from Hacker News

Ko: Easy Go Containers

by bamazizi on 11/8/23, 12:37 AM with 40 comments

  • by ImJasonH on 11/8/23, 1:43 PM

    Hey, ko maintainer here! I'd love to answer any questions or hear any feedback folks have.

    Ko's simplicity comes from focusing on doing exactly one thing well -- it doesn't have to run containers to build code in any language, it just builds minimal Go containers, and that means it can focus on doing that as well as possible.

    Another powerful benefit of focusing on Go (IMO) is that ko can be used to transform a Go importpath to a built image reference.

    A common simple use: `docker run $(ko build ./cmd/app)`

    This is also how Kubernetes YAML templating[1] works, and it's also how the Terraform provider[2] works -- you give it an importpath, and ko transforms it into a built image reference you can pass to the rest of your config. I don't even "use ko" day-to-day most days, I mostly just use terraform. :)

    1: https://ko.build/features/k8s/ 2: https://ko.build/advanced/terraform/

  • by Cyphase on 11/8/23, 12:24 PM

    For those who don't know: https://en.wikipedia.org/wiki/Ko_fight

  • by flimsypremise on 11/8/23, 3:19 PM

    I'll be honest, I just don't think this is a great way to do development in any language:

    `ko builds images by executing go build on your local machine`

    If you've done any sort of work with service or application development on a team, you will no doubt have encountered issues with relying on local machine build dependencies. Enforcing dependency versions across the team is basically impossible even in cases where the entire team is using the same OS and hardware, so you're going to run into problems where users are building the codebase with different versions of tools and dependencies. This is one of the core problems that containerization was intended to solve, so if you are using containerization in development and not building inside the container, you are missing out on one of the major advantages of the paradigm.

  • by hknmtt on 11/8/23, 7:38 AM

    I have used something like this in the past:

    FROM alpine:latest AS base # Scratch does not have shell so we have to create non-root user in here and later copy it into scratch. RUN adduser -D -u 123456 appusr

    FROM scratch # Copy the binary. COPY foo.bin /foo.bin # Copy the user and set is as active. COPY --from=base /etc/passwd /etc/passwd USER appusr # Non-root user cannot bind to "privileged" ports(<=1024). EXPOSE 1234 ENTRYPOINT ["/foo.bin"]

    Simple. But i can see ko being good alternative if you for some reason do not want to install docker on your computer but still be able to build docker containers.

  • by riv991 on 11/8/23, 10:17 AM

    I love ko, so simple to get a container running in one line and now integrated with GoReleaser.

    `docker run $(ko build -L main.go)`

  • by ithkuil on 11/8/23, 10:12 AM

    I love `ko`. I wish there was something similar for rust but I haven't found it quite yet

  • by pachico on 11/8/23, 1:57 PM

    Dammit, why didn't I know about this? In general, I always have the feeling I'm not aware of great applications out there, and I confirm this sensation every time I find them, like now!

    How do you all stay tune of the great apps out there?

  • by avtolik on 11/8/23, 2:36 PM

    I am building an app right now and looked into this. Unfortunately the support for including static assets is limited for my case.