From f79492b0cdd65672286fbe6338507b99f095f89f Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <tstromberg@google.com>
Date: Sat, 29 Aug 2020 11:01:14 -0700
Subject: [PATCH 1/3] Make --use-new-run flag help easier to understand

---
 cmd/executor/cmd/root.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/executor/cmd/root.go b/cmd/executor/cmd/root.go
index 695ddca323..983c78169c 100644
--- a/cmd/executor/cmd/root.go
+++ b/cmd/executor/cmd/root.go
@@ -174,7 +174,7 @@ func addKanikoOptionsFlags() {
 	RootCmd.PersistentFlags().BoolVarP(&opts.IgnoreVarRun, "whitelist-var-run", "", true, "Ignore /var/run directory when taking image snapshot. Set it to false to preserve /var/run/ in destination image. (Default true).")
 	RootCmd.PersistentFlags().VarP(&opts.Labels, "label", "", "Set metadata for an image. Set it repeatedly for multiple labels.")
 	RootCmd.PersistentFlags().BoolVarP(&opts.SkipUnusedStages, "skip-unused-stages", "", false, "Build only used stages if defined to true. Otherwise it builds by default all stages, even the unnecessaries ones until it reaches the target stage / end of Dockerfile")
-	RootCmd.PersistentFlags().BoolVarP(&opts.RunV2, "use-new-run", "", false, "Experimental run command to detect file system changes. This new run command does no rely on snapshotting to detect changes.")
+	RootCmd.PersistentFlags().BoolVarP(&opts.RunV2, "use-new-run", "", false, "Use the experimental run implementation for detecting changes without requiring file system snapshots.")
 	RootCmd.PersistentFlags().Var(&opts.Git, "git", "Branch to clone if build context is a git repository")
 }
 

From c0b88a03de0bb27faeda1b409f931150499a5d2c Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <tstromberg@google.com>
Date: Sat, 29 Aug 2020 11:01:44 -0700
Subject: [PATCH 2/3] Add missing flags/options to README, sort them

---
 README.md | 255 +++++++++++++++++++++++++++++++-----------------------
 1 file changed, 146 insertions(+), 109 deletions(-)

diff --git a/README.md b/README.md
index ea65a735cf..ef36e8f239 100644
--- a/README.md
+++ b/README.md
@@ -25,63 +25,70 @@ _If you are interested in contributing to kaniko, see [DEVELOPMENT.md](DEVELOPME
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 **Table of Contents**  *generated with [DocToc](https://github.com/thlorenz/doctoc)*
 
