advanced techniques for building container images
play

Advanced Techniques for Building Container Images Adrian Mouat - PowerPoint PPT Presentation

Dec 30, 2023 •559 likes •1.01k views

Advanced Techniques for Building Container Images Adrian Mouat @adrianmouat info@container-solutions.com www.container-solutions.com Photo by Kevin Wood Docker Build, Ship, Run Build overshadowed by orchestration Recent focus

  1. Advanced Techniques for Building Container Images Adrian Mouat @adrianmouat info@container-solutions.com www.container-solutions.com Photo by Kevin Wood

  2. Docker ■ Build, Ship, Run ■ Build overshadowed by orchestration ■ Recent focus on deployment not development @adrianmouat

  3. Container Native Development Using docker build instead of locally installed language tooling @adrianmouat

  4. Python Dev with Docker ■ Replace virtualenv ■ Use volumes for live development ■ Portable ■ Reproducible

  5. Go Dev with Docker ■ Still advantages ○ No installation ○ Consistent env ○ Easy for end users ■ But a killer disadvantage... @adrianmouat

  6. Photo by Jürgen Schoner

  7. Docker Build Problems ■ Slower than local compilation ■ Simplistic caching ■ Requires root ■ Secrets ■ Dockerfile stopped evolving @adrianmouat

  8. Enter BuildKit ■ Fundamental rewrite of backend ■ Still client server model ○ (but see img by Jessie Frazelle) ■ Intermediate representation ○ LLB @adrianmouat

  9. Low Level Builder (LLB) ■ Intermediate format for compiler ○ Dockerfiles etc are really code ■ Similar idea to LLVM IR ○ Also Java bytecode, .NET CIL ■ Forms a Graph (DAG) @adrianmouat

  10. Simple Chain FROM debian:jessie RUN apt-get update RUN apt-get install -y cowsay fortune COPY entrypoint.sh / ENTRYPOINT ["/entrypoint.sh"] @adrianmouat

  11. Graph @adrianmouat

  12. Frontends ■ Source that compiles to LLB ■ New dockerfile frontend ■ Handful of others ■ Essential to exploit parallelism @adrianmouat

  13. Other Highlights ■ New mount options ■ Output formats ■ Distributable workers ■ Cross-compilation ■ Rootless execution ■ bake @adrianmouat

  14. Dev Speed Contest ■ go build vs docker build ■ Runc project @adrianmouat

  16. Close Enough? ■ Maybe ■ Definitely for occasional bug fixes ■ Maybe not for full-time @adrianmouat

  17. IDEs ■ Incremental compilation ■ Could IDEs use containers? ○ Team gets same settings and libs @adrianmouat

  18. Other New Stuff

  19. Mount Options ■ We’ve seen cache. Also ○ bind ■ Volume from build context, read-only ○ tmpfs ■ In-memory @adrianmouat

  20. Mount Options ■ secret and ssh ■ Allow sensitive date to be used but not leaked in final image ■ Requires build arguments as well Dockerfile changes @adrianmouat

  21. secret Example # syntax = docker/dockerfile:experimental FROM python:3 RUN pip install awscli RUN --mount=type=secret,id=aws,target=/root/.aws/credentials aws s3 cp s3://... ... ■ docker build --secret id=aws,src=$HOME/.aws/credentials \ -t my/image . @adrianmouat

  22. More cache ■ --cache-from ○ Load cache from existing image! https://asciinema.org/a/bZrOoCDK6oChNYfYD8QlY8crB @adrianmouat

  23. buildx ■ Buildx is an experimental plugin for Docker ■ Effectively separate binary ○ Standalone buildkit ■ Can talk to multiple builder instances ■ Instances can be Docker or buildkit ■ Also some new commands @adrianmouat

  24. buildx $ docker buildx --help Usage: docker buildx COMMAND Build with BuildKit Management Commands: imagetools Commands to work on images in registry Commands: bake Build from a file build Start a build create Create a new builder instance inspect Inspect current builder instance ls List builder instances rm Remove a builder instance stop Stop builder instance use Set the current builder instance version Show buildx version information @adrianmouat

  25. buildx $ docker buildx ls NAME/NODE DRIVER/ENDPOINT STATUS PLATFORMS second-build docker-container second-build0 unix:///var/run/docker.sock inactive default * docker default default running linux/amd64, linux/arm64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6 ... @adrianmouat

  26. So distributed builds? ■ Not quite ■ Instances support different platforms ○ different builders for arm etc ■ But not one build across multiple instances :( @adrianmouat

