I’ve tried to read the docs as much as I can but this question is more about API and I’m not an expert in programming to do the API, so sorry if it bothers you:(
For this one suppose I use k8s myself in SSH. Imagine I only have a Dockerfile. Can I build an image with k8s command line? Or I should first run docker build ... and then add the name of new image in yaml file?
Suppose I use k8s API. Can this API work with docker build and then do something in my yaml file? Or I should first use docker’s API to build image and then work with k8s API?
---
apiVersion: v1
kind: Pod
metadata:
name: static-docker-example
spec:
volumes:
- name: dockersocket
emptyDir: {}
containers:
# This is going to be our docker service container.
- name: docker-service
image: docker:dind-rootless
# IMPORTANT! This is security related.
# Read up about running privileged containers
securityContext:
privileged: true
volumeMounts:
- name: dockersocket
mountPath: /run/user/1000/
# We will run commands in this one.
- name: docker-commander
image: docker:dind-rootless
# Just keep the container running
command: [ "/bin/sh", "-c", "sleep 86000s" ]
volumeMounts:
- name: dockersocket
mountPath: /var/run
Thanks my friend, but what I mean is something like this.
I do not want docker ... command inside of a pod.
This is a simple Dockerfile:
FROM alpine
RUN apk add nginx
ENTRYPOINT ["nginx", "-g", "daemon off"]
Then the K8S API gets this file and runs it with command docker build -t image_name:tag and then run it.
I mean something like this. Can k8s API do this? Or a developer (it’s not me but it’s my friend working on this) should work with both Docker API first and then k8s API?
In that example I provided, you would run docker build in the docker-commander container. Kubernetes does container orchestration/scheduling, it doesn’t do CI/CD. All actions are done in containers. Another way to think of Kubernetes is as abstracted infrastructure.
Since posting here, I’ve learned there are better options for building containers in Kubernetes.
The example I provided is better than just mounting a docker socket from the host. However there’s a privileged container involved, which is where you have a security risk if that container ever becomes compromised.
Use something like Kaniko instead. It’s safer and doesn’t require a privileged container.
Good question — Kubernetes itself does not build images. It only pulls and runs them.
With kubectl/k8s CLI: You cannot build a Dockerfile directly through kubectl. The flow is:
First: docker build -t myimage:tag .
Push to a registry: docker push myimage:tag
Then reference that image name in your YAML manifest under spec.containers.image
K8s pulls from the registry — it does not have its own build step.
With k8s API: Same logic. The K8s API manages cluster resources (pods, deployments, services). It does not have a build endpoint. You need Docker’s API or a tool like Kaniko, Buildah, or BuildKit to handle the build, then deploy via K8s API.
If you want a single workflow, look into Tekton or Argo Workflows — they orchestrate build + deploy together inside the cluster.
I use this exact build-then-deploy flow for a game apk backend — separate Docker build, push to registry, then K8s YAML pulls it.