SlideShare a Scribd company logo

Die Evolution von Container Image Builds

Nico Meisenzahl
Nico Meisenzahl

Containerisierte Anwendungen sind zu einem wesentlichen Bestandteil unseres täglichen Lebens geworden. Wir bauen diese mehrmals täglich, sowohl innerhalb unserer CI-Pipelines als auch lokal zu Debugging- und Testzwecken. Vor einigen Jahren konnten wir hierzu nur auf "docker build" zurückgreifen. Inzwischen gibt es jedoch viele alternative Projekte, die verschiedene Funktionen und Vorteile bieten. Nico führt Sie in diesem Vortrag in die Evolution der Container-Builds ein. Sie erhalten Einblicke in Werkzeuge wie BuildKit, buildx, Kaniko, buildah, img und weitere. Neben den Unterschieden werden Sie auch die Vor- und Nachteile der einzelnen Tools kennenlernen. Nach diesem Vortrag wissen Sie alles, was Sie benötigen, um Ihre Container Builds auf die nächsten Level zu heben.

Technology
1 of 20
Download to read offline
Die Evolution von Container Image Builds Container Deep Dive, December 2020
Nico Meisenzahl • Senior Cloud & DevOps Consultant at white duck • GitLab Hero, Microsoft MVP & Docker Community Leader • Container, Kubernetes, Cloud-Native & DevOps © white duck GmbH 2020 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
Agenda • Container history at a glance • docker build & dockerd • Container build – the choice is ours • Docker Hub limits © white duck GmbH 2020
Linux Container history © white duck GmbH 2020 Namespaces got introduced chroot got introduced (Linux) 2002 Googles uses cgroups at scale (with Borg) 2003 January – cgroups get merged into Linux Kernel August – LXC 1.0 release 2008 Docker hits the scene 2013 June – Docker 1.0 release June – Kubernetes announced November – LXD announced December – rkt announced 2014 June – Open Container Initiative (OCI) defined a common container standard July – Kubernetes 1.0 release July – CNCF founded 2015 April – Docker 1.1 with OCI support based on containerd December – containerd as separate project 2016 October – CIO-O 1.0 released December – Kata Containers project launched 2017 May – gVisor 1.0 released 2018
Issues with docker build (in CI/CD) • requires the whole Docker Engine • heavy-weight • depends on Docker daemon • Docker Docker daemon requires root • rootless introduced in 19.03, still an experimental feature (GA with 20.10) • hard to containerize © white duck GmbH 2020
Issues with docker build (pre 20.10) • inefficient layer caching (no centralized layer caching) • no concurrency in multi-stage builds • no compiler caching • no secret injection © white duck GmbH 2020
How do we fix this? The choice is ours © white duck GmbH 2020 and many more …
BuildKit • open-source project by moby • https://github.com/moby/buildkit • used by multiple open-source projects • advantages • automatic garbage collection • concurrent dependency resolution and layer builds • efficient caching (compiler, layer) • build cache import/export • secret injection • supports multi-arch via QEMU • … © white duck GmbH 2020 https://www.xenonstack.com/blog/docker-buildkit/
Docker with BuildKit • GA & enabled by default with 20.10 • opt-in for BuildKit with Docker 18.09 and higher • export DOCKER_BUILDKIT=1 • { "features": { "buildkit": true } } > /etc/docker/daemon.json • full BuildKit capabilities with buildx • https://github.com/docker/buildx • binary included with Docker 19.03 and higher © white duck GmbH 2020
BuildKit standalone • contains of • a CLI buildkit • a daemon buildkitd • Daemon can be executed as non-root • supports containerized builds • can be used ”daemonless” • containerized with ephemeral daemon © white duck GmbH 2020
More details on BuildKit © white duck GmbH 2020
buildah • open-source project introduced by Red Hat • https://github.com/containers/buildah • rootless and daemonless • CLI only • Dockerfile support • buildad bud • can also run container • for debugging purpose • use podman for long running containers © white duck GmbH 2020
More details on Buildah © white duck GmbH 2020
Kaniko • open-source project by Google • https://github.com/GoogleContainerTools/kaniko • designed to build container images, inside a container or Kubernetes • gcr.io/kaniko-project/executor • image builds without the need of any privileges or dependencies • speed up your builds with caching • FROM via volume mount • layers via registry © white duck GmbH 2020
img • open-source project started by Jess Frazelle • https://github.com/genuinetools/img • daemonless and unprivileged • based on BuildKit • Docker-like CLI • can also be executed within a Container • a bit inactive since 2018 © white duck GmbH 2020
k3c • open-source project by Rancher • https://github.com/rancher/k3c • pretty new project, experimental! • “k3c, similar old school docker, is packaged as a single binary…” • allows to run and build container. full stop. • based on Container Runtime Interface (CRI), containerd and BuildKit © white duck GmbH 2020
Docker rate-limiting (since Nov 2nd) • Free plan • anonymous users: 100 pulls per 6 hours (Source IP) • authenticated users: 200 pulls per 6 hours • Pro/Team plan – unlimited • free opt-in for OSS projects (unlimited pulls) • was introduced slowly • starting with 6000 pull per 6 hours • final limits are active since Nov 18 © white duck GmbH 2020
Solutions • authenticate or opt-in for Pro/Team • docker login, imagePullSecrets, … • configure a registry mirror • run your own • https://docs.docker.com/registry/recipes/mirror/ • use GitLab Dependency Proxy • https://docs.gitlab.com/ee/user/packages/dependency_proxy/ • use mirror.gcr.io • https://cloud.google.com/container-registry/docs/pulling-cached-images © white duck GmbH 2020
Solutions • Docker • authenticate via login • define registry mirror • Kaniko • use --registry-mirror to define registry mirror • Buildah • authenticate via login • rewrite default registry via registries.conf • Img • authenticate via login © white duck GmbH 2020
Questions? Slides: https://www.slideshare.net/nmeisenzahl Nico Meisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2020

