SlideShare a Scribd company logo

Look Ma' - Building Java and Go based container images without Dockerfiles

E
Eric Smalling

The document discusses container images, highlighting that they can be built without Dockerfiles using tools like Jib and Ko for Java and Go applications, respectively. It emphasizes best practices for image creation, the benefits of automation and simplicity, and potential downsides including security complacency and knowledge concentration. Resources and links for further learning are also provided.

Technology
1 of 36
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
NO DOCKERFILES! LOOK MA’… Photo by Chanaka from Pexels 
 https://www.pexels.com/photo/cargo-container-lot-906494/ @ERICSMALLING
LOOK MA’, NO DOCKERFILES! CONTAINER IMAGES 101 ▸ Images are just a collection of tarballs ▸ Base fi lesystem and environment info a container will start from ▸ Can contain metadata: i.e. annotations/labels ▸ Commonly build from Docker fi le syntax ▸ Stored in repositories in registries (DockerHub, GCR, ECR, Quay, Harbor, etc) ▸ Standardized format: OCI Photo by Frans van Heerden 
 https://www.pexels.com/photo/assorted-color-trailer-boxes-2881632/
LOOK MA’, NO DOCKERFILES! IMAGE LAYERS - FROM DOCKERFILE FROM maven:3-jdk-8-slim as build RUN mkdir /app/src WORKDIR /app/src COPY pom.xml pom.xml COPY src src RUN --mount=target=$HOME/.m2,type=cache mvn install FROM tomcat:8.5.21 RUN mkdir /tmp/extracted_files COPY web.xml /usr/local/tomcat/conf/web.xml COPY --from=build /app/src/target/myapp /usr/local/tomcat/webapps/myapp LABEL org.opencontainers.image.source=https://repo.mycorp.com/team-volton/redlion tomcat:8.5.21 /tmp/ extracted_files …/web.xml …/myapp LABEL org.opencontainers.i mage/source
LOOK MA’, NO DOCKERFILES! IMAGE BEST PRACTICES ▸ Minimize Footprint ▸ Layer Housekeeping ▸ Build strategies ▸ Organizational standards Photo by David McBee 
 https://www.pexels.com/photo/tilt-shift-lens-photography-of-red-crane-miniature-392031/
Photo by Yan Krukov from Pexels 
 https://www.pexels.com/photo/photo-of-woman-showing-frustrations-on-her-face-4458420/ I JUST WANT TO 
 BUILD MY APP!
LOOK MA’, NO DOCKERFILES! JIB AND KO https://github.com/GoogleContainerTools/jib ▸ Build OCI images for Java applications without a Docker daemon or Docker fi le. ▸ 100% Java implementation ▸ Plugins for Maven and Gradle ▸ Allows for organizational standards via parent POM inheritance. ▸ Opinionated defaults (can be overridden)
LOOK MA’, NO DOCKERFILES! JIB AND KO https://github.com/google/ko ▸ Build OCI images for Go applications without a Docker daemon or Docker fi le. ▸ ko wraps the go build tool ▸ Effectively slides in place of “go build” ▸ Allows for organizational standards via a .ko.yaml fi le ▸ Opinionated defaults (can be overridden ▸ Kubernetes integration ▸ SBOM creation & SigStore integration
LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER MVN PACKAGE .JAR DOCKER BUILD IMAGE .JAR DOCKER PUSH REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER DOCKERFILE
LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
LOOK MA’, NO DOCKERFILES! JIB MVN PACKAGE REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER
LOOK MA’, NO DOCKERFILES! JIB
LOOK MA’, NO DOCKERFILES! JIB
LOOK MA’, NO DOCKERFILES! JIB
