Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder. img is more cache-efficient than Docker and can also execute multiple build stages concurrently, as it internally uses BuildKit's DAG solver. The commands/UX are the same as docker {build, tag, push, pull, login, logout, save} so all you have to do is replace docker with img in your scripts, command line, and/or life. This is a glorified cli tool built on top of the build kit. The goal of this project is to be able to build container images for unprivileged users. Running unprivileged allows companies who use LDAP and other login mechanisms to use img without needing root. This is very important in HPC environments and academia as well. Currently, this works out of the box on a Linux machine if you install via the directions covered in installing from binaries. This installation will ensure you have the correct version of img and also runc.
Features
- The ultimate goal is to also have this work inside a container
- You need to have newuidmap installed
- You also need to have seccomp installed
- There is an ebuild
- You don't need to specify any securityContext for running img as a Kubernetes container
- Make sure you have user namespace support enabled