Upgrade to Pro — share decks privately, control downloads, hide ads and more …

はてなリモートインターン2021 コンテナ 講義資料

Hatena
October 08, 2021

はてなリモートインターン2021 コンテナ 講義資料

Hatena

October 08, 2021
Tweet

More Decks by Hatena

Other Decks in Technology

Transcript

  1. /BNFTQBDF 6TFS5JNF ˝ 6TFS ˝ 6*%(*%؅⮆ꦕ׌׾ ˝ 樟ם׾/BNF4QBDFך⺱׋6*%סٗ٭ا؅⛼䡗ך׀׾ ˝ 5JNF

    ˝ ٌتعכؤ٤طػס侇ꝴ؅⮆ꦕ׌׾ ˝ 攐㲊סَؕ٤عךٛتعؓך׀׾ 
  2. /BNFTQBDF 1*%/FUXPSL ˝ 1*% ˝ وٞجت*%樑⺘狜ꝴסꣴꦕ ˝ ⺲⯥狜ꝴ⫂ך僃⮣סوٞجتעQJE ˝ /procQSPDGTעאס1*%⺲⯥狜ꝴ⫂סوٞجتמסײؓؠجتך׀׾

    ˝ /FUXPSL ˝ ؾشع٠٭ؠظفؕتյٜ٭طؔ٤ءط٭هٜյ*1ؓغٝتյَ٭ع樑⺘םלסꣴ ꦕ ˝ ؤ٤طػכٌتعך⮯ס*1؅䧏י׾ 
  3. DISPPUכQJWPU@SPPU ˝ DISPPU ˝ وٞجتסٜ٭عظؔٝؠعٛ؅㚺催׊יوٞجت؅颯Ⳃ׌׾ ˝ 䧗㲊׈׿גٜ٭عظؔٝؠعٛ鿥┖סײמؓؠجتך׀׾ ˝ ☼喋┕յDISPPUס㛙מ燯Ⳃך׀י׊ױֹ ˝

    QJWPU@SPPU ˝ وٞجتסٜ٭عنٜؒؕبتطّאס׵ס؅⪌׿僀ֻיٜ٭ع؅㚺催׌׾ ˝ 兢♭ֵֿ׾׵סס㛙׫ע燯Ⳃך׀םַն 
  4. TFDDPNQ ˝ وٞجتס氦车ך׀׾بتطّؤ٭ٜ؅⯆꡾׌׾☼磝ײ ˝ TUSJDUٓ٭غSFBE XSJUF @FYJU TJHSFUVSOסײ ˝ MUFSٓ٭غCQGמ׻׾نٜؔذֿ⺎耆

    ˝ %PDLFSךظنؚٜعך⯆꡾׈׿יַ׾بتطّؤ٭ٜס┉鼧 perf_event_open, pivot_root, process_vm_readv, process_vm_writev, ptrace 
  5. %PDLFS$-* ˝ ٝةتعٛ־׼ْؕ٭ة؅رؗ٤ٞ٭غ $ docker pull <image uri> ˝ 二גמؤ٤طػ؅㲔车׌׾

    $ docker run !"rm -ti <image> <command> ˝ ⛼䡗׊גؤ٤طػ؅澬鏀׌׾ $ docker container ls -a 
  6. %PDLFS$-* ˝ 颯Ⳃ׊יַ׾ؤ٤طػ⫂ךؤُ٤غ؅㲔车׌׾ $ docker exec -ti <container id> <command>

    ˝ ؤ٤طػ⫂סنٜؒؕ؅ٌتعמؤم٭ $ docker cp <container id!"<src path> <dst path> ˝ 颯Ⳃ׊יַ׾ؤ٤طػס┉鈋 $ docker ps 
  7. # syntax = docker/dockerfile:experimental FROM golang:1.14-alpine AS builder RUN apk

    !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY Makefile ./ RUN make setup COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build make build FROM alpine COPY !"from=builder /(snip)/server /(snip)/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] %PDLFSMF ˝ %PDLFSْؕ٭ةע%PDLFSMF־׼ docker buildؤُ٤غך榟䡗 $ docker build -f Dockerfile . ˝ %PDLFSMF ˝ '30.ي٭تْؕ٭ة䧗㲊 ˝ 36/♳䙫סؤُ٤غ؅㲔车 ˝ $01:لٜغؤ٤ط؞تع־׼ نٜؒؕ؅⹦䐂׌׾ 
  8. # syntax = docker/dockerfile:experimental FROM golang:1.14-alpine AS builder RUN apk

    !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY Makefile ./ RUN make setup COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build make build FROM alpine COPY !"from=builder /(snip)/server /(snip)/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] ٕٝؕ؞ٔشبٖ ˝ لٜغ侇ꝴס湾竊סג״յ ⽜♐ⶡ⛣ך؞ٔشبٖ׈׿ ׾ ˝ ⭚杼侇ꝴֿ־־׽յ㚺催값 䈱ס㵼םַ׵ס؅⩝מ㲔车 ׌׾ 
  9. # syntax = docker/dockerfile:experimental FROM golang:1.14-alpine AS builder RUN apk