  27. Multiplatform Builds ■ docker build --platform=linux/arm64 . ■ Works, assuming your base images support arm64 etc ■ By default, uses QEMU under the hood ■ Can list multiple platforms ■ Or use buildx instances for given platforms… ■ Can also use language tooling! @adrianmouat

  28. Concurrent Builds ■ Exploit parallelism in LLB DAG ■ With Dockerfile, can use multistage builds ■ True parallelism requires more intelligent front ends @adrianmouat

  29. Bake ■ Personally, I hate Make ■ But shell scripts and Makefiles are common with Docker ■ Calling docker build from Make usually sequential

  30. Enter Bake group “default” { targets = [“db”, “webapp-dev”] } target “webapp-dev” { dockerfile = "Dockerfile.webapp" tags = ["docker.io/username/webapp"] } target “webapp-release” { inherits = [“webapp-dev”] platforms = [“linux/amd64”, “linux/arm64”] } @adrianmouat

  31. Bake ■ docker buildx bake ■ docker buildx bake release ■ docker buildx bake test validate lint ■ docker buildx bake binaries-cross ■ docker buildx bake help @adrianmouat

  32. Conclusion ■ Way we deploy and run software has changed ○ Microservices ○ Kubernetes ○ Service Mesh ○ Observability @adrianmouat

  33. Conclusion ■ Way we develop and build has changed ○ But further to go ○ Container Native? ■ LLB frontends, IDE integration ○ Cluster Native? ■ Tilt, Skaffold, Draft ■ Darklang @adrianmouat

  34. References ■ DockerCon presentation on buildkit internals and frontends by Tonis Tiigi and Matt Rickard ○ https://www.youtube.com/watch?v=x5zDN9_c-k4 ○ https://docs.google.com/presentation/d/1maienHIl8FtCmTcx8QFb_i eM9ElDoOY1HrX8YnsxvRQ/ ■ Mockerfile blog https://matt-rickard.com/building-a-new-dockerfile-frontend/ ■ Buildkit https://github.com/moby/buildkit/ ■ Solver design https://github.com/moby/buildkit/blob/master/docs/solver.md @adrianmouat

  35. New Docker Build Stuff ■ Turn on with export DOCKER_BUILDKIT=1 ○ Assuming using 19.03

  36. Old Style Output $ docker build --no-cache -f Dockerfile.debug . Sending build context to Docker daemon 10.46MB Step 1/30 : FROM rust:latest as builder ---> 385005cad312 Step 2/30 : RUN rustup update nightly && rustup default nightly; ---> Running in b7ae81349a22 ...

  37. New Style Output

  38. Custom Outputs ■ What if you want a binary or other artifact e.g. pdf? ■ Traditionally have to use docker cp ■ Now we can do something like: docker build --output . .

  39. Mockerfile Example ■ https://matt-rickard.com/building-a-new-docke rfile-frontend/ ■ https://github.com/r2d4/mockerfile/blob/mast er/Mockerfile.yaml

  40. Development Mitch Denny The Inner Loop https://mitchdenny.com/the-inner-loop/

  41. Mitch Denny The Inner Loop https://mitchdenny.com/the-inner-loop/

  42. Build? Code Tes t

  43. Code Tes Build t

  44. Can Docker be in the Loop?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

diskimage-builder: Building Linux Images for Cloud / Virtualization / Container Lets start

diskimage-builder: Building Linux Images for Cloud / Virtualization / Container Lets start

diskimage-builder: Building Linux Images for Cloud / Virtualization / Container Lets start with a little bit of history: Once upon a time... About the Author Andreas Florath andreas@florath.net Mathematician (RWTH Aachen) Currently

902 views • 27 slides
Advanced Election Techniques in Rings Eero Hkkinen 2007-02-21 Advanced Election Techniques in

Advanced Election Techniques in Rings Eero Hkkinen 2007-02-21 Advanced Election Techniques in

Advanced Election Techniques in Rings T-79.4001 Seminar on Theoretical Computer Science Spring 2007 Distributed Computation Advanced Election Techniques in Rings Eero Hkkinen 2007-02-21 Advanced Election Techniques in Rings Rings

435 views • 20 slides
Lazy distribution of container images Current implementation status of containerd remote

Lazy distribution of container images Current implementation status of containerd remote

FOSDEM (February 1, 2020) Lazy distribution of container images Current implementation status of containerd remote snapshotter Akihiro Suda Credit to Kohei Tokunaga (NTT) for containerd impl. & benchmark scripts Summary Run containers

