Debug School

Cover image for Apko
Suyash Sambhare
Suyash Sambhare

Posted on

Apko

apko is a command-line tool to build container images using a declarative language based on YAML. apko is so named as it uses the apk package format and is inspired by the ko build tool. It is part of the open source tooling Chainguard developed to create the Wolfi operating system which is used in Chainguard Images.

Why apko
Container images are typically assembled in multiple steps. A tool like Docker, for example, combines building steps (as in, running commands to copy files, build and deploy applications) and composition (as in, composing a base image with pre-built packages) in a single piece of software. apko, on the other hand, is solely a composition tool that focuses on producing lightweight, “flat” base images that are fully reproducible and contain auto generated SBOM files for every successful build.

Instead of building your application together with your components and system dependencies, you can build your application once and compose it into different architectures and distributions, using a tool such as melange in combination with apko.

Installation

docker pull cgr.dev/chainguard/apko
docker run --rm cgr.dev/chainguard/apko version

You will get a result:

     _      ____    _  __   ___
    / \    |  _ \  | |/ /  / _ \
   / _ \   | |_) | | ' /  | | | |
  / ___ \  |  __/  | . \  | |_| |
 /_/   \_\ |_|     |_|\_\  \___/
apko

GitVersion:    v0.6.0
...
Enter fullscreen mode Exit fullscreen mode

Build a Test Image

Define the yaml.

contents:
  keyring:
    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
  repositories:
    - https://packages.wolfi.dev/os
  packages:
    - ca-certificates-bundle
    - wolfi-base

entrypoint:
  command: /bin/sh -l

archs:
  - x86_64
Enter fullscreen mode Exit fullscreen mode

Run - docker run --rm -v ${PWD}:/work -w /work cgr.dev/chainguard/apko build wolfi-base.yaml wolfi-base:test wolfi-test.tar

Apko

Test the image

To test the generated image with Docker, you’ll need to use the docker load command and import the .tar file you created in the previous step:

docker load < wolfi-test.tar

bf6e72d71c13: Loading layer [==================================================>]  5.491MB/5.491MB
Loaded image: wolfi-base:test-amd64
Enter fullscreen mode Exit fullscreen mode

You can check that the image is available at the host system with - docker image list
You should be able to find the wolfi-base image with the test-amd64 tag among the results.

Run the image

docker run -it wolfi-base:test-amd64

This will get you into a container running the apko-built image wolfi-base:test-amd64. It’s a regular shell that you can explore to see what’s included. To include additional software packages, check the Wolfi repository to find the packages you’ll need for your specific use case, or check out melange, apko’s companion project that allows users to build their own APK packages from source.

Ref: https://edu.chainguard.dev/open-source/build-tools/apko/getting-started-with-apko/

Top comments (0)