Please enter url.
When I introduced the original distroless images to the world, I said

Images as Code: The pursuit of declarative image builds

submited by
Style Pass
2024-02-11 11:00:06

When I introduced the original distroless images to the world, I said "I am in pursuit of a better way of building containers." Much of the need for this ties back to one thing: RUN. This powerful and sticky Dockerfile directive in many ways enabled the ascension of Docker to the ubiquity it has today. However, this directive is the root of so many problems as well. The imperative nature of RUN requires activating the container and running things inside of it, which makes things like multi-tenancy (e.g. hosted build services) and multi-architecture (e.g. amd64 and arm64) builds hard. The fact that it lets users execute arbitrary commands also makes any claims of reproducibility pretty trivially refutable.

My journey in this space started in 2014 with Blaze at Google (now Open Source as Bazel), where I wrote the original rules_docker (which has now been deprecated and replaced by rules_oci) with the aim to provide every directive of Dockerfile except RUN. These were without a doubt the first generally reproducible docker build rules (likely by several years), and by the time I ultimately left Google there were hundreds of teams building with these internally.

Blaze BUILD files were a natural early vehicle for this work because of their declarative representation of what developers intend to build. In declarative models, users express their desired state vs. imperative models where they express the procedure to get there (a la RUN); it is a declaration of intention. While Bazel (open source Blaze) BUILD files did not exactly become a runaway sensation, it is not alone in its use of declarative expression, and there are two great examples which have gained massive mindshare: Kubernetes and Terraform (both have cameos below, but no spoilers). Terraform has come to define the category known as “Infrastructure as Code” and uses a declarative expression of the infrastructure a user wants deployed. It also inspired the title of my pursuit of declarative image builds: “Images as Code”.

Read more chainguard.d...
Share :  
Leave a Comment
Related Posts

Securing Online Gaming: Combine Chaos Engineering with DevOps Practices | PingCAP

Comment

Athan Theoharis, Chronicler of F.B.I. Abuses, Dies at 84

Comment

Solar monitoring system builds on Linux-based LoRaWAN gateway

Comment

Harold & Kumar Go to White Castle

Comment

Can Quartz become a scrappy media startup?

Comment

Argentine ‘death flights’ trial gets underway

Comment

Relating Natural Language Aptitude to Individual Differences in Learning Programming Languages

Comment

Study: Culture influences mask wearing

Comment

Style GAN 2

Comment

Automatically publishing your build artifacts | agateau.com

Comment
Recent Posts

MIT Technology Review

Comment

Networked Sniper Pod Will Let 4th-Generation Fighters Create ‘Kill Webs’ With F-35s

Comment

Black Holes Can’t Be Created by Light

Comment

Government to pay ex-FBI agent $1.2 million in settlement over release of anti-Trump texts

Comment

Transmeta - Wikipedia

Comment

Alex Ghiculescu's Newsletter

Comment

The Physics of Cold Water May Have Jump-Started Complex Life

Comment

The rise of the analytics pretendgineer - by Benn Stancil

Comment

Make Good Stubs with Stateful Property Testing

Comment

Haskell Nuggets: k-means · in Code

Comment

Airask - Chrome Web Store

Comment

Testing Apps with TestFlight

Comment

Sustainable Real Estate

Comment

How to increase the rate of plastics recycling

Comment

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Comment

Researchers capture never-before-seen view of gene transcription

Comment

Cup o' Go

Comment

All Good Things Must Come to an End...

Comment

Near-Grounding Incident in Great Barrier Reef Attributed to GPS Malfunction

Comment

Television Camera at the Berlin Olympics (1936)

Comment