Chainguard Academy provides distroless images for us to use. Most of their images are provided free. However, most of the specific versions and the FIPS versions are for paid channels.

Fortunately, they are kind enough for us to build one ourselves using their tool: apko.

Install APKO

APKO can be run by using Docker or you could just install it by yourself.

1
go install chainguard.dev/apko@latest

Or, download from Releases page.

Using APKO

It uses a simple YAML file for configuration. For example, I am trying to build Python 3.11 image. The YAML file:

1
contents:
2
  keyring:
3
    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
4
  repositories:
5
    - https://packages.wolfi.dev/os
6
  packages:
7
    - ca-certificates-bundle
8
    - python-3.11
9

10
entrypoint:
11
  command:      /usr/bin/python
12

13
environment:
14
  PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
15
  SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
16

17
archs:
18
  - x86_64

Build with APKO

Using Commandline

1
apko build python-base.yaml python-base:edge python-base.tar

Using Docker

1
docker run -v "$PWD":/work cgr.dev/chainguard/apko build python-base.yaml python-base:edge python-base.tar

Import to Docker

1
docker load < python-base.tar

Chainguard Academy also provides a packaging system: Melange. I’m interested to build and package my app using that and integrate with apko.

References

APKO Github page

Building Distroless image with APKO

Install APKO

Using APKO

Build with APKO

Using Commandline

Using Docker

Import to Docker

Next

References

Building Distroless image with APKO

Install APKO

Using APKO

Build with APKO

Using Commandline

Using Docker

Import to Docker

Next

References

Related Articles

Hyprland Keybindings Cheat Sheet

Bun Sets Specific Platform on Install

Run Electron on Wayland