In the beginning...
Solving the last mile
For example, something like this (this is in Python, but many languages have a fairly similar pattern):
I call this class of images “last-mile images” (and their build tools “last-mile builders”), and it inspired and informed a significant amount of downstream innovation, including “Faster than Light Builds” aka FTL (with Dan Lorenc and Aaron Prindle), the ko project (with Jason Hall and Jon Johnson), the jib project (with Appu Goundan, Q Chen, and Patrick Flynn), and CNCF buildpacks (with Jacques Chester and Stephen Levine). In particular, it has been humbling to see folks wishing for and attempting to replicate ko for many other language ecosystems over the years. In my (incredibly biased) opinion, what we managed to achieve with ko is so close to optimal that I consider the “last mile” for Go images a largely solved problem and I’m skeptical we will do much better. Huge kudos to Jason Hall and Jon Johnson for all of their innovative work on this project over the years, continually taking it to new heights.
Distroless done right
Houston, we have a problem
Terraforming Chainguard Images
Happily ever after
While we are now using these pieces to orchestrate our Chainguard Image builds, what we are doing barely scratches the surface of what is already possible. I grew up with legos, and the best part is being able to take them apart and build new things (and part of the appeal of Terraform was an enormous ecosystem for us to compose with). With these pieces, you can deploy a “last mile image” built with ko, overlaid on a “base image” assembled from a custom set of APKs tailored to your application’s needs. You can sign / attest them all with cosign, and then deploy them to a runtime environment of your choosing:
We have come a long way since the early days of “Images as Code”, and I want to thank everyone who has helped (far too many to name) to advance my endless pursuit of “better way[s] of building containers.” If you are interested in learning more, or collaborating on taking things to the next level, then please reach out! If you are interested in learning more about Chainguard Images as part of your container security strategy, contact our team today.