The Containerization Brick for your Platform Engineering Toolbox

sylvain-kalache

Sylvain Kalache

Posted on May 15, 2024

The Containerization Brick for your Platform Engineering Toolbox

Platform engineering has been rapidly gaining popularity. By 2026 about 80% of major organizations are expected to have platform engineering teams.

Part of a platform engineering strategy is assembling a bunch of bricks to provide a well-rounded developer experience. In this article, I will explore how packaging applications using open-source Cloud Native Buildpacks can become a core element of that platform engineering toolkit by offering advanced application packaging features. Let's dive in!

One command for a perfect container image

Buildpacks can automate the process of transforming application source code into a runnable container OCR image. A Buildpack is a collection of executables that inspects application source code and creates a plan to build the application. Starting with Heroku, this concept has demonstrated its effectiveness for over a decade and is used by platforms like Google App Engine, GitLab, CircleCI, Cloud Foundry, and more.

One pack cli command is needed to create a container image from an application source code. For example, for a Ruby application, that's all you need to run:

pack build my-ruby-app --builder paketobuildpacks/builder:base

Fulfill Security basics

Container images are the building blocks of any application, and application security will depend on how well these images are secured. Buildpacks can help with security and compliance on multiple fronts.

Reproducible Builds

Buildpacks can generate reproducible builds of images. That means if given the same input for application compilation, the exact same output as a previous build will be produced. Reproducible builds allow us to verify that artifacts originate from a reliable source, providing a strong method to block unauthorized applications from being incorporated into containers during the software delivery process. The requirements for level 4 of Supply Chain Levels for Software Artifacts (SLSA) recommend having a reproducible build process.

Built-in SBOM generation

Additionally, buildpacks have the capability to produce Software Bills of Materials (SBOMs). SBOMs provide a comprehensive inventory of all components and dependencies within a software. By cross-referencing SBOMs against recognized security vulnerabilities, they help guarantee that only secure components are utilized.

The pack cli command below will generate an SBOM for a Ruby application named "my-ruby-app".

pack sbom download my-python-app

The power of community

Security is an endless task, and it can be hard to cover the basics for organizations that don’t have a dedicated team for this task.

The buildpack community can help these companies by providing standardized build-and-run images. Providers like Google, Heroku, and Paketo Buildpacks offer production-ready buildpack images built with best practices and security protocols already implemented.

Community-led Paketo Buildpacks commits to weekly rebuilds to keep packages up-to-date and promises updates for critical CVEs within 48 hours. In a recent interview, Cloud Foundry Foundation Chief Evangelist Ram Iyengar explained how the quick community response helped companies fix the Heartbleed vulnerability much faster than those using a traditional approach. Finally, remember that these open-source images can be easily patched if you need a faster turnaround.

Help with standardization

Platform engineering standardizes operations to promote consistency, efficiency, and reliability. This standardization means that the processes and tools employed should remain consistent regardless of the programming language used in your applications.

As microservices gain popularity, particularly among large organizations, accommodating various technology stacks has become mandatory. Buildpacks can be a building block of an IDP by containerizing applications made of any stack and programming language. Each buildpack provider β€” Heroku, Google, and Paketo β€” supports most modern stacks. For example, Paketo Buildpacks supports many languages, such as .NET Core, Go, Java, Node.js, PHP, Ruby, and more.

Wrapping up

Implementing an effective platform engineering strategy requires a toolkit that facilitates a seamless developer experience. Given the need for interoperability between various components, open-source tools play a critical role. Cloud Native Buildpacks, with their broad support for diverse programming stacks and robust security features, could be a good add-on to your platform engineering toolbox.

πŸ’– πŸ’ͺ πŸ™… 🚩
sylvain-kalache
Sylvain Kalache

Posted on May 15, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related