579 views • 35 slides
Bare Metal Container National Institute of Advanced Industrial Science and Technology(AIST)

Bare Metal Container National Institute of Advanced Industrial Science and Technology(AIST)

Bare Metal Container National Institute of Advanced Industrial Science and Technology(AIST) Kuniyasu Suzaki 1 Contents Background of BMC Drawbacks of container, general kernel, and accounting. What is BMC? Current

837 views • 34 slides
Advanced Synthesis Techniques Ramine Roane Advanced Synthesis Techniques Reminder From Last Year

Advanced Synthesis Techniques Ramine Roane Advanced Synthesis Techniques Reminder From Last Year

Advanced Synthesis Techniques Ramine Roane Advanced Synthesis Techniques Reminder From Last Year Use UltraFast Design Methodology for Vivado www.xilinx.com/ultrafast Recommendations for Rapid Closure HDL : use HDL Language

312 views • 27 slides
DISASTER RELIEF CENTER 2x Accommodation Container 2x Sanitary Container 1x

DISASTER RELIEF CENTER 2x Accommodation Container 2x Sanitary Container 1x

DISASTER RELIEF CENTER 2x Accommodation Container 2x Sanitary Container 1x Galley Container 1x Medical Container 1x Feed Water Container 1x Water Treatment Container 2x Generator Container 1x

569 views • 8 slides
Advanced Animation [Boukhayma 2015] Topics 1. Advanced & non-rigid capture techniques 2.

Advanced Animation [Boukhayma 2015] Topics 1. Advanced & non-rigid capture techniques 2.

Advanced Animation [Boukhayma 2015] Topics 1. Advanced & non-rigid capture techniques 2. Data driven content reanimation 3. Layered animation models for complex scenes 2 Advanced & non-rigid capture techniques 3 Remember: Motion

637 views • 42 slides
Docker Review Basic Commands docker image ls # list images currently present locally docker

Docker Review Basic Commands docker image ls # list images currently present locally docker

Docker Review Basic Commands docker image ls # list images currently present locally docker container ls # list running containers docker run <image_name> # run an image as a container docker exec <container> <command> # run a

1.1k views • 6 slides
Next Generation Tools for container technology Dan Walsh @rhatdan Please Stand Please read out

Next Generation Tools for container technology Dan Walsh @rhatdan Please Stand Please read out

Next Generation Tools for container technology Dan Walsh @rhatdan Please Stand Please read out loud all text in RED I Promise To say Container Registries Rather than Docker registries I Promise To say Container Images Rather than

1.36k views • 86 slides
Using recent global illumination techniques, it is possible to render realistic images as shown

Using recent global illumination techniques, it is possible to render realistic images as shown

Using recent global illumination techniques, it is possible to render realistic images as shown here. Global illumination techniques are typically based on Monte Carlo method, which are further classified into unbiased methods and biased

1.28k views • 96 slides
Physics Analysis with Advanced Data Mining Techniques Hai-Jun Yang University of Michigan, Ann

Physics Analysis with Advanced Data Mining Techniques Hai-Jun Yang University of Michigan, Ann

Physics Analysis with Advanced Data Mining Techniques Hai-Jun Yang University of Michigan, Ann Arbor CCAST Workshop Beijing, November 6-10, 2006 Outline Why Advanced Techniques ? Artificial Neural Networks (ANN) Boosted Decision

986 views • 54 slides
Organization of Course Many computer graphics techniques use real images in lecture 20 some way.

Organization of Course Many computer graphics techniques use real images in lecture 20 some way.

Organization of Course Many computer graphics techniques use real images in lecture 20 some way. 1: Viewing transformations Image Compositing We have seen several examples 2: Visibility, geometry modelling - scanned 3D models - texture

98 views • 5 slides
Advanced Compiler Techniques 2004-03-19 08:51 Foundations of Dataflow Analysis This lecture is

Advanced Compiler Techniques 2004-03-19 08:51 Foundations of Dataflow Analysis This lecture is

Advanced Compiler Techniques 2004-03-19 08:51 Foundations of Dataflow Analysis This lecture is primarily based on Konstantinos Sagonas set of slides (Advanced ed Co Compiler er T Techniques es , (2AD518) at Uppsala University,

932 views • 25 slides
Container Library and FUSE Container File System Softwarepraktikum f ur Fortgeschrittene

Container Library and FUSE Container File System Softwarepraktikum f ur Fortgeschrittene

Introduction Container Library Container Tools FUSE Container File System Evaluation Container Library and FUSE Container File System Softwarepraktikum f ur Fortgeschrittene Michael Kuhn Parallele und Verteilte Systeme Institut f ur

