
Building Container Images Securely on Kubernetes - marvinpinto
https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/
======
rsanders
We have a separate build cluster due to concerns about security and stability
-- neither mounting the docker socket into a container nor docker-in-docker
are comfortable solutions for our cluster managers. Having the ability to run
container builds safely will be a huge benefit for my company.

We've looked into something like Bazel for its container builder, but that's a
significant change that has to be made in every single project, most of which
have perfectly fine build systems now.

And with all the FaaS systems which are continually building containers to
host functions, this will be a godsend.

------
erikb
Huge topic at the moment for many really big applications, I believe. If you
work in bigger setup you can't really avoid building new containers on the fly
at some point or the whole container concept stops making sense.

------
ibotty
... Or build the directory tree you want manually (Shell script, Makefile,
ansible, whatever) and use skopeo to push it to a registry.

