Alternatives to build an image without using docker daemon(using OCI initiatives like buildah, kaniko, img e.t.c)

Please refer https://sprinkle-twinkles.medium.com/docker-container-vs-docker-image-8e35a416509b to understand the difference between image and container.

Docker client and daemon → Docker use a client-server architecture. The Docker client talks to the Docker daemon(dockerd), which does the heavy lifting of building(docker build), running(docker run). The docker daemon is responsible for the state of your containers and images, and facilitates any interaction with “the outside world.”

The Docker client is merely used to translate commands into API calls that are sent to the Docker Daemon. This allows using of a local or remote docker daemon. Docker client and daemon can run on the same system or different systems.

Why docker daemon a problem ? Docker Daemon needs to be run with root privileges(due to its binding of unix socket which needs sudo access) so docker container will have the same rights as the host operating system, which may pose security issues(so we should only run image locally or on corporate system if we trust the image)

So what are alternatives in this space? Enter OCI

What is OCI → Open Container Initiative (OCI) is a Linux Foundation project created to set standards around container formats and runtimes. It specifies two specifications: the Runtime Specification (runtime-spec) and the Image…