353 views • 22 slides
Virtual Machines & Interpretation Techniques Advanced Compiler Techniques 2004 Erik Stenman

Virtual Machines & Interpretation Techniques Advanced Compiler Techniques 2004 Erik Stenman

Virtual Machines & Interpretation Techniques Advanced Compiler Techniques 2004 Erik Stenman Partially based on slides from Kostis Sagonas (http://user.it.uu.se/~kostis/Teaching/KT2-04/) and Antero Taivalsaari

737 views • 57 slides
ADVANCED MACHINE LEARNING Non-linear regression techniques 1 1 ADVANCED MACHINE LEARNING

ADVANCED MACHINE LEARNING Non-linear regression techniques 1 1 ADVANCED MACHINE LEARNING

ADVANCED MACHINE LEARNING ADVANCED MACHINE LEARNING Non-linear regression techniques 1 1 ADVANCED MACHINE LEARNING Regression: Principle N Map N-dim. input x to a continuous output y . Learn a function of the type:

1.29k views • 61 slides
OpenCL Kernel Compilation Slides taken from Hands On OpenCL by Simon McIntosh-Smith, Tom Deakin,

OpenCL Kernel Compilation Slides taken from Hands On OpenCL by Simon McIntosh-Smith, Tom Deakin,

OpenCL Kernel Compilation Slides taken from Hands On OpenCL by Simon McIntosh-Smith, Tom Deakin, James Price, Tim Mattson and Benedict Gaster under the "attribution CC BY" creative commons license. Shipping OpenCL Kernels OpenCL

549 views • 26 slides
CMS IO Overview Brian Bockelman Scalable IO Workshop Topics I Want to Cover Goal for today is

CMS IO Overview Brian Bockelman Scalable IO Workshop Topics I Want to Cover Goal for today is

CMS IO Overview Brian Bockelman Scalable IO Workshop Topics I Want to Cover Goal for today is to do as broad an overview of CMS IO as possible: Outline what CMS Computing actually does. Characterize our workflows in terms

521 views • 26 slides
Preparation of the experimental data before evaluation using online tools Viktor Zerkin

Preparation of the experimental data before evaluation using online tools Viktor Zerkin

Preparation of the experimental data before evaluation using online tools Viktor Zerkin International Atomic Energy Agency, Nuclear Data Section Joint ICTP-IAEA Workshop on Nuclear Reaction Data for Nuclear Power Applications Trieste, Italy,

688 views • 45 slides
Graph Databases Marco Serafini COMPSCI 532 Lecture 10 Graph DB Use cases Social network

Graph Databases Marco Serafini COMPSCI 532 Lecture 10 Graph DB Use cases Social network

Graph Databases Marco Serafini COMPSCI 532 Lecture 10 Graph DB Use cases Social network queries E.g. Facebook stores the entire metadata in a social graph Network security Find sequence of steps that lead to intrusion

320 views • 18 slides
Beyond the PDF in Empirical Economic Research Richard Ball Associate Professor of

Beyond the PDF in Empirical Economic Research Richard Ball Associate Professor of

Beyond the PDF in Empirical Economic Research Richard Ball Associate Professor of Economics Haverford College rball@haverford.edu Presented at the ASSA Annual Meetings San Francisco, January 5, 2016 This work is supported by a grant from

548 views • 20 slides
Diving into Kotlin Multiplatform Dimitry Savvinov @dsavvinov October 14, 2020 Disclaimer A

Diving into Kotlin Multiplatform Dimitry Savvinov @dsavvinov October 14, 2020 Disclaimer A

Kotlin 1.4 Online Event Diving into Kotlin Multiplatform Dimitry Savvinov @dsavvinov October 14, 2020 Disclaimer A lot of internals ahead: Information is this talk might become outdated in the future The actual documentation is

1.19k views • 55 slides
SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust

SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust

Introduction Record computation PGP/GPG Impersonation Conclusion SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust Gatan Leurent Thomas Peyrin Inria, France NTU, Singapore Real World Crypto

1.29k views • 25 slides
Image and Video Coding: Representation, Acquisition, Display ... 10011 ... encoder decoder

Image and Video Coding: Representation, Acquisition, Display ... 10011 ... encoder decoder

Image and Video Coding: Representation, Acquisition, Display ... 10011 ... encoder decoder Representation Formats Representation Formats ... 10011 ... encoder decoder representation format bitstream representation format Raw Data Formats

1.09k views • 43 slides

More recommend