-- [Community](#community)
-- [How does kaniko work?](#how-does-kaniko-work)
-- [Known Issues](#known-issues)
-- [Demo](#demo)
-- [Tutorial](#tutorial)
-- [Using kaniko](#using-kaniko)
-  - [kaniko Build Contexts](#kaniko-build-contexts)
-  - [Using Azure Blob Storage](#using-azure-blob-storage)
-  - [Using Private Git Repository](#using-private-git-repository)
-  - [Running kaniko](#running-kaniko)
-    - [Running kaniko in a Kubernetes cluster](#running-kaniko-in-a-kubernetes-cluster)
-      - [Kubernetes secret](#kubernetes-secret)
-    - [Running kaniko in gVisor](#running-kaniko-in-gvisor)
-    - [Running kaniko in Google Cloud Build](#running-kaniko-in-google-cloud-build)
-    - [Running kaniko in Docker](#running-kaniko-in-docker)
-  - [Caching](#caching)
-    - [Caching Layers](#caching-layers)
-    - [Caching Base Images](#caching-base-images)
-  - [Pushing to Different Registries](#pushing-to-different-registries)
-    - [Pushing to Docker Hub](#pushing-to-docker-hub)
-    - [Pushing to Google GCR](#pushing-to-google-gcr)
-    - [Pushing to Amazon ECR](#pushing-to-amazon-ecr)
-  - [Additional Flags](#additional-flags)
-    - [--build-arg](#--build-arg)
-    - [--cache](#--cache)
-    - [--cache-dir](#--cache-dir)
-    - [--cache-repo](#--cache-repo)
-    - [--context-sub-path](#--context-sub-path)
-    - [--digest-file](#--digest-file)
-    - [--oci-layout-path](#--oci-layout-path)
-    - [--insecure-registry](#--insecure-registry)
-    - [--skip-tls-verify-registry](#--skip-tls-verify-registry)
-    - [--cleanup](#--cleanup)
-    - [--insecure](#--insecure)
-    - [--insecure-pull](#--insecure-pull)
-    - [--log-format](#--log-format)
-    - [--log-timestamp](#--log-timestamp)
-    - [--no-push](#--no-push)
-    - [--registry-certificate](#--registry-certificate)
-    - [--registry-mirror](#--registry-mirror)
-    - [--reproducible](#--reproducible)
-    - [--single-snapshot](#--single-snapshot)
-    - [--skip-tls-verify](#--skip-tls-verify)
-    - [--skip-tls-verify-pull](#--skip-tls-verify-pull)
-    - [--snapshotMode](#--snapshotmode)
-    - [--target](#--target)
-    - [--tarPath](#--tarpath)
-    - [--verbosity](#--verbosity)
-    - [--whitelist-var-run](#--whitelist-var-run)
-    - [--label](#--label)
-    - [--skip-unused-stages](#--skip-unused-stages)
-  - [Debug Image](#debug-image)
-- [Security](#security)
-- [Comparison with Other Tools](#comparison-with-other-tools)
-- [Community](#community-1)
-- [Limitations](#limitations)
-  - [mtime and snapshotting](#mtime-and-snapshotting)
+- [kaniko - Build Images In Kubernetes](#kaniko---build-images-in-kubernetes)
+  - [Community](#community)
+  - [How does kaniko work?](#how-does-kaniko-work)
+  - [Known Issues](#known-issues)
+  - [Demo](#demo)
+  - [Tutorial](#tutorial)
+  - [Using kaniko](#using-kaniko)
+    - [kaniko Build Contexts](#kaniko-build-contexts)
+    - [Using Azure Blob Storage](#using-azure-blob-storage)
+    - [Using Private Git Repository](#using-private-git-repository)
+    - [Using Standard Input](#using-standard-input)
+    - [Running kaniko](#running-kaniko)
+      - [Running kaniko in a Kubernetes cluster](#running-kaniko-in-a-kubernetes-cluster)
+        - [Kubernetes secret](#kubernetes-secret)
+      - [Running kaniko in gVisor](#running-kaniko-in-gvisor)
+      - [Running kaniko in Google Cloud Build](#running-kaniko-in-google-cloud-build)
+      - [Running kaniko in Docker](#running-kaniko-in-docker)
+    - [Caching](#caching)
+      - [Caching Layers](#caching-layers)
+      - [Caching Base Images](#caching-base-images)
+    - [Pushing to Different Registries](#pushing-to-different-registries)
+      - [Pushing to Docker Hub](#pushing-to-docker-hub)
+      - [Pushing to Google GCR](#pushing-to-google-gcr)
+      - [Pushing to Amazon ECR](#pushing-to-amazon-ecr)
+    - [Additional Flags](#additional-flags)
+      - [--build-arg](#--build-arg)
+      - [--cache](#--cache)
+      - [--cache-dir](#--cache-dir)
+      - [--cache-repo](#--cache-repo)
+      - [--cache-ttl duration](#--cache-ttl-duration)
+      - [--cleanup](#--cleanup)
+      - [--context-sub-path](#--context-sub-path)
+      - [--digest-file](#--digest-file)
+      - [--force](#--force)
+      - [--git](#--git)
+      - [--image-name-with-digest-file](#--image-name-with-digest-file)
+      - [--insecure](#--insecure)
+      - [--insecure-pull](#--insecure-pull)
+      - [--insecure-registry](#--insecure-registry)
+      - [--label](#--label)
+      - [--log-format](#--log-format)
+      - [--log-timestamp](#--log-timestamp)
+      - [--no-push](#--no-push)
+      - [--oci-layout-path](#--oci-layout-path)
+      - [--registry-certificate](#--registry-certificate)
+      - [--registry-mirror](#--registry-mirror)
+      - [--reproducible](#--reproducible)
+      - [--single-snapshot](#--single-snapshot)
+      - [--skip-tls-verify](#--skip-tls-verify)
+      - [--skip-tls-verify-pull](#--skip-tls-verify-pull)
+      - [--skip-tls-verify-registry](#--skip-tls-verify-registry)
+      - [--skip-unused-stages](#--skip-unused-stages)
+      - [--snapshotMode](#--snapshotmode)
+      - [--tarPath](#--tarpath)
+      - [--target](#--target)
+      - [--use-new-run](#--use-new-run)
+      - [--verbosity](#--verbosity)
+      - [--whitelist-var-run](#--whitelist-var-run)
+    - [Debug Image](#debug-image)
+  - [Security](#security)
+  - [Comparison with Other Tools](#comparison-with-other-tools)
+  - [Community](#community-1)
+  - [Limitations](#limitations)
+    - [mtime and snapshotting](#mtime-and-snapshotting)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
@@ -157,15 +164,15 @@ gsutil cp context.tar.gz gs://<bucket name>
 