LOOK MA’, NO DOCKERFILES! GO + DOCKER GO BUILD BIN DOCKER BUILD IMAGE BIN DOCKER PUSH REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER DOCKERFILE
LOOK MA’, NO DOCKERFILES! GO + DOCKER
LOOK MA’, NO DOCKERFILES! GO + DOCKER
LOOK MA’, NO DOCKERFILES! GO + DOCKER
LOOK MA’, NO DOCKERFILES! KO KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER
LOOK MA’, NO DOCKERFILES! KO
LOOK MA’, NO DOCKERFILES! KO
LOOK MA’, NO DOCKERFILES! KO KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) CONTAINER IMAGE . REKOR SBOM
LOOK MA’, NO DOCKERFILES! KO + K8S KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE REKOR SBOM KUBECTL .YAML
LOOK MA’, NO DOCKERFILES! KO + K8S KO APPLY REGISTRY IMAGE . IMAGE IMAGE IMAGE REKOR SBOM .YAML
LOOK MA’, NO DOCKERFILES! KO + K8S
LOOK MA’, NO DOCKERFILES! KO + K8S
PROS & CONS
LOOK MA’, NO DOCKERFILES! PROS ▸ Simplicity ▸ Hides complexity ▸ Developers can focus on their core strengths ▸ Streamlines processes Photo by Erik Geiger from Pexels 
 https://www.pexels.com/photo/close-up-on-engine-start-button-in-car-7085726/
LOOK MA’, NO DOCKERFILES! PROS ▸ Guidance & Governance ▸ Opinionated defaults reviewed by the open source community but overridable as needed ▸ Org / Team speci fi cs can be managed using existing tools (i.e. Parent POM) ▸ Fosters a culture of automation over manual tasks / tribal knowledge Photo by Nextvoyage 
 https://www.pexels.com/photo/brown-asphalt-road-beside-lake-730662/
LOOK MA’, NO DOCKERFILES! PROS ▸ Security ▸ Minimal images limit attack blast radius ▸ Automation produces deterministic results and is auditable ▸ Standardized processes limit human error Photo by Scott Webb 
 https://www.pexels.com/photo/two-gray-bullet-security-cameras-430208/
LOOK MA’, NO DOCKERFILES! CONS ▸ Black Box / Magic ▸ Abstracting away complexity can focus knowledge on a few, specialized people ▸ Lack of ability to troubleshoot container technologies because it’s not understood but the wider team ▸ Burnout of the few that do understand it ▸ Outages if nobody understands it Image by @docker (@laurelcomics ) 
 https://twitter.com/Docker/status/1239256807366934530
LOOK MA’, NO DOCKERFILES! CONS ▸ Security complacency ▸ With image creation “magically” happening, image scanning can get forgotten ▸ Vulnerabilities found in un-updated images, packages, libraries, etc can be missed ▸ Continuous scans via build scripts or other tooling can help. (automate, automate, automate) Image by @docker (@laurelcomics ) 
 https://twitter.com/Docker/status/1239256807366934530
LOOK MA’, NO DOCKERFILES! CONS ▸ Docker fi les are not that dif fi cult ▸ Syntax is pretty simple ▸ Best practices are well documented ▸ Linter’s and scanners exist to catch issues Image by @docker (@laurelcomics )
LOOK MA’, NO DOCKERFILES! RESOURCES ▸ jib: https://github.com/GoogleContainerTools/jib ▸ My blog: https://snyk.io/blog/building-java-container-images-using-jib/ 
 ▸ ko: https://github.com/google/ko ▸ Stanley Nguyen video: https://youtu.be/TpfKCE9uyCA 
 ▸ Docke fi le reference docs: https://docs.docker.com/engine/reference/builder/ 
 ▸ My blog on image annotations/labels: 
 https://snyk.io/blog/how-and-when-to-use-docker-labels-oci-container-annotations/ 
 ▸ Examples used in these slides: https://github.com/ericsmalling/alt-image-builders https://dockr.ly/TortoiseAcres @ERICSMALLING

