einfra logoDocumentation
GitOps

Building Docker containers with Gitlab

This guide demonstrates how to build and push Docker images using Kaniko in a CI environment (e.g., GitLab CI). Kaniko executes Docker builds without needing a Docker daemon.

Setup Requirements

Registry Credentials

Create a Base64-encoded username:password for your container registry. Store this as a protected CI/CD variable (e.g., HARBOR_CRED in GitLab).

Dockerfile

Ensure that Dockerfile exists in repo root. Example content:

FROM alpine
CMD ["echo", "Hello World!!"]

Example CI Configuration (gitlab-ci.yml)

stages:
  - docker

docker-job:
  stage: docker
  image:
    name: gcr.io/kaniko-project/executor:debug  # Official Kaniko executor image
    entrypoint: [""]  # Disable default entrypoint
  before_script:
    - echo "{\"auths\":{\"your-registry.io\":{\"auth\":\"${HARBOR_CRED}\"}}}" > /kaniko/.docker/config.json
    - cat /kaniko/.docker/config.json  # Verify config (optional)
  script:
    - export VERSION='0.0.1'  # Set your image version
    # Dynamic tagging logic:
    - |
      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
        tag="${VERSION}"
        echo "Default branch '$CI_DEFAULT_BRANCH': tag=$tag"
      else
        tag="${VERSION}-$CI_COMMIT_REF_SLUG"  # Appends branch slug
        echo "Branch '$CI_COMMIT_BRANCH': tag=$tag"
      fi
    # Build and push the image:
    - /kaniko/executor
      --context $CI_PROJECT_DIR
      --dockerfile $CI_PROJECT_DIR/Dockerfile
      --destination "cerit.io/your-project/docker-image:${tag}"
  only:
    - tags  # Trigger on Git tags
    - master  # Or your default branch

Notes

  • In before_script, docker config is created using credential value from your CI variable (here HARBOR_CRED).
  • Version value is explicitely set in CI. Consider factoring it out, for example to version.txt in repo or obtain it from other config in repo such as setup.py (in case of a Python ) or package.json (in case of node.js project), etc.
  • Tagging logic in the example is tuned for a setup, where:
    • Default branch (master) is a protected branch which can only be changed by merge request (i.e., cannot be pushed to directly).
    • Features are developed in a branch.
    • By default, docker job is executed only on master branch (after merge request).
    • Docker job can also be executed on demand in on a branch commit if this commit is tagged. In that case, docker image tag consists of VERSION suffixed by tag value.
  • Check this repository graph and pipeline history.
  • See Kaniko documentation for advanced flags (e.g., —cache, —build-arg).
  • Keep in mind, that Kaniko is probably obsolete.

How to use images from Gitlab Registry

If the project’s visibility within GitLab is public and container registry is not limited to authenticated users, simply use:

docker run [options] registry.example.com/group/project/image [arguments]

If you are using MUNI ICS GitLab, the registry URL is: registry.gitlab.ics.muni.cz

If project visibility or container registry are set to private, authentication to container registry is needed. You will need to create deploy token and use it as descibed in the official documentation

For more information please refer to official documentation.

MUNI ICS GitLab does not support Docker builder anymore, Kaniko must be used as describe above.

Last updated on

publicity banner