Go Mercedes!
Aaron Goldenthal's avatar Mercedes AMG Petronal Formula 1 Team emblem Aaron Goldenthal

Google Kaniko is dead, long live Chainguard Kaniko

GitLab CI/CD

Google has officially archived Kaniko, a tool for building container images in Kubernetes or other containerized environments. Chainguard has taken over a fork of the project, however Chainguard only provides source code, not container images, except as part of their paid offerings. To address this gap, the GitLab CI Utils Kaniko project builds and distributes open source Kaniko container images focused on running in GitLab CI pipelines.

Google Kaniko is dead… #

Google introduced Kaniko in 2018 as a tool to build container images in Kubernetes or other containerized environments since it did not rely on the Docker daemon. It was the tool of choice in these environments for several years. Then, in mid-2024, commits to the repository and Kaniko releases stopped. People then began to question its status. There was some hope when Google released a new version in May 23, 2025. However, this hope was short-lived, and on June 3, 2025 Google officially archived the project with the message "this project is archived and no longer developed or maintained."

…long live Chainguard Kaniko #

Within a day of the Google announcement, the Chainguard team created a fork, followed by a formal announcement with their plans to actively maintain this fork as a replacement unless another community fork emerged. Even better, two of the original creators, Priya Wadhwa and Dan Lorenc, work at Chainguard. Within a week they had their first release, and it appears the project is in good hands.

There was one wrinkle, however. The release plan for the project includes only source code. No binary artifacts, including container images, are provided. Chainguard does offer a different, hardened Kaniko container images as part of their paid offerings, but no build of the new fork. That's not a stab at Chainguard - maintenance of the project itself is hugely beneficial to the community, done without obligation, and a non-hardened image would be off-brand given their product line.

So, here's a container image #

That lead to the creation of the GitLab CI Utils Kaniko project. This project is not a fork a Kaniko, it's simply a project to build and distribute an open source Kaniko container image built from the Chainguard Kaniko repository. It simply clones the repository and then builds the Dockerfile.

Since the focus is on use in GitLab CI, only the debug variant of the image is built. This includes a shell, which is required to use Kaniko in GitLab CI pipelines. All images are multi-platform, supporting both linux/arm64 and linux/amd64 (since gitlab.com has shared runners with those architectures to test the images). There is a debug tag, equivalent to what is typically the latest tag, but sticking with the previous Kaniko tagging convention, as well as vX.Y.Z-debug tags corresponding to each Chainguard Kaniko release.

The project also contains usage details, as well as links to the original GitLab documentation for using Kaniko in GitLab CI, which had been removed prematurely (IMHO).