More Related Content

PDF
Belfast JUG, Spring Boot & Docker
Hudson Mendes
 
PDF
BelfastJUG, Spring Boot + Docker
Hudson Mendes
 
PDF
Good - aDocker - Reference Materials.pdf
Kiran Kumar Bugude
 
PDF
Docker Demo @ IuK Seminar
Martin Scharm
 
PPTX
CNCF Québec Meetup du 16 Novembre 2023
Anthony Dahanne
 
PDF
Container and microservices: a love story
Thomas Rossetto
 
PDF
Thomas Rossetto - Container and microservices: a love story - Codemotion Mila...
Codemotion
 
PDF
Docker introduction
Julien Maitrehenry
 
Belfast JUG, Spring Boot & Docker
Hudson Mendes
 
BelfastJUG, Spring Boot + Docker
Hudson Mendes
 
Good - aDocker - Reference Materials.pdf
Kiran Kumar Bugude
 
Docker Demo @ IuK Seminar
Martin Scharm
 
CNCF Québec Meetup du 16 Novembre 2023
Anthony Dahanne
 
Container and microservices: a love story
Thomas Rossetto
 
Thomas Rossetto - Container and microservices: a love story - Codemotion Mila...
Codemotion
 
Docker introduction
Julien Maitrehenry
 

Similar to Look Ma' - Building Java and Go based container images without Dockerfiles (20)

PDF
Microservices, la risposta che (forse) cercavi!
Commit University
 
PDF
Docker workshop
Michał Kurzeja
 
PPTX
Wordpress + Woocommerce Dockerization.pptx
Srikanth Mattihalli
 
PDF
What is this "docker"
Jean-Marc Meessen
 
PDF
Dockerizing Meteor - 6th Meteor Meetup Seoul
Jaigouk Kim
 
PDF
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Codemotion
 
PDF
CI/CD with Kubernetes, Helm & Wercker (#madScalability)
Diacode
 
PDF
Security as Code in Docker Ecosystem for Cloud Native Apps
enlamp
 
PPTX
Containers for sensor web services, applications and research @ Sensor Web Co...
Daniel Nüst
 
PDF
Docker Introduction.pdf
OKLABS
 
PDF
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDays Riga
 
PDF
Docker by Example - Basics
CodeOps Technologies LLP
 
PDF
Streamline your development environment with docker
Giacomo Bagnoli
 
PPTX
Java microservicesdockerdockerhubusecase2
Subramanyam Vemala
 
PPTX
Docker & Diego - good friends or not? | anynines
anynines GmbH
 
PDF
Workshop Docker for DSpace
Pascal-Nicolas Becker
 
PDF
Docker in Action
Alper Kanat
 
PPTX
No more Dockerfiles? Buildpacks to help you ship your image!
Anthony Dahanne
 
PDF
Lesson Learned from Using Docker Swarm at Pronto
Kan Ouivirach, Ph.D.
 
PDF
Let's Do Bad Things to Unsecured Containers
Gene Gotimer
 
Microservices, la risposta che (forse) cercavi!
Commit University
 
Docker workshop
Michał Kurzeja
 
Wordpress + Woocommerce Dockerization.pptx
Srikanth Mattihalli
 
What is this "docker"
Jean-Marc Meessen
 
Dockerizing Meteor - 6th Meteor Meetup Seoul
Jaigouk Kim
 
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Codemotion
 
CI/CD with Kubernetes, Helm & Wercker (#madScalability)
Diacode
 
Security as Code in Docker Ecosystem for Cloud Native Apps
enlamp
 
Containers for sensor web services, applications and research @ Sensor Web Co...
Daniel Nüst
 
Docker Introduction.pdf
OKLABS
 
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDays Riga
 
Docker by Example - Basics
CodeOps Technologies LLP
 
Streamline your development environment with docker
Giacomo Bagnoli
 
Java microservicesdockerdockerhubusecase2
Subramanyam Vemala
 
Docker & Diego - good friends or not? | anynines
anynines GmbH
 
Workshop Docker for DSpace
Pascal-Nicolas Becker
 
Docker in Action
Alper Kanat
 
No more Dockerfiles? Buildpacks to help you ship your image!
Anthony Dahanne
 
Lesson Learned from Using Docker Swarm at Pronto
Kan Ouivirach, Ph.D.
 