 When running kaniko, use the `--context` flag with the appropriate prefix to specify the location of your build context:
 
-|  Source | Prefix  | Example |
-|---------|---------|---------|
-| Local Directory   | dir://[path to a directory in the kaniko container]             | `dir:///workspace`                                            |
-| Local Tar Gz      | tar://[path to a .tar.gz in the kaniko container]               | `tar://path/to/context.tar.gz`                                            |
-| Standard Input    | tar://[stdin]                                                   | `tar://stdin`                                                 |
-| GCS Bucket        | gs://[bucket name]/[path to .tar.gz]                            | `gs://kaniko-bucket/path/to/context.tar.gz`                   |
-| S3 Bucket         | s3://[bucket name]/[path to .tar.gz]                            | `s3://kaniko-bucket/path/to/context.tar.gz`                   |
-| Azure Blob Storage| https://[account].[azureblobhostsuffix]/[container]/[path to .tar.gz] | `https://myaccount.blob.core.windows.net/container/path/to/context.tar.gz` |
-| Git Repository    | git://[repository url][#reference][#commit-id]                              | `git://github.com/acme/myproject.git#refs/heads/mybranch#<desired-commit-id>`     |
+| Source             | Prefix                                                                | Example                                                                       |
+| ------------------ | --------------------------------------------------------------------- | ----------------------------------------------------------------------------- |
+| Local Directory    | dir://[path to a directory in the kaniko container]                   | `dir:///workspace`                                                            |
+| Local Tar Gz       | tar://[path to a .tar.gz in the kaniko container]                     | `tar://path/to/context.tar.gz`                                                |
+| Standard Input     | tar://[stdin]                                                         | `tar://stdin`                                                                 |
+| GCS Bucket         | gs://[bucket name]/[path to .tar.gz]                                  | `gs://kaniko-bucket/path/to/context.tar.gz`                                   |
+| S3 Bucket          | s3://[bucket name]/[path to .tar.gz]                                  | `s3://kaniko-bucket/path/to/context.tar.gz`                                   |
+| Azure Blob Storage | https://[account].[azureblobhostsuffix]/[container]/[path to .tar.gz] | `https://myaccount.blob.core.windows.net/container/path/to/context.tar.gz`    |
+| Git Repository     | git://[repository url][#reference][#commit-id]                        | `git://github.com/acme/myproject.git#refs/heads/mybranch#<desired-commit-id>` |
 
