Kaniko Container Build

Kaniko is a tool for building container images from a Dockerfile without requiring a Docker daemon. Instead of invoking docker build, you run the Kaniko executor as a container, pass it a Dockerfile and build context, and it executes each instruction (FROM, RUN, COPY, ADD, etc.) inside a container, manages layers, and pushes the resulting image to a registry. It's designed for CI/CD pipelines, especially in Kubernetes, where running a Docker daemon is impractical, security-risky, or forbidden. Kaniko runs unprivileged, leaving no attack surface.