Shipping Manifests, Bill of Lading and Docker - Metadata and Container

Shipping Manifests, Bill of Lading and Docker - Metadata and Container

Talk from #dockercon EU in Barcelona, all about Docker labels and building higher level tools on top of metadata

98234c645fe8c935edc0fec0186d28b8?s=128

Gareth Rushgrove

November 16, 2015
Tweet

Transcript

  1. 1.

    Shipping Manifests, Bill of Lading and Docker Metadata and Container

    Gareth Rushgrove Senior Software Engineer, Puppet Labs
  2. 8.

    A manifest or ship's manifest is a document listing the

    cargo, passengers, and crew of a ship, aircraft, or vehicle, for the use of customs and other officials.
  3. 9.

    A bill of lading is a document issued by a

    carrier which details a shipment of merchandise and gives title of that shipment to a specified party.
  4. 11.

    —State of the Software Supply Chain 2015 A once safe

    component may be found to be vulnerable at any time” “
  5. 12.
  6. 17.

    Provide information about the host $ docker daemon \ --label

    com.example.environment="production" \ --label com.example.storage="ssd"
  7. 18.

    Labels to guide Swarm scheduling $ docker run -d -P

    \ -e constraint:storage==ssd --name db mysql
  8. 21.

    Don’t do this - new layer per label LABEL vendor=ACME\

    Incorporated LABEL com.example.version.is-beta LABEL com.example.version="0.0.1-beta" LABEL com.example.release-date="2015-02-12"
  9. 22.

    Better - only one layer LABEL vendor="ACME\ Incorporated" \ com.example.is-beta

    \ com.example.version="0.0.1-beta" \ com.example.release-date="2015-02-12"
  10. 23.

    $ docker inspect 4fa6e0f0c678 ... "Labels": { "vendor": "ACME Incorporated",

    "com.example.is-beta": "", "com.example.version": "0.0.1-beta", "com.example.release-date": "2015-02-12" } ... Access labels via inspect
  11. 25.

    Add labels at docker run time $ docker run \

    -d \ --label com.example.group="webservers" \ --label com.example.environment="production" \ busybox \ top
  12. 37.

    Summary: A CD player app that rocks! Name: cdplayer Version:

    1.0 Release: 1 Copyright: GPL Group: Applications/Sound Source: ftp://ftp.gnomovision.com/pub/cdplayer/cdplayer URL: http://www.gnomovision.com/cdplayer/cdplayer.html Distribution: WSS Linux Vendor: White Socks Software, Inc. Packager: Santa Claus <sclaus@northpole.com> %description It slices! It dices! It's a CD player app that can't be beat. By using the resonant frequency of the CD itself, it is able to simulate 20X Example RPM spec file
  13. 39.

    $ dpkg -L lynx /. /usr /usr/share /usr/share/doc /usr/share/doc/lynx /usr/share/doc/lynx/copyright

    /usr/share/doc/lynx/changelog.gz /usr/share/doc/lynx/changelog.Debian.gz List files from package
  14. 43.

    $ apticron The following packages are currently pending an upgrade:

    xfree86-common 4.3.0.dfsg.1-14sarge3 libice6 4.3.0.dfsg.1-14sarge3 libsm6 4.3.0.dfsg.1-14sarge3 xlibs-data 4.3.0.dfsg.1-14sarge3 libx11-6 4.3.0.dfsg.1-14sarge3 libxext6 4.3.0.dfsg.1-14sarge3 libxpm4 4.3.0.dfsg.1-14sarge3 Find outdated packages
  15. 46.

    All (third-party) tools should prefix their keys with the reverse

    DNS notation of a domain controlled by the author. For example, com.example.some-label. 1
  16. 56.
  17. 60.

    Check against Docker guidelines $ dli lint ========> Check all

    labels have namespaces [WARN] Label 'vendor' should use a namespace based on reverse DNS notation ========> Check labels don't use reserved namespaces ========> Check labels only use valid characters ========> Check labels start and end with alpanumeric characters ========> Check labels for double dots and dashes
  18. 61.

    $ dli validate ========> Check labels based on schema in

    'schema.json' [ERROR] u'com.example.is-beta' is a required property Check against a schema
  19. 62.

    { "title": "Dockerfile schema", "type": "object", "properties": { "com.example.release-date": {

    "type": "string" }, "com.example.is-beta": { "type": "string" }, "com.example.version": { "description": "Version", "type": "integer", "minimum": 0 } }, "required": ["com.example.is-beta", "com.example.version"] } Define labels in JSON schema
  20. 68.

    Discover out API $ docker inspect -f "{{json .Config.Labels }}"

    \ garethr/alpine \ | jq { "net.morethanseven.dockerfile": "/Dockerfile", "net.morethanseven.exec.packages": "apk info -vv" }
  21. 69.

    Read the Dockerfile $ docker run -i -t garethr/alpine cat

    /Dockerfile FROM alpine LABEL net.morethanseven.dockerfile="/Dockerfile" \ net.morethanseven.exec.packages="apk info -vv" RUN apk add --update bash && rm -rf /var/cache/apk/* COPY Dockerfile /
  22. 70.

    $ docker run -i -t garethr/alpine apk info -vv musl-1.1.11-r2

    - the musl c library (libc) implementati busybox-1.23.2-r0 - Size optimized toolbox of many comm alpine-baselayout-2.3.2-r0 - Alpine base dir structure openrc-0.15.1-r3 - OpenRC manages the services, startup alpine-conf-3.2.1-r6 - Alpine configuration management List installed packages