Let's Do Bad Things to Unsecured Containers
Gene Gotimer
 
Ad

More from Eric Smalling (20)

PDF
DockerCon 2023 - Live Demo_Hardening Against Kubernetes Hacks.pdf
Eric Smalling
 
PDF
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
Eric Smalling
 
PDF
ATO 2022 - Why should devs care about container security.pdf
Eric Smalling
 
PDF
KubeCon NA 2022 - Hardening against Kubernetes Hacks.pdf
Eric Smalling
 
PDF
DevOpsDays Chicago 2022 - Hands-on hacking containers and ways to prevent it
Eric Smalling
 
PDF
Container Stranger Danger - Why should devs care about container security
Eric Smalling
 
PDF
SCaLE 19x - Eric Smalling - Hardening against Kubernetes Hacks
Eric Smalling
 
PDF
DockerCon 2022 - From legacy to Kubernetes, securely & quickly
Eric Smalling
 
PDF
Python Web Conference 2022 - Why should devs care about container security.pdf
Eric Smalling
 
PDF
Why should developers care about container security?
Eric Smalling
 
PDF
AWS live hack: Docker + Snyk Container on AWS
Eric Smalling
 
PDF
AWS live hack: Atlassian + Snyk OSS on AWS
Eric Smalling
 
PDF
Hacking into your containers, and how to stop it!
Eric Smalling
 
PDF
DevSecCon Lightning 2021- Container defaults are a hackers best friend
Eric Smalling
 
PDF
LFX Nov 16, 2021 - Find vulnerabilities before security knocks on your door
Eric Smalling
 
PDF
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
Eric Smalling
 
PDF
IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...
Eric Smalling
 
PDF
Best Practices for Developing & Deploying Java Applications with Docker
Eric Smalling
 
PDF
Docker 101 Workshop slides (JavaOne 2017)
Eric Smalling
 
PPTX
Simply your Jenkins Projects with Docker Multi-Stage Builds
Eric Smalling
 
DockerCon 2023 - Live Demo_Hardening Against Kubernetes Hacks.pdf
Eric Smalling
 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
Eric Smalling
 
ATO 2022 - Why should devs care about container security.pdf
Eric Smalling
 
KubeCon NA 2022 - Hardening against Kubernetes Hacks.pdf
Eric Smalling
 
DevOpsDays Chicago 2022 - Hands-on hacking containers and ways to prevent it
Eric Smalling
 
Container Stranger Danger - Why should devs care about container security
Eric Smalling
 
SCaLE 19x - Eric Smalling - Hardening against Kubernetes Hacks
Eric Smalling
 
DockerCon 2022 - From legacy to Kubernetes, securely & quickly
Eric Smalling
 
Python Web Conference 2022 - Why should devs care about container security.pdf
Eric Smalling
 
Why should developers care about container security?
Eric Smalling
 
AWS live hack: Docker + Snyk Container on AWS
Eric Smalling
 
AWS live hack: Atlassian + Snyk OSS on AWS
Eric Smalling
 
Hacking into your containers, and how to stop it!
Eric Smalling
 
DevSecCon Lightning 2021- Container defaults are a hackers best friend
Eric Smalling
 
LFX Nov 16, 2021 - Find vulnerabilities before security knocks on your door
Eric Smalling
 
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
Eric Smalling
 
IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...
Eric Smalling
 
Best Practices for Developing & Deploying Java Applications with Docker
Eric Smalling
 
Docker 101 Workshop slides (JavaOne 2017)
Eric Smalling
 
Simply your Jenkins Projects with Docker Multi-Stage Builds
Eric Smalling
 
Ad

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Cloud computing and distributed systems.
kkkkkhan
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 

