Upgrade to Pro — share decks privately, control downloads, hide ads and more …

はてなリモートインターン2021 コンテナ 講義資料

Avatar for Hatena Hatena
October 08, 2021

はてなリモートインターン2021 コンテナ 講義資料

Avatar for Hatena

Hatena

October 08, 2021
Tweet

More Decks by Hatena

Other Decks in Technology

Transcript

  1. /BNFTQBDF 6TFS5JNF ˝ 6TFS ˝ 6*%(*%؅⮆ꦕ׌׾ ˝ 樟ם׾/BNF4QBDFך⺱׋6*%סٗ٭ا؅⛼䡗ך׀׾ ˝ 5JNF

    ˝ ٌتعכؤ٤طػס侇ꝴ؅⮆ꦕ׌׾ ˝ 攐㲊סَؕ٤عךٛتعؓך׀׾ 
  2. /BNFTQBDF 1*%/FUXPSL ˝ 1*% ˝ وٞجت*%樑⺘狜ꝴסꣴꦕ ˝ ⺲⯥狜ꝴ⫂ך僃⮣סوٞجتעQJE ˝ /procQSPDGTעאס1*%⺲⯥狜ꝴ⫂סوٞجتמסײؓؠجتך׀׾

    ˝ /FUXPSL ˝ ؾشع٠٭ؠظفؕتյٜ٭طؔ٤ءط٭هٜյ*1ؓغٝتյَ٭ع樑⺘םלסꣴ ꦕ ˝ ؤ٤طػכٌتعך⮯ס*1؅䧏י׾ 
  3. DISPPUכQJWPU@SPPU ˝ DISPPU ˝ وٞجتסٜ٭عظؔٝؠعٛ؅㚺催׊יوٞجت؅颯Ⳃ׌׾ ˝ 䧗㲊׈׿גٜ٭عظؔٝؠعٛ鿥┖סײמؓؠجتך׀׾ ˝ ☼喋┕յDISPPUס㛙מ燯Ⳃך׀י׊ױֹ ˝

    QJWPU@SPPU ˝ وٞجتסٜ٭عنٜؒؕبتطّאס׵ס؅⪌׿僀ֻיٜ٭ع؅㚺催׌׾ ˝ 兢♭ֵֿ׾׵סס㛙׫ע燯Ⳃך׀םַն 
  4. TFDDPNQ ˝ وٞجتס氦车ך׀׾بتطّؤ٭ٜ؅⯆꡾׌׾☼磝ײ ˝ TUSJDUٓ٭غSFBE XSJUF @FYJU TJHSFUVSOסײ ˝ MUFSٓ٭غCQGמ׻׾نٜؔذֿ⺎耆

    ˝ %PDLFSךظنؚٜعך⯆꡾׈׿יַ׾بتطّؤ٭ٜס┉鼧 perf_event_open, pivot_root, process_vm_readv, process_vm_writev, ptrace 
  5. %PDLFS$-* ˝ ٝةتعٛ־׼ْؕ٭ة؅رؗ٤ٞ٭غ $ docker pull <image uri> ˝ 二גמؤ٤طػ؅㲔车׌׾

    $ docker run !"rm -ti <image> <command> ˝ ⛼䡗׊גؤ٤طػ؅澬鏀׌׾ $ docker container ls -a 
  6. %PDLFS$-* ˝ 颯Ⳃ׊יַ׾ؤ٤طػ⫂ךؤُ٤غ؅㲔车׌׾ $ docker exec -ti <container id> <command>

    ˝ ؤ٤طػ⫂סنٜؒؕ؅ٌتعמؤم٭ $ docker cp <container id!"<src path> <dst path> ˝ 颯Ⳃ׊יַ׾ؤ٤طػס┉鈋 $ docker ps 
  7. # syntax = docker/dockerfile:experimental FROM golang:1.14-alpine AS builder RUN apk

    !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY Makefile ./ RUN make setup COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build make build FROM alpine COPY !"from=builder /(snip)/server /(snip)/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] %PDLFSMF ˝ %PDLFSْؕ٭ةע%PDLFSMF־׼ docker buildؤُ٤غך榟䡗 $ docker build -f Dockerfile . ˝ %PDLFSMF ˝ '30.ي٭تْؕ٭ة䧗㲊 ˝ 36/♳䙫סؤُ٤غ؅㲔车 ˝ $01:لٜغؤ٤ط؞تع־׼ نٜؒؕ؅⹦䐂׌׾ 
  8. # syntax = docker/dockerfile:experimental FROM golang:1.14-alpine AS builder RUN apk

    !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY Makefile ./ RUN make setup COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build make build FROM alpine COPY !"from=builder /(snip)/server /(snip)/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] ٕٝؕ؞ٔشبٖ ˝ لٜغ侇ꝴס湾竊סג״յ ⽜♐ⶡ⛣ך؞ٔشبٖ׈׿ ׾ ˝ ⭚杼侇ꝴֿ־־׽յ㚺催값 䈱ס㵼םַ׵ס؅⩝מ㲔车 ׌׾ 
  9. # syntax = docker/dockerfile:experimental FROM golang:1.14-alpine AS builder RUN apk