 If you don't specify a prefix, kaniko will assume a local directory.
 For example, to use a GCS bucket called `kaniko-bucket`, you would pass in `--context=gs://kaniko-bucket/path/to/context.tar.gz`.
@@ -440,12 +447,12 @@ Run kaniko with the `config.json` inside `/kaniko/.docker/config.json`
 To create a credentials to authenticate to Google Cloud Registry, follow these steps:
 1. Create a [service account](https://console.cloud.google.com/iam-admin/serviceaccounts) or in the Google Cloud Console project you want to push the final image to with `Storage Admin` permissions.
 2. Download a JSON key for this service account
-3. (optional) Rename the key to `kaniko-secret.json`, if you don't rename, you have to change the name used the command(in the volume part)  
-4. Run the container adding the path in GOOGLE_APPLICATION_CREDENTIALS env var   
+3. (optional) Rename the key to `kaniko-secret.json`, if you don't rename, you have to change the name used the command(in the volume part)
+4. Run the container adding the path in GOOGLE_APPLICATION_CREDENTIALS env var
 
 ```shell
 docker run -ti --rm -e GOOGLE_APPLICATION_CREDENTIALS=/kaniko/config.json \
--v `pwd`:/workspace -v `pwd`/kaniko-secret.json:/kaniko/config.json:ro gcr.io/kaniko-project/executor:latest \ 
+-v `pwd`:/workspace -v `pwd`/kaniko-secret.json:/kaniko/config.json:ro gcr.io/kaniko-project/executor:latest \
 --dockerfile=Dockerfile --destination=yourimagename
 ```
 
@@ -535,6 +542,14 @@ If `--destination=gcr.io/kaniko-project/test`, then cached layers will be stored
 
 _This flag must be used in conjunction with the `--cache=true` flag._
 
+#### --cache-ttl duration
+
+Cache timeout in hours. Defaults to two weeks.
+
+#### --cleanup
+
+Set this flag to clean the filesystem at the end of the build.
+
 #### --context-sub-path
 
 Set a sub path within the given `--context`.
@@ -553,55 +568,74 @@ will write the digest to that file, which is picked up by
 Kubernetes automatically as the `{{.state.terminated.message}}`
 of the container.
 
-#### --oci-layout-path
+#### --force
 
-Set this flag to specify a directory in the container where the OCI image
-layout of a built image will be placed. This can be used to automatically
-track the exact image built by Kaniko.
+Force building outside of a container
 
-For example, to surface the image digest built in a
-[Tekton task](https://github.com/tektoncd/pipeline/blob/v0.6.0/docs/resources.md#surfacing-the-image-digest-built-in-a-task),
-this flag should be set to match the image resource `outputImageDir`.
+#### --git
 
-_Note: Depending on the built image, the media type of the image manifest might be either
-`application/vnd.oci.image.manifest.v1+json` or `application/vnd.docker.distribution.manifest.v2+json`._
+Branch to clone if build context is a git repository (default branch=,single-branch=false,recurse-submodules=false)
 
-#### --insecure-registry
+#### --image-name-with-digest-file
 
-Set this flag to use plain HTTP requests when accessing a registry. It is supposed to be used for testing purposes only and should not be used in production!
-You can set it multiple times for multiple registries.
+Specify a file to save the image name w/ digest of the built image to.
 
-#### --skip-tls-verify-registry
+#### --insecure
 
-Set this flag to skip TLS certificate validation when accessing a registry. It is supposed to be used for testing purposes only and should not be used in production!
+Set this flag if you want to push images to a plain HTTP registry. It is supposed to be used for testing purposes only and should not be used in production!
+
+#### --insecure-pull
+
+Set this flag if you want to pull images from a plain HTTP registry. It is supposed to be used for testing purposes only and should not be used in production!
+
+#### --insecure-registry
+
+Set this flag to use plain HTTP requests when accessing a registry. It is supposed to be used for testing purposes only and should not be used in production!
 You can set it multiple times for multiple registries.
 
-#### --cleanup
+#### --label
 
-Set this flag to clean the filesystem at the end of the build.
+Set this flag as `--label key=value` to set some metadata to the final image. This is equivalent as using the `LABEL` within the Dockerfile.
 
-#### --insecure
+#### --log-format
 
-Set this flag if you want to push images to a plain HTTP registry. It is supposed to be used for testing purposes only and should not be used in production!
+Set this flag as `--log-format=<text|color|json>` to set the log format. Defaults to `color`.
 
-#### --insecure-pull
+#### --log-timestamp
 
-Set this flag if you want to pull images from a plain HTTP registry. It is supposed to be used for testing purposes only and should not be used in production!
+Set this flag as `--log-timestamp=<true|false>` to add timestamps to `<text|color>` log format. Defaults to `false`.
 
 #### --no-push
 
 Set this flag if you only want to build the image, without pushing to a registry.
 
