Docker security risks), Dockerfile compatibility (supports standard instructions including FROM, RUN, COPY, ADD, ENV, EXPOSE, VOLUME, WORKDIR, USER, ARG, LABEL, ENTRYPOINT, CMD, HEALTHCHECK, SHELL, and multi-stage builds), Kubernetes native (runs as a Kubernetes Job or Pod, integrating with Tekton, Jenkins, GitLab CI, and GitHub Actions), registry integration (push built images to Docker Hub, Google Container Registry, Amazon ECR, Azure Container Registry, GitHub Container Registry, Harbor, and private registries with authentication), caching (layer caching for intermediate build stages pushed to registry or local cache, speeding up subsequent builds), snapshot system (uses overlayfs or native snapshotter to track filesystem changes between Dockerfile instructions without Docker layers), build context (retrieve from local directory, Google Cloud Storage, Amazon S3, Git repository, or tarball), multi-stage builds (full support with efficient layer reuse across stages), debugging (verbose logging mode with step-by-step build output and optional tarball output of intermediate images), security (runs as non-root without privileged mode, suitable for security-restricted Kubernetes environments), and configuration (command-line flags and config.json for credentials, cache, build arguments, and destinations).