Build images for apk-based distributions declaratively!
When maintaining images at scale, the
Dockerfile concept built into
Docker is inefficient. If we have a collection of build artifacts,
repositories and a keyring, we can build images directly with APK,
and upload them directly to container registries.
In fact, we can do more than that: using a service like kontain.me,
we can serve fresh container images on demand, with the latest package
updates, using nothing but declarative configuration.
This part is very much a work in progress, but basically you need
a system with
libapk), and this
apko tool. You
probably also want the other Chainguard stack components as well,
To build an image, use the
apko build command:
# apko build config.yaml tag output.tar
This will give you a Docker-style tarball which you can use with
# docker load < output.tar
You need root, or at least fakeroot + fakechroot to build images
with apko, due to apk-tools’ use of chroot(2).