By default Docker/Kubernetes container images are built using commands like "apt update", which do different things depending on when they're run. The image contents aren't 100% built from the input source, so they're nondeterministic and can break easily.
Using other tools, you can specify exactly what does into an image: deterministic. If you or the CI or your colleague in a month runs the build script, they'll get 100% the same results. It's much easier to develop.
Another huge benefit is that caches (e.g. CI build times) work more effectively. The feedback pipeline is a lot faster.
Thanks, Jason!
Top comments (0)