Our hero begins as humble source code, and to even begin to find production they need to learn to walk. They need to be portable, and to carry their dependencies and lightweight OS with them as they go. Let's get Hero out of the git repository and moving towards bigger and better things!
At its core, a container image is simply a tarball of an entire filesystem (or several tarballs - one for each layer). With containers, application code is packaged up with the operating system and necessary dependencies. That way the application has everything that it needs to run in a consistent and repeatable way, no matter what hardware platform and operating system it is running on. Containers are lightweight and portable because they only contain as much of the operating system as what is needed to run the application. When an application is run in containers it can easily scale, simply by making more instances of the containerized application as traffic increases.
kbld is a CLI that automates image building, image pushing, and deployment configuration updates. kbld is part of the Carvel suite of tools. Whenever a relevant new resource is created, kbld builds an application image from your specified source code (using Docker or Cloud Native Buildpacks), kbld optionally pushes the resulting image to your registry of choice, and finally kbld resolves it to an image digest reference. kbld automatically finds image references within your configuration, and you can choose whether kbld updates these references to the latest image digest or whether to lock a certain image digest reference to ensure that exactly the same image versions are used. kbld probably works with your existing configuration management tool (helm, kustomize, ytt, vanilla k8s).
Lima is a Linux virtual machine that is optimized to run containerd on Mac. The goal of Lima is to promote containerd including nerdctl (contaiNERD ctl) to Mac users. containerd is a container runtime that manages the complete container lifecycle--from image transfer and storage, to container execution and supervision, to low-level storage to network attachments.
If this solution is chosen, we will implement Lima using Rancher Desktop. Rancher Desktop (with Lima, containerd, and nerdctl) is a CNCF-friendly, free alternative to Docker Desktop.
Since we are talking about building images here, it is worth noting that with this strategy, nerdctl is building the image using BuildKit, which is a Docker project. BuildKit is an improved build solution to replace Docker's legacy builder.
The Cloud Native Buildpacks project takes source code as input and then outputs an Open Container Initiative (OCI)-compliant container image. CNBs provide a sweet, sweet developer experience while giving platform teams more control over how images are built. Cloud Native Buildpacks additionally provide a software bill of materials (SBOM) - no mystery meat in production! CNB-built images are reproducible and efficient (only changed layers are rebuilt), and they can be rebased easily since the operating system (OS) layer can be patched without requiring an image rebuild. There are many implementations of Cloud Native Buildpacks such as the pack CLI tool, kpack, Google Cloud Run, or the Tekton 'Buildpacks' task, to name a few.
- kbld
- Lima
- Cloud Native Buildpacks (CNB)
- ko has not yet been implemented. Please let us know (by opening an issue) if you would like to contribute the implementation.
- SlimToolkit has not yet been implemented. Please let us know (by opening an issue) if you would like to contribute the implementation.