Build images for apk-based distributions declaratively!
When maintaining images at scale, the
Dockerfile concept built into Docker is inefficient. If we have a collection of build artifacts, repositories and a keyring, we can build images directly with APK, and upload them directly to container registries.
In fact, we can do more than that: using a service like kontain.me, we can serve fresh container images on demand, with the latest package updates, using nothing but declarative configuration.
This part is very much a work in progress, but basically you need a system with
libapk), and this
apko tool. You probably also want the other Chainguard stack components as well, e.g.
To build an image, use the
apko build command:
# apko build config.yaml tag output.tar
This will give you a Docker-style tarball which you can use with
# docker load < output.tar
You need root, or at least fakeroot + fakechroot to build images with apko, due to apk-tools' use of chroot(2).