20180502_talk_3
20180502_talk_3
- Building images without Docker
- 1 - Why
- 2 - Dockerfile-less & Daemon-less
- 4 - Runtime-less ?
- 5 - Libs
- 6 - Next ?
Building images without Docker
1 - Why
Separe these phases
* Build
* Push/pull
* Run
Push/pull & Run: CRI-O or Containerd
Push/pull & Run & Build: Docker (Initially)
Currently:
- Implicit dependency between build & run
2 - Dockerfile-less & Daemon-less
2.1 - Why
Dockerfiles: Really like shell scripts but with some Dockerfile syntax …
Daeomon: > Missed notes
2.2 - Tools
Buildah
- No docker daemin involved
- Can build from Dockerfile (compatibility)
- Can build imperatif via CLI steps
genuinetools/img
- Same UX as docker commands
- Standalone
- Dockefile and OCI compatible images
- Use
RunCrootless
4 - Runtime-less ?
4.1 - Why
- To be more portable
- Less complexity ?
- Swap container tech on the fly ?
4.2 - Tools
GoogleContainerTools/distroless
- Declarative and reproducible
- No timestamps
- all dependencies at build time
- Can NOT interpret Dockefile
- Rebase-able
- Minimal images
GoogleContainerTools/kaniko
- Interpret Dockerfile
- Snapshots layers without UnionFS
- Meant exclusively for running inside containerized env
- No runtime or containers
- gVisor + RunSc + Kube
5 - Libs
- containers/image
- google/go-containerregistry
- google/container-registry
6 - Next ?
CNI: Network
CRI: Runtime
CSI: Storage
CBI: ???