Building Docker Images

Understanding the options for how to build a Dockerfile

We assume you understand how to build and run Docker images. If you need assistance on how to get started with Docker; we recommend you see their documentation for getting set up.

Vela runs all workloads within Docker containers. Which essentially gives us two core different ways to build Docker images:

  • Without elevated daemon access
  • With elevated daemon access

Both options have disadvantages and advantages, so we encourage all Vela administrators to weigh the pros/cons of how they want to build Docker images for their cluster. Here are some resources you can use while researching available tools:

Without elevated daemon access

Building an image without elevated access gives administrators the most secure pattern for not allowing any elevated access to the workers within the cluster. There are two plugin options for building those images:

We recommend customers read the tool comparisons before picking a technology for building their images. In-depth examples for building with either utility are available within their respective plugin documentation pages. A simple example is provided below:

version: "1"
steps:
  - name: build and publish with kaniko
    image: target/vela-kaniko:latest
    pull: always
    parameters:
      registry: index.docker.io
      repo: index.docker.io/octocat/hello-world

With elevated daemon access

Building an image with elevated access is a allowed pattern as long as the administrators have set the required allow list of images on the worker. It’s important to work with your administrator to understand stand which pattern you instances was deployed to support. The supported plugin for building those images:

version: "1"
steps:
  - name: build and publish with Docker's BuildKit
    image: target/vela-docker:latest
    pull: always
    parameters:
      registry: index.docker.io
      tags: [ index.docker.io/octocat/hello-world ]

  - name: build and publish without Docker's BuildKit
    image: target/vela-docker:latest
    environment:
      DOCKER_BUILDKIT=0   
    pull: always
    parameters:
      registry: index.docker.io
      tags: [ index.docker.io/octocat/hello-world ]

Additional Resources

Last modified March 8, 2022: chore(plugins): remove makisu (#288) (7eca877c)