Get Started
Setup
First, install ko.
Authenticate
ko depends on the authentication configured in your Docker config (typically ~/.docker/config.json).
✨ If you can push an image with docker push, you are already authenticated for ko! ✨
Since ko doesn't require docker, ko login also provides a surface for logging in to a container image registry with a username and password, similar to docker login.
Additionally, even if auth is not configured in the Docker config, ko includes built-in support for authenticating to the following container registries using credentials configured in the environment:
- Google Container Registry and Artifact Registry, using Application Default Credentials or auth configured in
gcloud. - Amazon Elastic Container Registry, using AWS credentials
- Azure Container Registry, using environment variables
- GitHub Container Registry, using the
GITHUB_TOKENenvironment variable
Choose Destination
ko depends on an environment variable, KO_DOCKER_REPO, to identify where it should push images that it builds. Typically this will be a remote registry, e.g.:
KO_DOCKER_REPO=gcr.io/my-project, orKO_DOCKER_REPO=ghcr.io/my-org/my-repo, orKO_DOCKER_REPO=my-dockerhub-user
Build an Image
ko build ./cmd/app builds and pushes a container image, and prints the resulting image digest to stdout.
In this example, ./cmd/app must be a package main that defines func main().
$ ko build ./cmd/app
...
registry.example.com/my-project/app-099ba5bcefdead87f92606265fb99ac0@sha256:6e398316742b7aa4a93161dce4a23bc5c545700b862b43347b941000b112ec3e
💡 Note: Prior to v0.10, the command was called
ko publish-- this is equivalent toko build, and both commands will work and do the same thing.
The executable binary that was built from ./cmd/app is available in the image at /ko-app/app -- the binary name matches the base import path name -- and that binary is the image's entrypoint.