Look Ma' - Building Java and Go based container images without Dockerfiles

  • 1. NO DOCKERFILES! LOOK MA’… Photo by Chanaka from Pexels 
 https://www.pexels.com/photo/cargo-container-lot-906494/ @ERICSMALLING
  • 2. LOOK MA’, NO DOCKERFILES! CONTAINER IMAGES 101 ▸ Images are just a collection of tarballs ▸ Base fi lesystem and environment info a container will start from ▸ Can contain metadata: i.e. annotations/labels ▸ Commonly build from Docker fi le syntax ▸ Stored in repositories in registries (DockerHub, GCR, ECR, Quay, Harbor, etc) ▸ Standardized format: OCI Photo by Frans van Heerden 
 https://www.pexels.com/photo/assorted-color-trailer-boxes-2881632/
  • 3. LOOK MA’, NO DOCKERFILES! IMAGE LAYERS - FROM DOCKERFILE FROM maven:3-jdk-8-slim as build RUN mkdir /app/src WORKDIR /app/src COPY pom.xml pom.xml COPY src src RUN --mount=target=$HOME/.m2,type=cache mvn install FROM tomcat:8.5.21 RUN mkdir /tmp/extracted_files COPY web.xml /usr/local/tomcat/conf/web.xml COPY --from=build /app/src/target/myapp /usr/local/tomcat/webapps/myapp LABEL org.opencontainers.image.source=https://repo.mycorp.com/team-volton/redlion tomcat:8.5.21 /tmp/ extracted_files …/web.xml …/myapp LABEL org.opencontainers.i mage/source
  • 4. LOOK MA’, NO DOCKERFILES! IMAGE BEST PRACTICES ▸ Minimize Footprint ▸ Layer Housekeeping ▸ Build strategies ▸ Organizational standards Photo by David McBee 
 https://www.pexels.com/photo/tilt-shift-lens-photography-of-red-crane-miniature-392031/
  • 5. Photo by Yan Krukov from Pexels 
 https://www.pexels.com/photo/photo-of-woman-showing-frustrations-on-her-face-4458420/ I JUST WANT TO 
 BUILD MY APP!
  • 6. LOOK MA’, NO DOCKERFILES! JIB AND KO https://github.com/GoogleContainerTools/jib ▸ Build OCI images for Java applications without a Docker daemon or Docker fi le. ▸ 100% Java implementation ▸ Plugins for Maven and Gradle ▸ Allows for organizational standards via parent POM inheritance. ▸ Opinionated defaults (can be overridden)
  • 7. LOOK MA’, NO DOCKERFILES! JIB AND KO https://github.com/google/ko ▸ Build OCI images for Go applications without a Docker daemon or Docker fi le. ▸ ko wraps the go build tool ▸ Effectively slides in place of “go build” ▸ Allows for organizational standards via a .ko.yaml fi le ▸ Opinionated defaults (can be overridden ▸ Kubernetes integration ▸ SBOM creation & SigStore integration
  • 8. LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER MVN PACKAGE .JAR DOCKER BUILD IMAGE .JAR DOCKER PUSH REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER DOCKERFILE
  • 9. LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
  • 10. LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
  • 11. LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
  • 12. LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
  • 13. LOOK MA’, NO DOCKERFILES! JIB MVN PACKAGE REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER
  • 14. LOOK MA’, NO DOCKERFILES! JIB
  • 15. LOOK MA’, NO DOCKERFILES! JIB
  • 16. LOOK MA’, NO DOCKERFILES! JIB
  • 17. LOOK MA’, NO DOCKERFILES! GO + DOCKER GO BUILD BIN DOCKER BUILD IMAGE BIN DOCKER PUSH REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER DOCKERFILE
  • 18. LOOK MA’, NO DOCKERFILES! GO + DOCKER