Recommended

Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Nico Meisenzahl
 
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesContinuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
Nico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Clusterazdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
Nico Meisenzahl
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Nico Meisenzahl
 
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on AzureAzure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Nico Meisenzahl
 
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Nico Meisenzahl
 
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
 

Recommended

Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Nico Meisenzahl
 
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesContinuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
Nico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Clusterazdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
Nico Meisenzahl
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Nico Meisenzahl
 
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on AzureAzure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Nico Meisenzahl
 
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Nico Meisenzahl
 
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
 
Policy & Governance für Kubernetes
Policy & Governance für KubernetesPolicy & Governance für Kubernetes
Policy & Governance für Kubernetes
Nico Meisenzahl
 
GitHub Actions 101
GitHub Actions 101GitHub Actions 101
GitHub Actions 101
Nico Meisenzahl
 
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service OperatorAzure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
Nico Meisenzahl
 
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Nico Meisenzahl
 
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Nico Meisenzahl
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Nico Meisenzahl
 
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Nico Meisenzahl
 
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open SourceEnhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Nico Meisenzahl
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Nico Meisenzahl
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
Nico Meisenzahl
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
Philip Welz
 
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
Nico Meisenzahl
 
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes BasicsGlobal Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Nico Meisenzahl
 
Virtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service BasicsVirtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service Basics
Nico Meisenzahl
 
Cloud Study Jam - Kubernetes 101
Cloud Study Jam - Kubernetes 101Cloud Study Jam - Kubernetes 101
Cloud Study Jam - Kubernetes 101
Nico Meisenzahl
 
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CDDevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
Nico Meisenzahl
 
Event sourcing your React-Redux applications
Event sourcing your React-Redux applicationsEvent sourcing your React-Redux applications
Event sourcing your React-Redux applications
Maurice De Beijer [MVP]
 
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CDDevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Nico Meisenzahl
 
KCD Guatemala - Abstracciones sobre Abstracciones
KCD Guatemala - Abstracciones sobre AbstraccionesKCD Guatemala - Abstracciones sobre Abstracciones
KCD Guatemala - Abstracciones sobre Abstracciones
Mauricio (Salaboy) Salatino
 
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt dasEffiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Nico Meisenzahl
 
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
Nico Meisenzahl
 

More Related Content

What's hot

Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Nico Meisenzahl
 
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Nico Meisenzahl
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
Nico Meisenzahl
 
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CDDevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
Nico Meisenzahl
 
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CDDevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Nico Meisenzahl
 

What's hot (20)

Policy & Governance für Kubernetes
Policy & Governance für KubernetesPolicy & Governance für Kubernetes
Policy & Governance für Kubernetes
 
