Can k8s or k8s API build image with Dockerfile?

Hi there,

I’ve tried to read the docs as much as I can but this question is more about API and I’m not an expert in programming to do the API, so sorry if it bothers you:(

1. For this one suppose I use k8s myself in SSH. Imagine I only have a Dockerfile. Can I build an image with k8s command line? Or I should first run docker build ... and then add the name of new image in yaml file?
2. Suppose I use k8s API. Can this API work with docker build and then do something in my yaml file? Or I should first use docker’s API to build image and then work with k8s API?

Maybe something like this?

---
apiVersion: v1
kind: Pod
metadata:
  name: static-docker-example
spec:
  volumes:
  - name: dockersocket
    emptyDir: {}

  containers:

    # This is going to be our docker service container.
    - name: docker-service
      image: docker:dind-rootless
      
      # IMPORTANT! This is security related.
      # Read up about running privileged containers
      securityContext:
        privileged: true

      volumeMounts:
      - name: dockersocket
        mountPath: /run/user/1000/

    # We will run commands in this one.
    - name: docker-commander
      image: docker:dind-rootless
      # Just keep the container running
      command: [ "/bin/sh", "-c", "sleep 86000s" ]
      volumeMounts:
      - name: dockersocket
        mountPath: /var/run

Some testing things to do:

Check the pod

$ kubectl describe pod static-docker-example

Open a shell in the docker-commander container

$ kubectl exec -it static-docker-example -c docker-commander -- /bin/sh

/ $ whoami
rootless
/ $ docker run -it --rm alpine:latest /bin/sh
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
540db60ca938: Pull complete 
Digest: sha256:69e70a79f2d41ab5d637de98c1e0b055206ba40a8145e7bddb55ccc04e13cf8f
Status: Downloaded newer image for alpine:latest

/ # whoami
root
/ # cat /etc/os-release 
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.13.5
PRETTY_NAME="Alpine Linux v3.13"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"

Delete the pod when you’re done

$ kubectl delete pod static-docker-example --force

Thanks my friend, but what I mean is something like this.

I do not want docker ... command inside of a pod.

This is a simple Dockerfile:

FROM alpine
RUN apk add nginx
ENTRYPOINT ["nginx", "-g", "daemon off"]

Then the K8S API gets this file and runs it with command docker build -t image_name:tag and then run it.

I mean something like this. Can k8s API do this? Or a developer (it’s not me but it’s my friend working on this) should work with both Docker API first and then k8s API?

In that example I provided, you would run docker build in the docker-commander container. Kubernetes does container orchestration/scheduling, it doesn’t do CI/CD. All actions are done in containers. Another way to think of Kubernetes is as abstracted infrastructure.

Thanks, I think I got my answer.

thanks for the awesome information.

thanks my issue has been fixed.

Since posting here, I’ve learned there are better options for building containers in Kubernetes.

The example I provided is better than just mounting a docker socket from the host. However there’s a privileged container involved, which is where you have a security risk if that container ever becomes compromised.

Use something like Kaniko instead. It’s safer and doesn’t require a privileged container.