    !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY Makefile ./ RUN make setup COPY . . RUN !"mount=type=cache,target=/root/.cache/go-buil make build FROM alpine COPY !"from=builder /(snip)/server /(snip)/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] NVMUJTUBHFCVJMET ˝ ْؕ٭ةئؕث؅㵸׈ׂ⟊ ח ˝ ؓوٛآ٭ب٘٤סⳂ⛼ מ䑒釐ם❣㰆סײ⻠״׾ ˝ docker buildס!" target؛وب٘٤ ˝ 攐㲊סTUBHF؅لٜغ׌ ׾ 
  10. # syntax = docker/dockerfile:experimental FROM golang:1.14-alpine AS builder RUN apk

    !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY Makefile ./ RUN make setup COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build make build FROM alpine COPY !"from=builder /(snip)/server /(snip)/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] CVJMELJU ˝ %PDLFS׻׽塜䌋嚀耆 כםזג二׊ַلٜر٭ ˝ DOCKER_BUILDKIT=1؅錃 㲊׊יֽׂ ˝ لٜغ侇מ؞ٔشبٖסُ ؗ٤عֿך׀׾ 
  11. %PDLFSْؕ٭ة ˝ ؤ٤طػסⳂ⛼מ䑒釐םنٜؒؕ؅ױכ״ג׵ס ˝ 邾丗סٕٝؕך啶䡗׈׿׾ ˝ %PDLFS)VC $ docker pull

    <Πϝʔδ໊!"<λά> $ docker pull hatena/apply-for-internship-2020:latest 
  12. %PDLFSْؕ٭ةס╈עלֹםזיַ׾ ├── 2e3d6c9f566f06ae7e9a74b69483b8cb783b1bee48beb02b6524fbcb4de48f71 │ ├── VERSION │ ├── json │

    └── layer.tar ├── 6a28bc9521cd43cb1bbba4facfe4676649681c81ab252d09ad906ca11669d4ca │ ├── VERSION │ ├── json │ └── layer.tar ├── 83bc3862525ff9d3b82a85ec3369f8cab40f7e716e36f3db84f15763a11af2fe.json ├── da0ea11a16c18578358add538c445cd5408e29ec0f06a7196c51ee7b7e46662d │ ├── VERSION │ ├── json │ └── layer.tar ├── manifest.json └── repositories 
  13. %PDLFSْؕ٭ةס╈עלֹםזיַ׾ ˝ ْؕ٭ة啶疣ס㷽塷؅澬鏀׌׾ $ docker history <image> $ docker history

    hatena/apply-for-internship-2020 IMAGE CREATED CREATED BY SIZE COMMENT 8066217f321a 2 minutes ago ENTRYPOINT ["./apply-for-internship-2020"] 0B buildkit.dockerfile.v0 <missing> 2 minutes ago COPY /go/src/github.com/hatena/apply-for-int… 10.4MB buildkit.dockerfile.v0 <missing> 3 minutes ago COPY public.pem private.pem ./ # buildkit 405B buildkit.dockerfile.v0 <missing> 3 minutes ago WORKDIR /root/ 0B buildkit.dockerfile.v0 <missing> 3 weeks ago /bin/sh -c !"nop) CMD ["bash"] 0B <missing> 3 weeks ago /bin/sh -c !"nop) ADD file:45f5dfa135c848a34… 69.3MB $ docker history debian:buster-slim IMAGE CREATED CREATED BY SIZE COMMENT df0140a4030c 3 weeks ago /bin/sh -c !"nop) CMD ["bash"] 0B <missing> 3 weeks ago /bin/sh -c !"nop) ADD file:45f5dfa135c848a34… 69.3MB 
  14. 5SJWZ ˝ IUUQTHJUIVCDPNBRVBTFDVSJUZUSJWZ ˝ %PDLFSْؕ٭ةյنٜؒؕبتطّյHJUَٛةعٛמ㵚׊יت ؞ٔ٤ֿך׀׾ $ trivy image !"severity

    HIGH hatena/apply-for-internship-2020:latest 2020-08-05T08:44:37.496+0900 WARN You should avoid using the :latest tag as it is cached. You need to specify '!"clear-cache' option when :latest image is changed 2020-08-05T08:44:40.616+0900 INFO Detecting Debian vulnerabilities!!# hatena/apply-for-internship-2020:latest (debian 10.4) ===================================================== Total: 1 (HIGH: 1) +-----------+------------------+----------+-------------------+------------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +-----------+------------------+----------+-------------------+------------------+--------------------------------+ | perl-base | CVE-2020-10878 | HIGH | 5.28.1-6 | 5.28.1-6+deb10u1 | perl: corruption of | | | | | | | intermediate language state | | | | | | | of compiled regular expression | | | | | | | due to!!# | +-----------+------------------+----------+-------------------+------------------+--------------------------------+ 
  15. "QQFOEJY%PDLFS2VJ[ $ docker run !"rm -i hatena/intern-2020-docker-quiz ˝ ⪒ゖ塜鉮׊յ !

    ֿ⭳׾כؠٛؓ ˝ ㍭זגכ׀ע ˝ " docker run !"rm -i hatena/intern-2020- docker-quiz -hint 