Kpack, a Kubernetes-native container build platform, is a powerful tool that helps DevSecOps teams build and update containers automatically. It is already a core component of VMware’s commercial container build offering, VMware Tanzu Build Service.
VMware Tanzu Community Edition, the freely available, open source distribution of the Kubernetes-based Tanzu platform
With the addition of kpack, Tanzu Community Edition enables users to build container images consistently and reliably and publish them to a container registry on Tanzu Community Edition.
Kpack, a Kubernetes-native automated container build platform
Kpack utilizes unprivileged Kubernetes primitives to automatically build and update production-ready container images. Just bring your app and favorite buildpacks to kpack, and kpack will build it into an image. Any buildpack that adheres to Cloud Native Buildpack specifications, including open source Paketo buildpacks, can be used. Paketo, the open source buildpacks maintained by VMware, provides production-ready buildpacks for most popular languages and frameworks. Let’s break down this automated image build and rebuild process.
Achieve critical DevSecOps outcomes using kpack
The top five reasons to pick up kpack, whether you are new to the technology or have been on the fence to make the move:
- Simplified code-to-container workflow – Kpack automates the initial creation of containers directly from source code; no need to fiddle with dockerfiles. It automatically rebuilds a container image on any update to the entire stack: new code commits, runtime dependencies, libraries, and OS updates.
- Strengthened security posture – Baked-in structured and comprehensive container metadata enables uniform tracking and patching of containers with the latest CVEs. Kpack also supports image signing via cosign.
- Simplified Day 2 operations – Kpack checks all the levers for a smooth Day 2 experience, including automated container image rebuild, granular platform-level controls, and centralized fleet management.
- No vendor lock-in – Kpack can be deployed on any Kubernetes platform. Additionally, images built by kpack are OCI compliant and can be pushed to any OCI-compliant registry and can run on any Kubernetes platform.
- Low-friction adoption – Kpack is a modular tool that slots into pre-existing CI/CD pipelines.