  • 19. LOOK MA’, NO DOCKERFILES! GO + DOCKER
  • 20. LOOK MA’, NO DOCKERFILES! GO + DOCKER
  • 21. LOOK MA’, NO DOCKERFILES! KO KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER
  • 22. LOOK MA’, NO DOCKERFILES! KO
  • 23. LOOK MA’, NO DOCKERFILES! KO
  • 24. LOOK MA’, NO DOCKERFILES! KO KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) CONTAINER IMAGE . REKOR SBOM
  • 25. LOOK MA’, NO DOCKERFILES! KO + K8S KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE REKOR SBOM KUBECTL .YAML
  • 26. LOOK MA’, NO DOCKERFILES! KO + K8S KO APPLY REGISTRY IMAGE . IMAGE IMAGE IMAGE REKOR SBOM .YAML
  • 27. LOOK MA’, NO DOCKERFILES! KO + K8S
  • 28. LOOK MA’, NO DOCKERFILES! KO + K8S
  • 30. LOOK MA’, NO DOCKERFILES! PROS ▸ Simplicity ▸ Hides complexity ▸ Developers can focus on their core strengths ▸ Streamlines processes Photo by Erik Geiger from Pexels 
 https://www.pexels.com/photo/close-up-on-engine-start-button-in-car-7085726/
  • 31. LOOK MA’, NO DOCKERFILES! PROS ▸ Guidance & Governance ▸ Opinionated defaults reviewed by the open source community but overridable as needed ▸ Org / Team speci fi cs can be managed using existing tools (i.e. Parent POM) ▸ Fosters a culture of automation over manual tasks / tribal knowledge Photo by Nextvoyage 
 https://www.pexels.com/photo/brown-asphalt-road-beside-lake-730662/
  • 32. LOOK MA’, NO DOCKERFILES! PROS ▸ Security ▸ Minimal images limit attack blast radius ▸ Automation produces deterministic results and is auditable ▸ Standardized processes limit human error Photo by Scott Webb 
 https://www.pexels.com/photo/two-gray-bullet-security-cameras-430208/
  • 33. LOOK MA’, NO DOCKERFILES! CONS ▸ Black Box / Magic ▸ Abstracting away complexity can focus knowledge on a few, specialized people ▸ Lack of ability to troubleshoot container technologies because it’s not understood but the wider team ▸ Burnout of the few that do understand it ▸ Outages if nobody understands it Image by @docker (@laurelcomics ) 
 https://twitter.com/Docker/status/1239256807366934530
  • 34. LOOK MA’, NO DOCKERFILES! CONS ▸ Security complacency ▸ With image creation “magically” happening, image scanning can get forgotten ▸ Vulnerabilities found in un-updated images, packages, libraries, etc can be missed ▸ Continuous scans via build scripts or other tooling can help. (automate, automate, automate) Image by @docker (@laurelcomics ) 
 https://twitter.com/Docker/status/1239256807366934530
  • 35. LOOK MA’, NO DOCKERFILES! CONS ▸ Docker fi les are not that dif fi cult ▸ Syntax is pretty simple ▸ Best practices are well documented ▸ Linter’s and scanners exist to catch issues Image by @docker (@laurelcomics )
  • 36. LOOK MA’, NO DOCKERFILES! RESOURCES ▸ jib: https://github.com/GoogleContainerTools/jib ▸ My blog: https://snyk.io/blog/building-java-container-images-using-jib/ 
 ▸ ko: https://github.com/google/ko ▸ Stanley Nguyen video: https://youtu.be/TpfKCE9uyCA 
 ▸ Docke fi le reference docs: https://docs.docker.com/engine/reference/builder/ 
 ▸ My blog on image annotations/labels: 
 https://snyk.io/blog/how-and-when-to-use-docker-labels-oci-container-annotations/ 
 ▸ Examples used in these slides: https://github.com/ericsmalling/alt-image-builders https://dockr.ly/TortoiseAcres @ERICSMALLING