Introducing to Docker BuildKit And It’s Uses:

Reading Time: 3 minutes
Enabling docker builds with BuildKit | by Liviu Costea | ITNEXT

Hello Readers… I hope you all are doing fine. In this blog we are going to learn about docker build and it’s uses. So stay tuned.

Basically; Docker BuildKit is an optin image building engine that offers significant improvements over traditional processes. BuildKit creates image layers in parallel, which speeds up the entire build process.

What Is BuildKit:

BuildKit was developed as part of the Moby project, a Docker project that “assembles a special container system without reinventing the wheel.” Announced in 2017 and shipped in 2018 with Docker Engine version 18.09.

BuildKit focuses on improving build performance, memory management, and scalability. Its headings are parallel processing, more advanced caching, interchangeable architectures, and automated garbage collection. Combine these to create a build system that is more efficient and extensible than the original engine.

You can build levels that do not affect each other at the same time, reducing the amount of time you have to wait for a phase to complete. BuildKit also optimizes access to local files referenced by the COPY statement. Instead of broadcasting the entire build context, it tracks the changes you have made and copies only the files that have changed since the last build.

BuildKit also simplifies multi-platform builds. You can specify a platform flag to indicate the target to build. BuildKit automatically compiles the appropriate image manifest to cover all specified architectures.

docker buildx --create --platform linux/amd64,linux/arm64 .

Features of Buildkit:

BuildKit has some new features. Only some of them are discussed here.

Speeding up builds by parallel processing

Consider the following multi-level Dockerfile.

  • Creating in multiple phases allows for smaller images in production as well as caching for quick rebuilds. If you’re new to the concept, start with Part 1 of a three-part series on multi-stage Docker builds in Python.
FROM python:3.8-slim-bullseye AS build-stage
RUN apt-get update && apt-get install -y --no-install-recommends gcc
RUN python -m venv /venv
ENV PATH=/venv/bin:$PATH
RUN pip install pyrsistent

FROM python:3.8-slim-bullseye AS runtime-stage
RUN apt-get update && apt-get -y upgrade
COPY --from=build-stage /venv /venv
ENV PATH=/venv/bin:$PATH
ENTRYPOINT ["python", "-c", "import pyrsistent; print(pyrsistent.__file__)"]


Build a secret

  • You may need a secret or password to run the build, such as the password for the private package repository. There is no good way to do this with a traditional Docker build. The obvious method is not safe and the workaround is a hackney.

Activating BuildKit Support:

There are two ways to activate the BuildKit. If you want to use this feature to create a single image, set the DOCKER_BUILDKIT environment variable in the shell:

DOCKER_BUILDKIT=1 docker build .

For long-term use, configure the Docker daemon to use BuildKit by default. Create or edit the /etc/docker/daemon.json file and add the following content to the top-level configuration object:

{
    "features": {
        "buildkit": true
    }
}


Reload the daemon configuration for the changes to take effect.
systemctl reload docker:

The docker build command now uses the BuildKit instead of the default build engine.

The BuildKit produces different CLI output than a regular engine so you know when it will be active. BuildKit’s progress bar improves readability and provides clear visualization of when each phase begins and completes. This information includes a breakdown of the time it takes to build each layer.

Build Features:

BuildKit adds some additional Buildtime features to simplify the steps in the Dockerfile.

We can transfer secret data using the secret flag. This allows the Dockerfile to access sensitive values ​​without storing them in the image. This value is only available at creation time.

docker build --secret id=demo-secret,src=demo-secret.txt .

This Dockerfile refers to a secret called a demo secret. Its value is read from the demosecret.txt file when you run docker build. The RUN command with the mount flag provides access to the secret.

The file will be temporarily mounted in the / run / secrets directory. You can also use the BuildKit to transfer the host’s SSH agent so that the build procedure can interact with existing remote connections.

Pass the ssh flag to dockerbuild and add mount = type = ssh to the RUN instruction in the Dockerfile:

docker build --ssh .

These features make creating images more convenient without compromising general security. SSH agent transfers and secret mounts are only available in BuildKit. There is no corresponding standard build engine.

Conclusion:


BuildKit is a next-generation Docker image builder that dramatically accelerates builds using a graphed binary format. Performance varies greatly from Dockerfile to Dockerfile, but if you can process image layers in parallel, you can expect a significant increase in speed.

So; this is all about bulidkit.

Happy learning.

Written by 

Mayuri Dhote is a Software Intern at Knoldus Software. She has completed her MCA from VIT University. She has very dedicated towards her work. She has always ready to learn new things. Her practice area is Devops. When not working, you will find her writing poems and poetry.

Leave a Reply