Kaniko with private git repository context

Question

I have tested Kaniko using public GitHub repo as a build context. I can give to Kaniko the git repo I want to use to build my snapsoht Docker image on top of base image, given in Dockerfile build file. Like in this "kaniko-restapi.yaml" :

apiVersion: v1
kind: Pod
metadata:
  name: kaniko
spec:
  containers:
    - name: kaniko
      image: gcr.io/kaniko-project/executor:latest
      args: [ "--context=git://github.com/gituserxyz/kaniko-test",
              "--context-sub-path=kaniko-setup/restapi/docker/",
              "--dockerfile=Dockerfile",
              "--destination=dockeruserxyz/restapi-restassured:1" ]
      volumeMounts:
        - name: kaniko-secret
          mountPath: "/kaniko/.docker"
  restartPolicy: Never
  volumes:
    - name: kaniko-secret
      secret:
        secretName: dockercred
        items:
          - key: .dockerconfigjson
            path: config.json

With this Kaniko Docker image (pod) definition my Dockerfile can be used with Kaniko just like I can use it with Docker or docker-compose.

Dockerfile that lives in my maven project, and at this stage is pushed to git repo could look like this :

FROM openjdk:11

COPY ./config/my-config.properies /my-config.properties
COPY ./config/my-config-2.properies /my-config-2.properties

RUN curl -o restassured.451.jar https://mvnrepository.com/artifact/io.rest-assured/rest-assured/4.5.1

ENTRYPOINT ["java","-jar","/app.jar"]

(Just to illustrate ...)

Here those properties (config) files are fetched from my project's git repo by Kaniko.

Question : Can I use private git repository wiht Kaniko on Kubernetes? How should credentials and/or access tokens be defined and given with private repo.

I have tried to find an example of that kind of scenario of Kaniko usage, and so far, it looks to me that this way of using Kaniko might not be possible at all, with Kaniko and private git repo as build context. And to me, this seems like very basic requirement and use case.

EDIT:

Okey. I understood that Kaniko is originally a project by Google. But I also understood that Kaniko currently is an open source project ??

Answer 1

it's more like basic git usage: git://[email protected]/user/repo/etc/repo.git

it's also mentioned here: https://github.com/GoogleContainerTools/kaniko/blob/main/README.md#using-private-git-repository

doesn't works with every git repo though. now I just pack all in a tarball and attach in pv. lots of hassle.

Answer 2

In some cases, passing git://[email protected]/user/repo/etc/repo.git may not work. An alternate method would be to create a K8S pod that contains the Kaniko container AND an initContainer which pulls the code into a folder shared between the two containers (think "emptyDir: {}"). The startup script that you use for that container can then use any tool to pull the code (git, wget, curl, scp, ftp, nfs, etc.) into the shared folder (e.g., "/workspace"). As long as there's a Dockerfile in the pulled code, you only need to set your context to "dir:///workspace" and set your destination to wherever you're sending the image. Of course, no work-around is perfect. Once Kaniko has completed its task, it's left to you to delete the pod (I'm working on adding this).