GitHub Actions 101
GitHub Actions 101GitHub Actions 101
GitHub Actions 101
 
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service OperatorAzure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
 
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
 
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
 
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
 
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open SourceEnhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
 
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
 
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes BasicsGlobal Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
 
Virtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service BasicsVirtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service Basics
 
Cloud Study Jam - Kubernetes 101
Cloud Study Jam - Kubernetes 101Cloud Study Jam - Kubernetes 101
Cloud Study Jam - Kubernetes 101
 
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CDDevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
 
Event sourcing your React-Redux applications
Event sourcing your React-Redux applicationsEvent sourcing your React-Redux applications
Event sourcing your React-Redux applications
 
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CDDevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
 
KCD Guatemala - Abstracciones sobre Abstracciones
KCD Guatemala - Abstracciones sobre AbstraccionesKCD Guatemala - Abstracciones sobre Abstracciones
KCD Guatemala - Abstracciones sobre Abstracciones
 

Similar to Die Evolution von Container Image Builds

Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt dasEffiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Nico Meisenzahl
 
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
Nico Meisenzahl
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
Cloud Native Rosenheim Meetup
 
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native WayAzure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Nico Meisenzahl
 
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack KubernetesContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
Nico Meisenzahl
 
Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools
Akihiro Suda
 
Docker Timisoara: Dockercon19 recap slides, 23 may 2019
Docker Timisoara: Dockercon19 recap slides, 23 may 2019Docker Timisoara: Dockercon19 recap slides, 23 may 2019
Docker Timisoara: Dockercon19 recap slides, 23 may 2019
Radulescu Adina-Valentina
 

Similar to Die Evolution von Container Image Builds (20)

Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt dasEffiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
 
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
 
Containerized Build & Deployment Pipelines
Containerized Build & Deployment PipelinesContainerized Build & Deployment Pipelines
Containerized Build & Deployment Pipelines
 
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being HackedKCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
 
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being HackedHow to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
 
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native WayAzure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
 
Being a Moby maintainer
Being a Moby maintainerBeing a Moby maintainer
Being a Moby maintainer
 
Rexdockercon2017
Rexdockercon2017Rexdockercon2017
Rexdockercon2017
 
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack KubernetesContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
 
Django and Docker
Django and DockerDjango and Docker
Django and Docker
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
 
Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools
 
January OpenNTF Webinar: 4D - Domino Docker Deep Dive
January OpenNTF Webinar: 4D - Domino Docker Deep DiveJanuary OpenNTF Webinar: 4D - Domino Docker Deep Dive
January OpenNTF Webinar: 4D - Domino Docker Deep Dive
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
 
Open collaboration in the Moby Project
Open collaboration in the Moby ProjectOpen collaboration in the Moby Project
Open collaboration in the Moby Project
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
 
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWERContinuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
 
Docker Timisoara: Dockercon19 recap slides, 23 may 2019
Docker Timisoara: Dockercon19 recap slides, 23 may 2019Docker Timisoara: Dockercon19 recap slides, 23 may 2019
Docker Timisoara: Dockercon19 recap slides, 23 may 2019
 
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a WalkthroughContainer Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
 

More from Nico Meisenzahl

Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsCloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Nico Meisenzahl
 
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networkingFestive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
Nico Meisenzahl
 
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
Nico Meisenzahl
 

More from Nico Meisenzahl (7)

Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsCloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
 
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being HackedContainer Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
 
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networkingFestive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
 
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
 
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a WalkthroughKCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
 
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Die Evolution von Container Image Builds

