Using and abusing container metadata

Slide 1

Slide 1 text

Using and abusing container metadata Liz Rice @lizrice | @microscaling speakerdeck.com/lizrice/using-and-abusing -container-metadata

Slide 2

Slide 2 text

Agenda ● Container images and layers ● Container metadata and labels ● Metadata inheritance ● Metadata automation

Slide 3

Slide 3 text

Frisbee whizzing through the air above our heads over the sand into the water onto the waves out to sea. You cried a lot that day. Frisbee was a lovely dog. Brian Bilston

Slide 4

Slide 4 text

Image: Lewis Clarke Containers

Slide 5

Slide 5 text

Image: Tyler Allen Container Images

Slide 6

Slide 6 text

1. Container images

Slide 7

Slide 7 text

server Host OS bins / libs App A bins / libs App B image

Slide 8

Slide 8 text

Dockerfile image docker build

Slide 9

Slide 9 text

Let’s make one

Slide 10

Slide 10 text

Create a new directory $ mkdir tiad # or whatever you like $ cd tiad Create a file called greeting, something like this Hello TIAD

Slide 11

Slide 11 text

Create a file called Dockerfile FROM alpine:latest MAINTAINER COPY greeting greeting CMD echo `cat greeting` Reverse quotes

Slide 12

Slide 12 text

You’ll need a Docker Hub namespace - Your Docker Hub name - Or maybe an organization

Slide 13

Slide 13 text

Build the container $ docker build -t /tiad . Run it $ docker run /tiad

Slide 14

Slide 14 text

Push it to Docker Hub - You’ll need your Docker Hub repo name $ docker push /tiad - You might need to log in first $ docker login

Slide 15

Slide 15 text

Look at the image information $ docker inspect /tiad ... "Author": "liz@lizrice.com", ... "Cmd": [ "/bin/sh", "-c", "echo `cat greeting`" ], ... "Layers": [ "sha256:9007f5987db353ec398a223bc5a135c5a9601798b... "sha256:182229f64cf81b7c99d6009c85764eb359f636f8df2... ...

Slide 16

Slide 16 text

Look up your image on microbadger.com

Slide 17

Slide 17 text

Dockerfile image docker build

Slide 18

Slide 18 text

Dockerfile FROM MAINTAINER COPY CMD Image File system layer Metadata Metadata File system layer

Slide 19

Slide 19 text

2. Container metadata - Tagging - Labels

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

Tagging Distinguish between different versions of the same image

Slide 22

Slide 22 text

Edit the greeting file Build a new version of the container, with a new tag $ docker build -t /tiad:new . Run it $ docker run /tiad:new

Slide 23

Slide 23 text

Push it $ docker push /tiad:new Find the Webhook for your image on MicroBadger POST to it to trigger re-inspection $ curl -X POST https://hooks.microbadger.com/

Slide 24

Slide 24 text

Look at it on Docker Hub (hub.docker.com) and MicroBadger - See both tagged versions (latest & new) - Which is most recent?

Slide 25

Slide 25 text

No content

Slide 26

Slide 26 text

Labelling Add arbitrary metadata to your image

Slide 27

Slide 27 text

git ref usage contact vendor Image

Slide 28

Slide 28 text

git ref usage contact vendor Image Alarm system automatically connected to contact Reproduce problem with precise codebase Filter deployed images from vendor

Slide 29

Slide 29 text

Standard semantics for container labels label-schema.org

Slide 30

Slide 30 text

Add labels in your Dockerfile FROM alpine:latest MAINTAINER COPY greeting greeting CMD echo `cat greeting` LABEL org.label-schema.name=“TIAD test” \ org.label-schema.description=“Whatever you like”

Slide 31

Slide 31 text

Build a new version of the container with another tag $ docker build -t /tiad:labels . Push it, and call your MicroBadger web hook $ docker push /tiad:labels $ curl -X POST https://hooks.microbadger.com/

Slide 32

Slide 32 text

3. Child images & inheritance Some metadata gets handed down, and some doesn’t

Slide 33

Slide 33 text

Create a Dockerfile for a child image - call it Dockerfile.child FROM /tiad:labels CMD echo yo peeps LABEL org.label-schema.description = “Overwrites the old description”

Slide 34

Slide 34 text

Build the child image $ docker build -f Dockerfile.child -t /tiadchild . Push it $ docker push /tiadchild Take a look at the child image on microbadger.com

Slide 35

Slide 35 text

Using FROM directive - inherits labels - doesn’t inherit MAINTAINER

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

You can filter images with particular labels: $ docker images --filter "label=org.label-schema.name" $ docker images --filter "label=org.label-schema.name=TIAD test" You can also filter running containers: $ docker ps --filter "label=org.label-schema.name" And apply labels at runtime $ docker run --label "label=org.label-schema.name" /tiad:labels

Slide 38

Slide 38 text

Build-time labels - images are immutable e.g. - What code is in this image? - Where is the documentation? Run-time labels - can change after build e.g. - Test / acceptance status of this image

Slide 39

Slide 39 text

Add up-to-date git references into your image 4. Automate with a makefile

Slide 40

Slide 40 text

Initialize this directory under git - or do this with an existing repo + image + Dockerfile $ git init . Add to Dockerfile: ARG VCS_REF LABEL org.label-schema.vcs-ref=$VCS_REF

Slide 41

Slide 41 text

Add substitution params to Dockerfile: ARG VCS_REF LABEL org.label-schema.vcs-ref=$VCS_REF Build the image with value for that param: $ docker build --build-arg VCS_REF=`git rev-parse --short HEAD` .

Slide 42

Slide 42 text

You can include that as part of a Makefile, e.g. default: docker_build docker_build: docker build \ --build-arg VCS_REF=`git rev-parse --short HEAD` \ --build-arg BUILD_DATE=`date -u +“%Y-%m-$dT%H:%M:%SZ”` .

Slide 43

Slide 43 text

What not to do! ● Apply ‘latest’ to an old image ● Use someone else’s email as the maintainer ● Don’t look at labels before you build from an image

Slide 44

Slide 44 text

MicroBadger.com label-schema.org @lizrice | @microscaling Image: Peter Trimming