What is first-class container building?
Problem Statement
Building a container should be easy, and with docker build on your laptop, it is.
Unfortunately docker build does not work very well in Kubernetes:
- It requires docker-in-docker, along with privileged mode, which is a significant security concern.
- Setting up dind requires extra non-obvious configuration, and it can run very slowly.
What you probably want to use is a tool like kaniko or img, buildah, or potentially a third party service like Google Container Builder.
But, these tools are not well known, and most developers probably think docker build should just work... until they start getting strange errors because their GitLab Runner isn't privileged.
Because building Docker containers is a very typical workflow, we should make doing so easy and first class.
See #23141 for additional detail