  • 1. Die Evolution von Container Image Builds Container Deep Dive, December 2020
  • 2. Nico Meisenzahl • Senior Cloud & DevOps Consultant at white duck • GitLab Hero, Microsoft MVP & Docker Community Leader • Container, Kubernetes, Cloud-Native & DevOps © white duck GmbH 2020 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
  • 3. Agenda • Container history at a glance • docker build & dockerd • Container build – the choice is ours • Docker Hub limits © white duck GmbH 2020
  • 4. Linux Container history © white duck GmbH 2020 Namespaces got introduced chroot got introduced (Linux) 2002 Googles uses cgroups at scale (with Borg) 2003 January – cgroups get merged into Linux Kernel August – LXC 1.0 release 2008 Docker hits the scene 2013 June – Docker 1.0 release June – Kubernetes announced November – LXD announced December – rkt announced 2014 June – Open Container Initiative (OCI) defined a common container standard July – Kubernetes 1.0 release July – CNCF founded 2015 April – Docker 1.1 with OCI support based on containerd December – containerd as separate project 2016 October – CIO-O 1.0 released December – Kata Containers project launched 2017 May – gVisor 1.0 released 2018
  • 5. Issues with docker build (in CI/CD) • requires the whole Docker Engine • heavy-weight • depends on Docker daemon • Docker Docker daemon requires root • rootless introduced in 19.03, still an experimental feature (GA with 20.10) • hard to containerize © white duck GmbH 2020
  • 6. Issues with docker build (pre 20.10) • inefficient layer caching (no centralized layer caching) • no concurrency in multi-stage builds • no compiler caching • no secret injection © white duck GmbH 2020
  • 7. How do we fix this? The choice is ours © white duck GmbH 2020 and many more …
  • 8. BuildKit • open-source project by moby • https://github.com/moby/buildkit • used by multiple open-source projects • advantages • automatic garbage collection • concurrent dependency resolution and layer builds • efficient caching (compiler, layer) • build cache import/export • secret injection • supports multi-arch via QEMU • … © white duck GmbH 2020 https://www.xenonstack.com/blog/docker-buildkit/
  • 9. Docker with BuildKit • GA & enabled by default with 20.10 • opt-in for BuildKit with Docker 18.09 and higher • export DOCKER_BUILDKIT=1 • { "features": { "buildkit": true } } > /etc/docker/daemon.json • full BuildKit capabilities with buildx • https://github.com/docker/buildx • binary included with Docker 19.03 and higher © white duck GmbH 2020
  • 10. BuildKit standalone • contains of • a CLI buildkit • a daemon buildkitd • Daemon can be executed as non-root • supports containerized builds • can be used ”daemonless” • containerized with ephemeral daemon © white duck GmbH 2020
  • 11. More details on BuildKit © white duck GmbH 2020
  • 12. buildah • open-source project introduced by Red Hat • https://github.com/containers/buildah • rootless and daemonless • CLI only • Dockerfile support • buildad bud • can also run container • for debugging purpose • use podman for long running containers © white duck GmbH 2020
  • 13. More details on Buildah © white duck GmbH 2020
  • 14. Kaniko • open-source project by Google • https://github.com/GoogleContainerTools/kaniko • designed to build container images, inside a container or Kubernetes • gcr.io/kaniko-project/executor • image builds without the need of any privileges or dependencies • speed up your builds with caching • FROM via volume mount • layers via registry © white duck GmbH 2020
  • 15. img • open-source project started by Jess Frazelle • https://github.com/genuinetools/img • daemonless and unprivileged • based on BuildKit • Docker-like CLI • can also be executed within a Container • a bit inactive since 2018 © white duck GmbH 2020
  • 16. k3c • open-source project by Rancher • https://github.com/rancher/k3c • pretty new project, experimental! • “k3c, similar old school docker, is packaged as a single binary…” • allows to run and build container. full stop. • based on Container Runtime Interface (CRI), containerd and BuildKit © white duck GmbH 2020
  • 17. Docker rate-limiting (since Nov 2nd) • Free plan • anonymous users: 100 pulls per 6 hours (Source IP) • authenticated users: 200 pulls per 6 hours • Pro/Team plan – unlimited • free opt-in for OSS projects (unlimited pulls) • was introduced slowly • starting with 6000 pull per 6 hours • final limits are active since Nov 18 © white duck GmbH 2020
  • 18. Solutions • authenticate or opt-in for Pro/Team • docker login, imagePullSecrets, … • configure a registry mirror • run your own • https://docs.docker.com/registry/recipes/mirror/ • use GitLab Dependency Proxy • https://docs.gitlab.com/ee/user/packages/dependency_proxy/ • use mirror.gcr.io • https://cloud.google.com/container-registry/docs/pulling-cached-images © white duck GmbH 2020
  • 19. Solutions • Docker • authenticate via login • define registry mirror • Kaniko • use --registry-mirror to define registry mirror • Buildah • authenticate via login • rewrite default registry via registries.conf • Img • authenticate via login © white duck GmbH 2020
  • 20. Questions? Slides: https://www.slideshare.net/nmeisenzahl Nico Meisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2020