+#### --oci-layout-path
+
+Set this flag to specify a directory in the container where the OCI image
+layout of a built image will be placed. This can be used to automatically
+track the exact image built by Kaniko.
+
+For example, to surface the image digest built in a
+[Tekton task](https://github.com/tektoncd/pipeline/blob/v0.6.0/docs/resources.md#surfacing-the-image-digest-built-in-a-task),
+this flag should be set to match the image resource `outputImageDir`.
+
+_Note: Depending on the built image, the media type of the image manifest might be either
+`application/vnd.oci.image.manifest.v1+json` or `application/vnd.docker.distribution.manifest.v2+json`._
+
+
 #### --registry-certificate
 
 Set this flag to provide a certificate for TLS communication with a given registry.
 
 Expected format is `my.registry.url=/path/to/the/certificate.cert`
 
+
 #### --registry-mirror
 
 Set this flag if you want to use a registry mirror instead of default `index.docker.io`.
 
+
+
 #### --reproducible
 
 Set this flag to strip timestamps out of the built image and make it reproducible.
@@ -610,6 +644,7 @@ Set this flag to strip timestamps out of the built image and make it reproducibl
 
 This flag takes a single snapshot of the filesystem at the end of the build, so only one layer will be appended to the base image.
 
+
 #### --skip-tls-verify
 
 Set this flag to skip TLS certificate validation when pushing to a registry. It is supposed to be used for testing purposes only and should not be used in production!
@@ -618,46 +653,48 @@ Set this flag to skip TLS certificate validation when pushing to a registry. It
 
 Set this flag to skip TLS certificate validation when pulling from a registry. It is supposed to be used for testing purposes only and should not be used in production!
 
+#### --skip-tls-verify-registry
+
+Set this flag to skip TLS certificate validation when accessing a registry. It is supposed to be used for testing purposes only and should not be used in production!
+You can set it multiple times for multiple registries.
+
+#### --skip-unused-stages
+
+This flag builds only used stages if defined to `true`.
+Otherwise it builds by default all stages, even the unnecessaries ones until it reaches the target stage / end of Dockerfile
+
 #### --snapshotMode
 
-You can set the `--snapshotMode=<full (default), time>` flag to set how kaniko will snapshot the filesystem.
-If `--snapshotMode=time` is set, only file mtime will be considered when snapshotting (see
-[limitations related to mtime](#mtime-and-snapshotting)).
+You can set the `--snapshotMode=<full (default), redo, time>` flag to set how kaniko will snapshot the filesystem.
 
-#### --target
+* If `--snapshot=full` is set, the full file contents and metadata are considered when snapshotting. This is the least performant option, but also the most robust.
 
-Set this flag to indicate which build stage is the target build stage.
+* If `--snapshotMode=redo` is set, the file mtime, size, mode, owner uid and gid will be considered when snapshotting. This may be up to 50% faster than "full", particularly if your project has a large number files.
+
+* If `--snapshotMode=time` is set, only file mtime will be considered when snapshotting (see
+[limitations related to mtime](#mtime-and-snapshotting)).
 
 #### --tarPath
 
 Set this flag as `--tarPath=<path>` to save the image as a tarball at path instead of pushing the image.
 You need to set `--destination` as well (for example `--destination=image`).
 
-#### --verbosity
+#### --target
 
-Set this flag as `--verbosity=<panic|fatal|error|warn|info|debug|trace>` to set the logging level. Defaults to `info`.
+Set this flag to indicate which build stage is the target build stage.
 
-#### --log-format
+#### --use-new-run
 
-Set this flag as `--log-format=<text|color|json>` to set the log format. Defaults to `color`.
+Use the experimental run implementation for detecting changes without requiring file system snapshots. In some cases, this may improve build performance by 75%.
 
-#### --log-timestamp
+#### --verbosity
 
-Set this flag as `--log-timestamp=<true|false>` to add timestamps to `<text|color>` log format. Defaults to `false`.
+Set this flag as `--verbosity=<panic|fatal|error|warn|info|debug|trace>` to set the logging level. Defaults to `info`.
 