    !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY Makefile ./ RUN make setup COPY . . RUN !"mount=type=cache,target=/root/.cache/go-buil make build FROM alpine COPY !"from=builder /(snip)/server /(snip)/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] NVMUJTUBHFCVJMET ˝ ْؕ٭ةئؕث؅㵸׈ׂ⟊ ח ˝ ؓوٛآ٭ب٘٤סⳂ⛼ מ䑒釐ם❣㰆סײ⻠״׾ ˝ docker buildס!" target؛وب٘٤ ˝ 攐㲊סTUBHF؅لٜغ׌ ׾ 
  10. # syntax = docker/dockerfile:experimental FROM golang:1.14-alpine AS builder RUN apk

    !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY Makefile ./ RUN make setup COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build make build FROM alpine COPY !"from=builder /(snip)/server /(snip)/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] CVJMELJU ˝ %PDLFS׻׽塜䌋嚀耆 כםזג二׊ַلٜر٭ ˝ DOCKER_BUILDKIT=1؅錃 㲊׊יֽׂ ˝ لٜغ侇מ؞ٔشبٖסُ ؗ٤عֿך׀׾ 
  11. %PDLFSْؕ٭ة ˝ ؤ٤طػסⳂ⛼מ䑒釐םنٜؒؕ؅ױכ״ג׵ס ˝ 邾丗סٕٝؕך啶䡗׈׿׾ ˝ %PDLFS)VC $ docker pull

    <Πϝʔδ໊!"<λά> $ docker pull hatena/apply-for-internship-2020:latest 
  12. %PDLFSْؕ٭ةס╈עלֹםזיַ׾ ├── 2e3d6c9f566f06ae7e9a74b69483b8cb783b1bee48beb02b6524fbcb4de48f71 │ ├── VERSION │ ├── json │

    └── layer.tar ├── 6a28bc9521cd43cb1bbba4facfe4676649681c81ab252d09ad906ca11669d4ca │ ├── VERSION │ ├── json │ └── layer.tar ├── 83bc3862525ff9d3b82a85ec3369f8cab40f7e716e36f3db84f15763a11af2fe.json ├── da0ea11a16c18578358add538c445cd5408e29ec0f06a7196c51ee7b7e46662d │ ├── VERSION │ ├── json │ └── layer.tar ├── manifest.json └── repositories 
  13. %PDLFSْؕ٭ةס╈עלֹםזיַ׾ ˝ ْؕ٭ة啶疣ס㷽塷؅澬鏀׌׾ $ docker history <image> $ docker history

    hatena/apply-for-internship-2020 IMAGE CREATED CREATED BY SIZE COMMENT 8066217f321a 2 minutes ago ENTRYPOINT ["./apply-for-internship-2020"] 0B buildkit.dockerfile.v0 <missing> 2 minutes ago COPY /go/src/github.com/hatena/apply-for-int… 10.4MB buildkit.dockerfile.v0 <missing> 3 minutes ago COPY public.pem private.pem ./ # buildkit 405B buildkit.dockerfile.v0 <missing> 3 minutes ago WORKDIR /root/ 0B buildkit.dockerfile.v0 <missing> 3 weeks ago /bin/sh -c !"nop) CMD ["bash"] 0B <missing> 3 weeks ago /bin/sh -c !"nop) ADD file:45f5dfa135c848a34… 69.3MB $ docker history debian:buster-slim IMAGE CREATED CREATED BY SIZE COMMENT df0140a4030c 3 weeks ago /bin/sh -c !"nop) CMD ["bash"] 0B <missing> 3 weeks ago /bin/sh -c !"nop) ADD file:45f5dfa135c848a34… 69.3MB 
  14. 5SJWZ ˝ IUUQTHJUIVCDPNBRVBTFDVSJUZUSJWZ ˝ %PDLFSْؕ٭ةյنٜؒؕبتطّյHJUَٛةعٛמ㵚׊יت ؞ٔ٤ֿך׀׾ $ trivy image !"severity

    HIGH hatena/apply-for-internship-2020:latest 2020-08-05T08:44:37.496+0900 WARN You should avoid using the :latest tag as it is cached. You need to specify '!"clear-cache' option when :latest image is changed 2020-08-05T08:44:40.616+0900 INFO Detecting Debian vulnerabilities!!# hatena/apply-for-internship-2020:latest (debian 10.4) ===================================================== Total: 1 (HIGH: 1) +-----------+------------------+----------+-------------------+------------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +-----------+------------------+----------+-------------------+------------------+--------------------------------+ | perl-base | CVE-2020-10878 | HIGH | 5.28.1-6 | 5.28.1-6+deb10u1 | perl: corruption of | | | | | | | intermediate language state | | | | | | | of compiled regular expression | | | | | | | due to!!# | +-----------+------------------+----------+-------------------+------------------+--------------------------------+ 
  15. "QQFOEJY%PDLFS2VJ[ $ docker run !"rm -i hatena/intern-2020-docker-quiz ˝ ⪒ゖ塜鉮׊յ !

    ֿ⭳׾כؠٛؓ ˝ ㍭זגכ׀ע ˝ " docker run !"rm -i hatena/intern-2020- docker-quiz -hint 