Jib is Gradle plugin for building Docker and OCI images for your Java applications.
For information about the project, see the Jib project README. For the Maven plugin, see the jib-maven-plugin project.
These features are not currently supported but will be added in later releases.
- Support for WAR format
- Export to a Docker context
- Run and debug the built container
Make sure you are using Gradle version 4.6 or later.
In your Gradle Java project, add the plugin to your build.gradle:
plugins {
id 'com.google.cloud.tools.jib' version '0.1.1'
}See the Gradle Plugin Portal for more details.
Configure the plugin by setting the image to push to:
Using Google Container Registry (GCR)...
Make sure you have the docker-credential-gcr command line tool. Jib automatically uses docker-credential-gcr for obtaining credentials. See Authentication Methods for other ways of authenticating.
For example, to build the image gcr.io/my-gcp-project/my-app, the configuration would be:
jib.to.image = 'gcr.io/my-gcp-project/my-app'Make sure you have the docker-credential-ecr-login command line tool. Jib automatically uses docker-credential-ecr-login for obtaining credentials. See Authentication Methods for other ways of authenticating.
For example, to build the image aws_account_id.dkr.ecr.region.amazonaws.com/my-app, the configuration would be:
jib.to.image = 'aws_account_id.dkr.ecr.region.amazonaws.com/my-app'Using Docker Hub Registry...
Make sure you have a docker-credential-helper set up. For example, on macOS, the credential helper would be docker-credential-osxkeychain. See Authentication Methods for other ways of authenticating.
For example, to build the image my-docker-id/my-app, the configuration would be:
jib.to.image = 'my-docker-id/my-app'Build your container image with:
gradle build jibSubsequent builds are much faster than the initial build.
If you want to clear Jib's build cache and force it to re-pull the base image and re-build the application layers, run:
gradle clean build jibHaving trouble? Let us know by submitting an issue, contacting us on Gitter, or posting to the Jib users forum.
You can also have jib run with each build by attaching it to the build task:
tasks.build.finalizedBy tasks.jibThen, gradle build will build and containerize your application.
Not yet supported
The plugin provides the jib extension for configuration with the following options for customizing the image build:
| Field | Type | Default | Description |
|---|---|---|---|
from |
from |
See from |
Configures the base image to build your application on top of. |
to |
to |
Required | Configures the target image to build your application to. |
jvmFlags |
List<String> |
None | Additional flags to pass into the JVM when running your application. |
mainClass |
String |
Uses the main class defined in the jar task |
The main class to launch your application from. |
reproducible |
boolean |
true |
Building with the same application contents always generates the same image. Note that this does NOT preserve file timestamps and ownership. |
format |
String |
Docker |
Use OCI to build an OCI container image. |
useProjectOnlyCache |
boolean |
false |
If set to true, Jib does not share a cache between different Maven projects. |
from is a closure with the following properties:
| Property | Type | Default | Description |
|---|---|---|---|
image |
String |
gcr.io/distroless/java |
The image reference for the base image. |
credHelper |
String |
None | Suffix for the credential helper that can authenticate pulling the base image (following docker-credential-). |
auth |
auth |
None | Specify credentials directly (alternative to credHelper). |
to is a closure with the following properties:
| Property | Type | Default | Description |
|---|---|---|---|
image |
String |
Required | The image reference for the target image. |
credHelper |
String |
None | Suffix for the credential helper that can authenticate pulling the base image (following docker-credential-). |
auth |
auth |
None | Specify credentials directly (alternative to credHelper). |
auth is a closure with the following properties (see Using Specific Credentials):
| Property | Type |
|---|---|
username |
String |
password |
String |
In this configuration, the image is:
- Built from a base of
openjdk:alpine(pulled from Docker Hub) - Pushed to
localhost:5000/my-image:built-with-jib - Runs by calling
java -Xms512m -Xdebug -Xmy:flag=jib-rules -cp app/libs/*:app/resources:app/classes mypackage.MyApp - Reproducible
- Built as OCI format
jib {
from {
image = 'openjdk:alpine'
}
to {
image = 'localhost:5000/my-image/built-with-jib'
credHelper = 'osxkeychain'
}
jvmFlags = ['-Xms512m', '-Xdebug', '-Xmy:flag=jib-rules']
mainClass = 'mypackage.MyApp'
reproducible = true
format = 'OCI'
}Pushing/pulling from private registries require authorization credentials. These can be retrieved using Docker credential helpers. If you do not define credentials explicitly, Jib will try to use credentials defined in your Docker config or infer common credential helpers.
Docker credential helpers are CLI tools that handle authentication with various registries.
Some common credential helpers include:
- Google Container Registry:
docker-credential-gcr - AWS Elastic Container Registry:
docker-credential-ecr-login - Docker Hub Registry:
docker-credential-*
Configure credential helpers to use by specifying them as a credHelper for their respective image in the jib extension.
Example configuration:
jib {
from {
image = 'aws_account_id.dkr.ecr.region.amazonaws.com/my-base-image'
credHelper = 'ecr-login'
}
to {
image = 'gcr.io/my-gcp-project/my-app'
credHelper = 'gcr'
}
}You can specify credentials directly in the extension for the from and/or to images.
jib {
from {
image = 'aws_account_id.dkr.ecr.region.amazonaws.com/my-base-image'
auth {
username = USERNAME // Defined in 'gradle.properties'.
password = PASSWORD
}
}
to {
image = 'gcr.io/my-gcp-project/my-app'
auth {
username = 'oauth2accesstoken'
password = 'gcloud auth print-access-token'.execute().text.trim()
}
}
}These credentials can be stored in gradle.properties, retrieved from a command (like gcloud auth print-access-token), or read in from a file.
For example, you can use a key file for authentication (for GCR, see Using a JSON key file):
jib {
to {
image = 'gcr.io/my-gcp-project/my-app'
auth {
username = '_json_key'
password = file('keyfile.json').text
}
}
}See the Jib project README.
These limitations will be fixed in later releases.
- Does not build directly to a Docker daemon.
- Pushing to Azure Container Registry is not currently supported.
See the Jib project README.
See the Jib project README.