Skip to content



Executes a Kaniko build for creating a Docker container.


When pushing to a container registry, you need to maintain the respective credentials in your Jenkins credentials store:

Kaniko expects a Docker config.json file containing the credential information for registries. You can create it like explained in the Docker Success Center in the articale about How to generate a new auth in the config.json file.

Please copy this file and upload it to your Jenkins for example
via Jenkins -> Credentials -> System -> Global credentials (unrestricted) -> Add Credentials ->

  • Kind: Secret file
  • File: upload your config.json file
  • ID: specify id which you then use for the configuration of dockerConfigJsonCredentialsId (see below)


The step depends on the following Jenkins plugins

The kubernetes plugin is only used if running in a kubernetes environment. Transitive dependencies are omitted.

The list might be incomplete.

Consider using the ppiper/jenkins-master docker image. This images comes with preinstalled plugins.


kanikoExecute script:this


name mandatory default possible values
containerBuildOptions no --skip-tls-verify-pull
containerCommand no /busybox/tail -f /dev/null
containerImageNameAndTag no
containerPreparationCommand no rm -f /kaniko/.docker/config.json
containerShell no /busybox/sh
customTlsCertificateLinks no []
dockerConfigJsonCredentialsId no
dockerEnvVars no
dockerImage no
dockerOptions no -u 0 --entrypoint=''
dockerfile no Dockerfile
script yes
  • containerBuildOptions - Defines the build options for the kaniko build.
  • containerCommand - Kubernetes only: Allows to specify start command for container created with dockerImage parameter to overwrite Piper default (/usr/bin/tail -f /dev/null).
  • containerImageNameAndTag - Defines the full name of the Docker image to be created including registry, image name and tag like my.docker.registry/path/myImageName:myTag.
  • containerPreparationCommand - Defines the command to prepare the Kaniko container. By default the contained credentials are removed in order to allow anonymous access to container registries.
  • containerShell - Kubernetes only: Allows to specify the shell to be used for execution of commands.
  • customTlsCertificateLinks - List containing download links of custom TLS certificates. This is required to ensure trusted connections to registries with custom certificates.
  • dockerConfigJsonCredentialsId - Defines the id of the file credentials in your Jenkins credentials store which contain the file .docker/config.json. You can find more details about the Docker credentials in the Docker documentation.
  • dockerEnvVars - Environment variables to set in the container, e.g. [http_proxy: 'proxy:8080'].
  • dockerImage - Name of the docker image that should be used. Configure with empty value to execute the command directly on the Jenkins system (not using a container). Omit to use the default image (cf. default_pipeline_environment.yml) Overwrite to use custom Docker image.
  • dockerOptions - Docker only: Docker options to be set when starting the container (List or String).
  • dockerfile - Defines the location of the Dockerfile relative to the Jenkins workspace.
  • script - The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this parameter, as in script: this. This allows the function to access the commonPipelineEnvironment for retrieving, e.g. configuration parameters.

Step configuration

We recommend to define values of step parameters via config.yml file.

In following sections of the config.yml the configuration is possible:

parameter general step/stage
containerBuildOptions X
containerCommand X
containerImageNameAndTag X
containerPreparationCommand X
containerShell X
customTlsCertificateLinks X
dockerConfigJsonCredentialsId X
dockerEnvVars X
dockerImage X
dockerOptions X
dockerfile X