 #### --whitelist-var-run
 
 Ignore /var/run when taking image snapshot. Set it to false to preserve /var/run/* in destination image. (Default true).
 
-#### --label
-
-Set this flag as `--label key=value` to set some metadata to the final image. This is equivalent as using the `LABEL` within the Dockerfile.
-
-#### --skip-unused-stages
-
-This flag builds only used stages if defined to `true`.
-Otherwise it builds by default all stages, even the unnecessaries ones until it reaches the target stage / end of Dockerfile
-
 ### Debug Image
 
 The kaniko executor image is based on scratch and doesn't contain a shell.

From 301255120429b0c197d3661df92a919854b12736 Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <tstromberg@google.com>
Date: Sat, 29 Aug 2020 11:03:43 -0700
Subject: [PATCH 3/3] Run doctoc

---
 README.md | 127 +++++++++++++++++++++++++++---------------------------
 1 file changed, 63 insertions(+), 64 deletions(-)

diff --git a/README.md b/README.md
index ef36e8f239..8a06dbd9be 100644
--- a/README.md
+++ b/README.md
@@ -25,70 +25,69 @@ _If you are interested in contributing to kaniko, see [DEVELOPMENT.md](DEVELOPME
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 **Table of Contents**  *generated with [DocToc](https://github.com/thlorenz/doctoc)*
 
