Get to know Buildpacks: the secret weapon for improving container development, security & more

Patrick Wiseman

If you’re not yet familiar with Buildpacks, you’re about to be. Buildpacks are the cornerstones of how we ship software at Flowerwork, and we’re only at the beginning of their rise in popularity.

Buildpacks are a contract between application developers and technical operators that improve how teams run and secure applications within a container image. Along the way, they provide significant value for developers, technical operators and the business overall.

With that in mind, here’s a high level look at what you need to know about Buildpacks.

What are Buildpacks?

Buildpacks extract all of the domain-specific runtime information away from an application built into the standard form-factor of a container image. This form-factor allows teams to standardize their delivery practices and operations practices for applications written in different languages and frameworks. This is incredibly powerful.

Let’s break this down: Most later stage software companies separate application development from the technical operations that manage security and infrastructure. Each of these domains typically requires a deep level of domain-specific knowledge that is too much to have concentrated in one person (or team). Many companies reduce complexity for these groups by creating language/framework mandates – i.e. you must use Java or Spring.

Containerization helps ease this burden for technical operators, such as Site Reliability Engineers (SREs), by providing more standardized methods for operational activities like domain routing and entry points rather than requiring those to be specific to each application. Essentially, containers make it so that none of those activities require domain-specific knowledge for a programming language or framework.

How do Buildpacks work?

Docker is the most popular containerization technology, but fundamentally Docker has one of the leakiest abstractions due to Dockerfiles. A Dockerfile does nothing to ease the operations burden for application developers. In fact, it requires them to know how all of those server operations work and only codifies it into a file. A Dockerfile file reads like an incredibly long run on sentence of how to do something that looks the same for most applications. Dockerfiles get out of date quickly often making them insecure and optimizing build speeds requires even more domain knowledge. Buildpacks are different.

Buildpacks solve this challenge by codifying all of that operations and caching knowledge into individual buildpacks and then automatically building the container image in a predictable manner. Buildpacks work by analyzing source code, letting matching buildpacks add layers to the container image, and then exporting a complete image for use by operators. In doing so, they provide technical operators with containers that run in predictable ways and give application developers a simple way to run an application so it can be converted to a container – all without any domain-specific knowledge for every programming language or framework.

Where did Buildpacks come from?

Buildpacks were invented at Heroku and gained additional popularity at Pivotal Cloud Foundry. Those groups came together to start working toward an open source standard with the Cloud Native Computing Foundation in 2018. Since then, the buildpacks community has been working with groups large and small to help them write their own Buildpacks that any team can use to convert their application into a container image without the need for advanced domain knowledge. Teams can adopt to use any collection of those buildpacks

Buildpacks v Dockerfiles

Buildpacks are quite different from Dockerfiles. There are three important differences between Buildpacks and Dockerfiles:

  1. Simpler interface: Buildpacks provide an easy interface that does a better job of separating application development concerns from technical operations concerns.
  2. More efficient security: Buildpacks run security and compliance at the stack level vs. the individual service level, which helps alleviate a significant amount of work required by security operations teams to keep infrastructure secure. Specifically, instead of securing every container image individually like is required with a Dockerfile, teams that use Buildpacks can secure a higher level build image and run image. When a new run image is available all of the apps built with that buildpack can rebase the buildpack layers on top of a new run image. This creates a faster and more efficient way to enable security and compliance.
  3. Extensible and Reusable: Buildpacks are an extensible standard that allow many predictable build processes to act on the same codebase. It also allows those build processes to be shared across many codebases.

Why should you use Buildpacks?

Buildpacks offer notable technical and business benefits:

Technical benefits

Part of what makes Buildpacks so useful is that there is a community that maintains the buildpacks. So instead of every developer having to write a Dockerfile, the community encapsulates best practices in an extensible and reusable way so that every application using Buildpacks can leverage those best practices. The open source community builds and maintains these buildpacks which removes additional work from your busy team.

Business benefits

From a high level business perspective, Buildpacks help lower the barrier to entry for application developers and technical operators to be successful at a given company by removing the need to have any sort of domain-specific knowledge. Expanding the recruiting pool in that way is a huge benefit when technical resources are hard to find.

Additionally, Buildpacks can enable earlier stage companies to punt on the need to find full time SREs by taking advantage of the best practices instilled in buildpacks. This allows teams to focus on building what matters for their customers, all while keeping the company in a reasonable posture for making the first SRE hire later on.

Ready to take your development efforts to the next level?

Buildpacks are a powerful solution for technical teams and the businesses behind them. And most importantly, the community around Buildpacks is just getting started. As a result, we expect to see even more advancements going forward, which will only make the case for using Buildpacks more compelling than it already is.

If you’re ready to take your organization’s delivery efforts to the next level with Buildpacks and other advanced functionality of the Flowerwork Platform, contact Flowerwork today to learn how we can help.