ko depends on the authentication configured in your Docker config (typically
✨ If you can push an image with
docker push, you are already authenticated for
ko doesn't require
ko login also provides a surface for logging in to a container image registry with a username and password, similar to
Additionally, even if auth is not configured in the Docker config,
ko includes built-in support for authenticating to the following container registries using credentials configured in the environment:
- Google Container Registry and Artifact Registry, using Application Default Credentials or auth configured in
- Amazon Elastic Container Registry, using AWS credentials
- Azure Container Registry, using environment variables
- GitHub Container Registry, using the
ko depends on an environment variable,
KO_DOCKER_REPO, to identify where it should push images that it builds. Typically this will be a remote registry, e.g.:
Build an Image
ko build ./cmd/app builds and pushes a container image, and prints the resulting image digest to stdout.
In this example,
./cmd/app must be a
package main that defines
💡 Note: Prior to v0.10, the command was called
ko publish-- this is equivalent to
ko build, and both commands will work and do the same thing.
The executable binary that was built from
./cmd/app is available in the image at
/ko-app/app -- the binary name matches the base import path name -- and that binary is the image's entrypoint.