Everyone wants to use containers today yet most don't really know how they function and what is in the box. Also building containers in unprivileged contexts can be challenging. In this talk we will look into a docker image and discuss how to create those packages using tools like kaniko For most people that want to create a docker image the journey ends with docker build. What this will trigger is building a docker image using the running docker engine on your host. The problems start at a point where you don't have access to the docker daemon, want to build a container in a container (as most CI systems execute in containers nowadays) or just have limited permissions on the system. For this we will open the mystical box of a docker image by looking into: - Layers - Empty Layers - Configuration Details Then we will look into the kaniko project that tries to build those images without ever touching a docker daemon to better understand how those images can be created and how to work in more restricted environments. Those information can also be very helpful when looking into container security and scanning what is in the box.