Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Consider building container images with ko #9

Open
imiric opened this issue Apr 22, 2024 · 1 comment
Open

Consider building container images with ko #9

imiric opened this issue Apr 22, 2024 · 1 comment
Labels
low prio
Milestone
Long-term

Comments

@imiric
Copy link
Contributor

imiric commented Apr 22, 2024

ko is a container image builder for Go programs that simplifies the process of building minimal and secure images. It uses distroless images as base, embeds SBOMs, and builds multi-platform images.

Currently Disco's images are built by Earthly, and use Ubuntu 24.04 as base. Moving to distroless would be more secure, simplify the build process, and reduce the image size considerably from the current ~140MB. SBOMs would be good to have as well.

I tried using distroless images in Earthly, but there's a blocking issue. There might be a workaround for it.

A potential blocker for adopting ko is that it also builds the Go binaries, which I would like to avoid, since the current build.sh script is simple and does what I need. It doesn't seem possible to use existing binaries and just building images with ko.

There are some alternatives:

  • Abandon the build.sh script, build images with ko, extract the binaries from the images, and build the packages using the same binaries. It's a bit hacky, but could work.
  • Use GoReleaser instead. I'm not a fan of it, and would rather not. It does support building images, and even supports ko, but has the same drawback of ko re-building the binaries. So this doesn't seem like an option.
imiric added a commit that referenced this issue Apr 22, 2024
@imiric
ci: use distroless Debian image as base
7fad39d 
I managed to workaround building a distroless image with Earthly, and
this produces a slim 20MB image. :)

It also adds a volume for Disco data. I'll document a recommended workflow
with Podman shortly.

Part of #9
imiric added a commit that referenced this issue Apr 22, 2024
@imiric
ci: use distroless Debian image as base
160595b 
I managed to workaround building a distroless image with Earthly, and
this produces a slim 20MB image. :)

It also adds a volume for Disco data. I'll document a recommended workflow
with Podman shortly.

Part of #9
@imiric
Copy link
Contributor Author

imiric commented Apr 23, 2024

Since v0.1.1, images now use distroless/static-debian12 as base, so there's less of an urgency to switch to ko. If we can also embed SBOMs manually, we can close this issue as unplanned, but I'll leave it open in the meantime.

@imiric imiric added this to the Long-term milestone Apr 23, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
low prio
Projects
None yet
Milestone
Long-term
Development

No branches or pull requests
1 participant
@imiric