Introduction

apko is a tool for building OCI container images from apk packages. It provides a declarative way to define container images and builds them in a reproducible and efficient manner.

Key Features

• Reproducibility: apko builds images that are fully reproducible by default. Running apko twice with the same configuration will produce identical images.
• Speed: apko aims to build images quickly, often in milliseconds.
• Minimality: apko images only contain the necessary components for the application, similar to distroless images.
• SBOM Support: apko generates a Software Bill of Materials (SBOM) for each image, detailing the included packages.
• Service Support: apko integrates with the s6 supervision suite, allowing for running multiple processes within a container without issues related to reaping or signaling.

Installation

apko can be installed using various methods:

• Homebrew:

  brew install apko
            

• From Source:

  go install chainguard.dev/apko@latest
            

• Container Image:

  docker run cgr.dev/chainguard/apko version
            

Example: Building a Base Alpine Image

A simple example demonstrates building a base Alpine image:

apko.yaml:

contents:
            repositories:
              - https://dl-cdn.alpinelinux.org/alpine/edge/main
            packages:
              - alpine-base
          
          entrypoint:
            command: /bin/sh -l
          
          # optional environment configuration
          environment:
            PATH: /usr/sbin:/sbin:/usr/bin:/bin
          

Build using apko:

apko build examples/alpine-base.yaml apko-alpine:test apko-alpine.tar
          

Load the image into Docker:

docker load < apko-alpine.tar
          

Run the image:

docker run -it apko-alpine:test
          

Publishing Images

You can publish images directly to a registry:

apko publish examples/alpine-base.yaml myrepo/alpine-apko:test
          

Why apko

apko was developed by Chainguard for building secure and reproducible container images. Its focus on speed and efficiency makes it suitable for scenarios involving frequent image rebuilds.

Declarative Nature

apko utilizes a declarative approach, eliminating the need for RUN statements like those found in Dockerfiles. This allows for more precise image definition and ensures bitwise reproducibility.

Melange Integration

apko complements its sister tool, melange, which produces apk packages for inclusion in apko images. Together, apko and melange cover a wide range of container image building needs.

Related Projects

• melange: https://github.com/chainguard-dev/melange
• ko: https://github.com/google/ko
• kontain.me: https://kontain.me