Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Managing Container Configuration with Metadata

Managing Container Configuration with Metadata

Keynote talk at Configuration Management Camp, covering the power of metadata for building operations focused tools around containers. Talk of standards, container APIs and metadata.

Gareth Rushgrove

February 02, 2016

More Decks by Gareth Rushgrove

Other Decks in Technology


  1. A manifest or ship's manifest is a document listing the

    cargo, passengers, and crew of a ship, aircraft, or vehicle, for the use of customs and other officials. Gareth Rushgrove
  2. A bill of lading is a document issued by a

    carrier which details a shipment of merchandise and gives title of that shipment to a specified party. Gareth Rushgrove
  3. Labels to guide Swarm scheduling Gareth Rushgrove $ docker run

    -d -P \ -e constraint:storage==ssd --name db mysql
  4. $ docker inspect 4fa6e0f0c678 ... "Labels": { "vendor": "ACME Incorporated",

    "com.example.is-beta": "", "com.example.version": "0.0.1-beta", "com.example.release-date": "2015-02-12" } ... Access labels via inspect Gareth Rushgrove
  5. $ docker run \ -d \ --label com.example.group="webservers" \ --label

    com.example.environment="production" \ busybox \ top Add labels at docker runtime Gareth Rushgrove
  6. "labels": { "key1" : "value1", "key2" : "value2" } Apply

    arbitrary metadata to objects Gareth Rushgrove
  7. $ kubectl get pods -l 'environment in (production, qa)’ Query

    using sets or equalities Gareth Rushgrove
  8. "annotations": [ { "name": "authors", "value": "Carly Container <[email protected]>" },

    { "name": "created", "value": "2014-10-27T19:32:27.67021798Z" }, { "name": "documentation", "value": “https://example.com/docs" }, { "name": "homepage", "value": "https://example.com" } ] Appc defines annotations and labels Gareth Rushgrove
  9. The power of system packages lies not in the file

    format but in the metadata Gareth Rushgrove
  10. Summary: A CD player app that rocks! Name: cdplayer Version:

    1.0 Release: 1 Copyright: GPL Group: Applications/Sound Source: ftp://ftp.gnomovision.com/pub/cdplayer/cdplayer-1.0.tgz URL: http://www.gnomovision.com/cdplayer/cdplayer.html Distribution: WSS Linux Vendor: White Socks Software, Inc. Packager: Santa Claus <[email protected]> %description It slices! It dices! It's a CD player app that can't be beat. By using the resonant frequency of the CD itself, it is able to simulate 20X Example RPM spec file Gareth Rushgrove
  11. $ dpkg -L lynx /. /usr /usr/share /usr/share/doc /usr/share/doc/lynx /usr/share/doc/lynx/copyright

    /usr/share/doc/lynx/changelog.gz /usr/share/doc/lynx/changelog.Debian.gz List files from packages Gareth Rushgrove
  12. $ apt-cache unmet Package libdataobjects-sqlite3-ruby1.9.1 version has an unmet

    dep: Depends: libdataobjects-ruby1.9 Find unmet dependencies Gareth Rushgrove
  13. All (third-party) tools should prefix their keys with the reverse

    DNS notation of a domain controlled by the author. For example, com.example.some-label. Gareth Rushgrove
  14. Keys should only consist of lower- cased alphanumeric characters, dots

    and dashes (for example, [a- z0-9-.]). Gareth Rushgrove
  15. DL3006 Always tag the version of an image explicitely. DL4000

    Specify a maintainer of the Dockerfile FROM debian SC2154 node_verion is referenced but not assigned (did you mean 'node_version'?). DL3009 Delete the apt-get lists after installing something DL3015 Avoid additional packages by specifying `—no-install-recommends` RUN export node_version="0.10" \ && apt-get update && apt-get -y install nodejs="$node_verion" Includes common issues and shellcheck linting of bash Gareth Rushgrove
  16. $ dli lint ========> Check all labels have namespaces [WARN]

    Label 'vendor' should use a namespace based on reverse DNS notation ========> Check labels don't use reserved namespaces ========> Check labels only use valid characters ========> Check labels start and end with alpanumeric characters ========> Check labels for double dots and dashes Check against Docker guidelines Gareth Rushgrove
  17. $ dli validate ========> Check labels based on schema in

    'schema.json' [ERROR] u'com.example.is-beta' is a required property Check against a schema Gareth Rushgrove
  18. { "title": "Dockerfile schema", "type": "object", "properties": { "com.example.release-date": {

    "type": "string" }, "com.example.is-beta": { "type": "string" }, "com.example.version": { "description": "Version", "type": "integer", "minimum": 0 } }, "required": ["com.example.is-beta", "com.example.version"] } Define labels in JSON Schema Gareth Rushgrove
  19. FROM alpine LABEL net.morethanseven.dockerfile="/Dockerfile" \ net.morethanseven.exec.packages="apk info -vv" RUN apk

    add --update bash && rm -rf /var/cache/apk/* COPY Dockerfile / Dockerfile example Gareth Rushgrove
  20. $ docker inspect -f "{{json .Config.Labels }}" \ garethr/alpine \

    | jq { "net.morethanseven.dockerfile": "/Dockerfile", “com.containermetadata.exec.packages”: "apk info -vv" } Discover our API Gareth Rushgrove
  21. $ docker run -i -t garethr/alpine cat /Dockerfile FROM alpine

    LABEL net.morethanseven.dockerfile="/Dockerfile" \ net.morethanseven.exec.packages="apk info -vv" RUN apk add --update bash && rm -rf /var/cache/apk/* COPY Dockerfile / Read the Dockerfile Gareth Rushgrove
  22. $ docker run -i -t garethr/alpine apk info -vv musl-1.1.11-r2

    - the musl c library (libc) implementation busybox-1.23.2-r0 - Size optimized toolbox of many common UNIX utilities alpine-baselayout-2.3.2-r0 - Alpine base dir structure and init scripts openrc-0.15.1-r3 - OpenRC manages the services, startup and shutdown of alpine-conf-3.2.1-r6 - Alpine configuration management scripts List installed packages Gareth Rushgrove