Skip to content

Latest commit

 

History

History
 
 

jib-gradle-plugin

README.md

experimental Gradle Plugin Portal Gitter version

Jib - Containerize your Gradle Java project

Jib is Gradle plugin for building Docker and OCI images for your Java applications.

For information about the project, see the Jib project README. For the Maven plugin, see the jib-maven-plugin project.

Upcoming Features

These features are not currently supported but will be added in later releases.

  • Support for WAR format
  • Run and debug the built container

Quickstart

Setup

Make sure you are using Gradle version 4.6 or later.

In your Gradle Java project, add the plugin to your build.gradle:

plugins {
  id 'com.google.cloud.tools.jib' version '0.9.2'
}

See the Gradle Plugin Portal for more details.

You can containerize your application easily with one command:

gradle jib --image=<MY IMAGE>

This builds and pushes a container image for your application to a container registry. If you encounter authentication issues, see Authentication Methods.

To build to a Docker daemon, use:

gradle jibDockerBuild

If you would like to set up Jib as part of your Gradle build, follow the guide below.

Configuration

Configure the plugin by setting the image to push to:

Using Google Container Registry (GCR)...

Make sure you have the docker-credential-gcr command line tool. Jib automatically uses docker-credential-gcr for obtaining credentials. See Authentication Methods for other ways of authenticating.

For example, to build the image gcr.io/my-gcp-project/my-app, the configuration would be:

jib.to.image = 'gcr.io/my-gcp-project/my-app'

Using Amazon Elastic Container Registry (ECR)...

Make sure you have the docker-credential-ecr-login command line tool. Jib automatically uses docker-credential-ecr-login for obtaining credentials. See Authentication Methods for other ways of authenticating.

For example, to build the image aws_account_id.dkr.ecr.region.amazonaws.com/my-app, the configuration would be:

jib.to.image = 'aws_account_id.dkr.ecr.region.amazonaws.com/my-app'

Using Docker Hub Registry...

Make sure you have a docker-credential-helper set up. For example, on macOS, the credential helper would be docker-credential-osxkeychain. See Authentication Methods for other ways of authenticating.

For example, to build the image my-docker-id/my-app, the configuration would be:

jib.to.image = 'my-docker-id/my-app'

TODO: Add more examples for common registries.

Build Your Image

Build your container image with:

gradle jib

Subsequent builds are much faster than the initial build.

Having trouble? Let us know by submitting an issue, contacting us on Gitter, or posting to the Jib users forum.

Build to Docker daemon

Jib can also build your image directly to a Docker daemon. This uses the docker command line tool and requires that you have docker available on your PATH.

gradle jibDockerBuild

If you are using minikube's remote Docker daemon, make sure you set up the correct environment variables to point to the remote daemon:

eval $(minikube docker-env)
gradle jibDockerBuild

Run jib with each build

You can also have jib run with each build by attaching it to the build task:

tasks.build.dependsOn tasks.jib

Then, gradle build will build and containerize your application.

Export to a Docker context

Jib can also export a Docker context so that you can build with Docker, if needed:

gradle jibExportDockerContext

The Docker context will be created at build/jib-docker-context by default. You can change this directory with the targetDir configuration option or the ---jib.dockerDir parameter:

gradle jibExportDockerContext --jib.dockerDir=my/docker/context/

You can then build your image with Docker:

docker build -t myimage my/docker/context/

Extended Usage

The plugin provides the jib extension for configuration with the following options for customizing the image build:

Field Type Default Description
from from See from Configures the base image to build your application on top of.
to to Required Configures the target image to build your application to.
container container See container Configures the container that is run from your built image.
useProjectOnlyCache boolean false If set to true, Jib does not share a cache between different Maven projects.
allowInsecureRegistries boolean false If set to true, Jib uses HTTP as a fallback for registries that do not support HTTPS. Leaving this parameter set to false is strongly recommended, since communication with insecure registries is unencrypted and visible to others on the network.

from is a closure with the following properties:

Property Type Default Description
image String gcr.io/distroless/java The image reference for the base image.
credHelper String None Suffix for the credential helper that can authenticate pulling the base image (following docker-credential-).
auth auth None Specify credentials directly (alternative to credHelper).

to is a closure with the following properties:

Property Type Default Description
image String Required The image reference for the target image. This can also be specified via the --image command line option.
credHelper String None Suffix for the credential helper that can authenticate pulling the base image (following docker-credential-).
auth auth None Specify credentials directly (alternative to credHelper).

auth is a closure with the following properties (see Using Specific Credentials):

Property Type
username String
password String

container is a closure with the following properties:

Property Type Default Description
jvmFlags List<String> None Additional flags to pass into the JVM when running your application.
mainClass String Inferred* The main class to launch your application from.
args List<String> None Default main method arguments to run your application with.
ports List<String> None Ports that the container exposes at runtime (similar to Docker's EXPOSE instruction).
format String Docker Use OCI to build an OCI container image.

* Uses the main class defined in the jar task or tries to find a valid main class.

Example

In this configuration, the image:

  • Is built from a base of openjdk:alpine (pulled from Docker Hub)
  • Is pushed to localhost:5000/my-image:built-with-jib
  • Runs by calling java -Xms512m -Xdebug -Xmy:flag=jib-rules -cp app/libs/*:app/resources:app/classes mypackage.MyApp some args
  • Exposes port 1000 for tcp (default), and ports 2000, 2001, 2002, and 2003 for udp
  • Is built as OCI format
jib {
  from {
    image = 'openjdk:alpine'
  }
  to {
    image = 'localhost:5000/my-image/built-with-jib'
    credHelper = 'osxkeychain'
  }
  container {
    jvmFlags = ['-Xms512m', '-Xdebug', '-Xmy:flag=jib-rules']
    mainClass = 'mypackage.MyApp'
    args = ['some', 'args']
    ports = ['1000', '2000-2003/udp']
    format = 'OCI'
  }
}

Authentication Methods

Pushing/pulling from private registries require authorization credentials. These can be retrieved using Docker credential helpers. If you do not define credentials explicitly, Jib will try to use credentials defined in your Docker config or infer common credential helpers.

Using Docker Credential Helpers

Docker credential helpers are CLI tools that handle authentication with various registries.

Some common credential helpers include:

Configure credential helpers to use by specifying them as a credHelper for their respective image in the jib extension.

Example configuration:

jib {
  from {
    image = 'aws_account_id.dkr.ecr.region.amazonaws.com/my-base-image'
    credHelper = 'ecr-login'
  }
  to {
    image = 'gcr.io/my-gcp-project/my-app'
    credHelper = 'gcr'
  }
}

Using Specific Credentials

You can specify credentials directly in the extension for the from and/or to images.

jib {
  from {
    image = 'aws_account_id.dkr.ecr.region.amazonaws.com/my-base-image'
    auth {
      username = USERNAME // Defined in 'gradle.properties'.
      password = PASSWORD
    }
  }
  to {
    image = 'gcr.io/my-gcp-project/my-app'
    auth {
      username = 'oauth2accesstoken'
      password = 'gcloud auth print-access-token'.execute().text.trim()
    }
  }
}

These credentials can be stored in gradle.properties, retrieved from a command (like gcloud auth print-access-token), or read in from a file.

For example, you can use a key file for authentication (for GCR, see Using a JSON key file):

jib {
  to {
    image = 'gcr.io/my-gcp-project/my-app'
    auth {
      username = '_json_key'
      password = file('keyfile.json').text
    }
  }
}

How Jib Works

See the Jib project README.

Frequently Asked Questions (FAQ)

See the Jib project README.

Community

See the Jib project README.