Kaniko is an open-source tool for building OCI-compliant container images securely and efficiently in environments without a Docker daemon. It enables fully unprivileged, reproducible builds that integrate seamlessly with CI/CD pipelines and Kubernetes-based infrastructure. This roadmap outlines our strategic goals and key areas of development.
Improve the security standing between executor and payload, whilst keeping a best-in-class security boundary between the host and container.
Support the most recent Dockerfile standard and match the buildkit implementation bit-by-bit.
Best-in-class build performance for large images and complex multi-stage dependencies.
Foster an active community, encouraging contributions, feedback, and collaboration. Set an end to the ghosting.
- Integrate landlock and other novel approaches to implement security boundaries entirely in unprivileged user spare.
- Triage the entire backlog of 707 open issues in an open google sheet.
- Implement all command options as in the dockerfile standard.
- Implement cache-lookahead for multi-stage builds.
- Support multi-image builds.
- Switch from tarball to ocilayout for intermediates
- Simplify CLI surface by exposing only key build parameters and hiding implementation-specific flags
- Support bakefile syntax.
- Multi-arch support for images without non-native
RUNstatement.
- Assemble a team of active Maintainers.