-- [kaniko - Build Images In Kubernetes](#kaniko---build-images-in-kubernetes)
-  - [Community](#community)
-  - [How does kaniko work?](#how-does-kaniko-work)
-  - [Known Issues](#known-issues)
-  - [Demo](#demo)
-  - [Tutorial](#tutorial)
-  - [Using kaniko](#using-kaniko)
-    - [kaniko Build Contexts](#kaniko-build-contexts)
-    - [Using Azure Blob Storage](#using-azure-blob-storage)
-    - [Using Private Git Repository](#using-private-git-repository)
-    - [Using Standard Input](#using-standard-input)
-    - [Running kaniko](#running-kaniko)
-      - [Running kaniko in a Kubernetes cluster](#running-kaniko-in-a-kubernetes-cluster)
-        - [Kubernetes secret](#kubernetes-secret)
-      - [Running kaniko in gVisor](#running-kaniko-in-gvisor)
-      - [Running kaniko in Google Cloud Build](#running-kaniko-in-google-cloud-build)
-      - [Running kaniko in Docker](#running-kaniko-in-docker)
-    - [Caching](#caching)
-      - [Caching Layers](#caching-layers)
-      - [Caching Base Images](#caching-base-images)
-    - [Pushing to Different Registries](#pushing-to-different-registries)
-      - [Pushing to Docker Hub](#pushing-to-docker-hub)
-      - [Pushing to Google GCR](#pushing-to-google-gcr)
-      - [Pushing to Amazon ECR](#pushing-to-amazon-ecr)
-    - [Additional Flags](#additional-flags)
-      - [--build-arg](#--build-arg)
-      - [--cache](#--cache)
-      - [--cache-dir](#--cache-dir)
-      - [--cache-repo](#--cache-repo)
-      - [--cache-ttl duration](#--cache-ttl-duration)
-      - [--cleanup](#--cleanup)
-      - [--context-sub-path](#--context-sub-path)
-      - [--digest-file](#--digest-file)
-      - [--force](#--force)
-      - [--git](#--git)
-      - [--image-name-with-digest-file](#--image-name-with-digest-file)
-      - [--insecure](#--insecure)
-      - [--insecure-pull](#--insecure-pull)
-      - [--insecure-registry](#--insecure-registry)
-      - [--label](#--label)
-      - [--log-format](#--log-format)
-      - [--log-timestamp](#--log-timestamp)
-      - [--no-push](#--no-push)
-      - [--oci-layout-path](#--oci-layout-path)
-      - [--registry-certificate](#--registry-certificate)
-      - [--registry-mirror](#--registry-mirror)
-      - [--reproducible](#--reproducible)
-      - [--single-snapshot](#--single-snapshot)
-      - [--skip-tls-verify](#--skip-tls-verify)
-      - [--skip-tls-verify-pull](#--skip-tls-verify-pull)
-      - [--skip-tls-verify-registry](#--skip-tls-verify-registry)
-      - [--skip-unused-stages](#--skip-unused-stages)
-      - [--snapshotMode](#--snapshotmode)
-      - [--tarPath](#--tarpath)
-      - [--target](#--target)
-      - [--use-new-run](#--use-new-run)
-      - [--verbosity](#--verbosity)
-      - [--whitelist-var-run](#--whitelist-var-run)
-    - [Debug Image](#debug-image)
-  - [Security](#security)
-  - [Comparison with Other Tools](#comparison-with-other-tools)
-  - [Community](#community-1)
-  - [Limitations](#limitations)
-    - [mtime and snapshotting](#mtime-and-snapshotting)
+- [Community](#community)
+- [How does kaniko work?](#how-does-kaniko-work)
+- [Known Issues](#known-issues)
+- [Demo](#demo)
+- [Tutorial](#tutorial)
+- [Using kaniko](#using-kaniko)
+  - [kaniko Build Contexts](#kaniko-build-contexts)
+  - [Using Azure Blob Storage](#using-azure-blob-storage)
+  - [Using Private Git Repository](#using-private-git-repository)
+  - [Using Standard Input](#using-standard-input)
+  - [Running kaniko](#running-kaniko)
+    - [Running kaniko in a Kubernetes cluster](#running-kaniko-in-a-kubernetes-cluster)
+      - [Kubernetes secret](#kubernetes-secret)
+    - [Running kaniko in gVisor](#running-kaniko-in-gvisor)
+    - [Running kaniko in Google Cloud Build](#running-kaniko-in-google-cloud-build)
+    - [Running kaniko in Docker](#running-kaniko-in-docker)
+  - [Caching](#caching)
+    - [Caching Layers](#caching-layers)
+    - [Caching Base Images](#caching-base-images)
+  - [Pushing to Different Registries](#pushing-to-different-registries)
+    - [Pushing to Docker Hub](#pushing-to-docker-hub)
+    - [Pushing to Google GCR](#pushing-to-google-gcr)
+    - [Pushing to Amazon ECR](#pushing-to-amazon-ecr)
+  - [Additional Flags](#additional-flags)
+    - [--build-arg](#--build-arg)
+    - [--cache](#--cache)
+    - [--cache-dir](#--cache-dir)
+    - [--cache-repo](#--cache-repo)
+    - [--cache-ttl duration](#--cache-ttl-duration)
+    - [--cleanup](#--cleanup)
+    - [--context-sub-path](#--context-sub-path)
+    - [--digest-file](#--digest-file)
+    - [--force](#--force)
+    - [--git](#--git)
+    - [--image-name-with-digest-file](#--image-name-with-digest-file)
+    - [--insecure](#--insecure)
+    - [--insecure-pull](#--insecure-pull)
+    - [--insecure-registry](#--insecure-registry)
+    - [--label](#--label)
+    - [--log-format](#--log-format)
+    - [--log-timestamp](#--log-timestamp)
+    - [--no-push](#--no-push)
+    - [--oci-layout-path](#--oci-layout-path)
+    - [--registry-certificate](#--registry-certificate)
+    - [--registry-mirror](#--registry-mirror)
+    - [--reproducible](#--reproducible)
+    - [--single-snapshot](#--single-snapshot)
+    - [--skip-tls-verify](#--skip-tls-verify)
+    - [--skip-tls-verify-pull](#--skip-tls-verify-pull)
+    - [--skip-tls-verify-registry](#--skip-tls-verify-registry)
+    - [--skip-unused-stages](#--skip-unused-stages)
+    - [--snapshotMode](#--snapshotmode)
+    - [--tarPath](#--tarpath)
+    - [--target](#--target)
+    - [--use-new-run](#--use-new-run)
+    - [--verbosity](#--verbosity)
+    - [--whitelist-var-run](#--whitelist-var-run)
+  - [Debug Image](#debug-image)
+- [Security](#security)
+- [Comparison with Other Tools](#comparison-with-other-tools)
+- [Community](#community-1)
+- [Limitations](#limitations)
+  - [mtime and snapshotting](#mtime-and-snapshotting)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->