How do build agent containers work together?

jeremyinfries · March 28, 2025, 12:55pm

Jenkins setup:
Jenkins is running on an EKS cluster and has several agents defined. I am building a Java jar, testing it and then building a container which gets pushed to ECR. Here is my agent setup:

kind: Pod
spec:
  containers:
    - name: maven
      image: maven:3.9.9-amazoncorretto-21-alpine
      command:
        - cat
      tty: true
    - name: kaniko
      image: gcr.io/kaniko-project/executor:debug
      command:
        - /busybox/cat
      tty: true

I am trying to understand how the containers work together - for instance I need to authenticate to ECR to be able to push the container.

What is the best practice here and how do I make sure the jar created in the “maven” container is available for the kaniko container so it can build the docker image?

markbosire · March 28, 2025, 2:33pm

You could use a dynamically provisioned PVC this way you can still follow best practices by having fungible agents and having a persistent volume that will be provisioned dynamically with little manual configuration and those persistent volumes are independent of the pods:

jeremyinfries · March 28, 2025, 9:10pm

My issue is not with the artifacts (although I like the idea of passing them via a volume), it’s with the config.

For instance, Kaniko uses busybox so I can’t install the AWS CLI so how do I push the container I create to ECR? There are some ugly workarounds I’ve seen but this shouldn’t be that difficult since the whole reason for Kaniko to exist is to create containers.

markbosire · March 29, 2025, 12:54am

In terms of artifact sharing you can use the pvc we discussed or a shared volume(to retreive the jar file). In terms of pushing to ecr you do not need to install aws cli kaniko has a built in way to build and push to ecr.
Refer to this:

and this:

For Kaniko to push to ECR, it needs to authenticate. There are two approaches:

Using Instance Roles :

Configure your EKS node with appropriate IAM roles that have ECR permissions
Set the AWS_SDK_LOAD_CONFIG=true environment variable in your Kaniko container

Using AWS Credentials:

Create a Kubernetes secret with your AWS credentials
Mount the secret to the Kaniko container

The --context=dir://. tells Kaniko to use the current directory as the build context
This allows it to access the JAR file built by Maven.

So by using a shared volume you get to retreive the jar from maven container and if you configure your dockerfile and kaniko context the jar file will be available during build. You can push it to ecr using the recommended kaniko executor referenced in the documentation.

Check out the docs and article above and update me on whether this would work

Topic		Replies	Views
Jenkins Serverless Architecture Using Jenkins	0	831	April 14, 2023
How to run kubectl in pipeline Ask a question question , pipeline	2	3334	December 2, 2023
How to use shared library - dynamic agent as k8s pod Ask a question question , pipeline	2	902	August 22, 2024
Jenkins agent.jar when running agents in Kubernetes? Ask a question	4	1271	February 21, 2022
Buildx in jenkins agent in k8s = 1.23? Using Jenkins	2	1179	July 15, 2022

How do build agent containers work together?

Related topics