What is Distroless?
A distroless image contains only the necessary components needed to support an application. Distroless images benefit from significantly reduced attack surface, omitting unnecessary package management capabilities, and occasionally even a shell. In the container space, the primary framework for creating these distroless images has been Google’s distroless project.
While Google’s distroless project has given people effective tools to make lightweight containers with minimal attack surface, these capabilities come at a significant cost in complexity. Traditionally, distroless is built using Bazel, a complicated build system designed for building gigantic monolithic applications, which means that many users in the container ecosystem avoid distroless and build images on the official Alpine or Debian base image instead, which both have unnecessary attack surface for most applications.
What is apko?
Apko features include: