I love seeing folks learn that container images are just fancy tar files and JSON and are therefore buildable by normal tools.<p>Along my own journey of demystification I made a few toy container image registries over the years that generated and served container images from nothing but the URL itself:<p><a href="https://ko.kontain.me" rel="nofollow">https://ko.kontain.me</a> builds a go application on demand and serves it atop a minimal base image<p><a href="https://apko.kontain.me" rel="nofollow">https://apko.kontain.me</a> builds a base image containing packages listed in the URL, again on demand.<p>The latest addition, <a href="https://git.kontain.me" rel="nofollow">https://git.kontain.me</a> serves an image with the specified git repo already checked out in the image.<p>None of these should be used for anything serious but they were fun to make and play with. :)<p>random.kontain.me has been uncharacteristically useful in debugging image caching scenarios.
Interesting... but also the "power" from container is precisely that the description itself, i.e. the Dockerfile, is sufficient. So I'm not sure what the main advantage of either providing the image itself via a registry or providing just the Dockerfile with the base image to another registry then adding steps add.
An image is immutable, many Dockerfiles are not idempotent. Running them multiple times at different times can lead to different results easily.<p>Building every time takes a lot of time. Both on download and execution time.<p>Also when building an image you may need to have access to resources that are unavailable where you actually want to run the image. So I see definitely reason for both to exist.<p>Or am I misunderstanding your point?
we've built this with Coworker! just launched today.
<a href="https://coworker.ai" rel="nofollow">https://coworker.ai</a>
<a href="https://www.producthunt.com/products/coworker-ai" rel="nofollow">https://www.producthunt.com/products/coworker-ai</a>
> we brought down image creation time to mere seconds, even for images that were multiple GiB in size<p>this sounds interesting; for e.g., was wondering the other day if we could build images without actually pulling base images.. everytime we compile, we copy artifact(s) onto a multi-hundred MB base image which definitely doesn't need to be pulled everytime.
You absolutely can just build things and put them on base images without building or pulling the base image at any point. This is a central feature of ko, a simple container build tool for most Go applications: <a href="https://ko.build" rel="nofollow">https://ko.build</a><p>(I am a maintainer)
There are many ways to achieve this. If you are just copying artifacts, and not using RUN, then there is in principle no need to download the base image at all. Feel free to message me if you'd like to chat (email is in my profile).
You can, by using FUSE and lazy pulling files as they are opened. I'm working on doing this, myself.
One of the neat things about something like this is that you could, in theory, do OS builds (think stuff like bootable containers) where you can, deterministically, configure an operating system to boot into all within the confines of your web browser.<p>We already have image builders for stuff like Talos Linux and Incus OS. This is not out of the realm of possibility.
> and we sometimes resign ourselves to the limitations of docker build and friends<p>What are the limitations of `docker build`?
Creating multi arch builds for starters. Maybe creating image from just composing layers instead of “running” a Dockerfile? The first I find cumbersome and is easily overcome by using buildx.<p>I haven’t tried lately, but I think running a build still requires running a docker engine. Buildx has builders that run as containers.
I joked once that the future was dockerizing every single react component and running them in a wasm port of k8s... I hope that premonition isn't coming true!
I can't imagine this happening in reality (i.e. people wanting to do this for normal production applications), but after reading your comment I must admit I am very tempted to try it for purely esoteric reasons.
And uses SOAP for identity and authorization.
I don't understand what this does. How can it "build" anything without a VM capable of running actual code?<p>Is "build" being used here in the sense of assembling pre-existing layers into an image? What would be the purpose of that?
The idea is that, in many cases, you can create a layer "by hand" without running actual Linux programs. Layers don't need to be pre-existing, the only requirement is that they can be built programmatically (inside the browser, in this case). The demo actually does that: it "manually" creates a layer from the user-specified entrypoint script, then creates an image from the pre-existing base image's layers and the new entrypoint layer.<p>In a more real scenario, you can e.g., turn pip wheels into layers without actually using docker's RUN command. All it takes is to massage the data from one archive format into another, programmatically. This unlocks lots of potential (e.g., it becomes embarrassingly parallel to build a container image comprised of pip wheels). Combine that with a good layer caching strategy and a registry that takes advantage of it, and you can have near-instant container builds for arbitrary sets of wheels.
GAME CHANGER