Base Image Journey 2018 @stormcat24 2018.10.09 Container Build Meetup #1

XIPJT ‣ $ZCFS"HFOU *OD ‣ '3&4)-*7&UFDIMFBE ‣ IUUQTCMPHTUPSNDBUJP ‣ )PSTF3BDJOH"OBMZTU stormcat24

%PDLFS,VCFSOFUFT ࣮ફίϯςφ։ൃೖ໳ ʢٕज़ධ࿦ࣾʣ

No content

ίϯςφ͸࣮ߦ͢Δલͷஈ֊Ͱ উෛ͸ܾ·͍ͬͯΔ

զʑ͕͜͜਺೥௥ٻ͖ͯͨ͠΋ͷ ‣ ΠϝʔδͷϏϧυ࣌ؒ ‣ ΞϓϦέʔγϣϯͱΠϝʔδαΠζͷ࡟ݮ ‣ ΑΓখͯ͘͞ɺ࢖͍΍͍͢ϕʔεΠϝʔδ ‣ ΠϝʔδΛ͍͔ʹεϚʔτʹϏϧυ͢Δ͔

Ϗϧυͷ௥ٻʹΑͬͯಘΒΕΔ΋ͷ ‣ σϓϩΠ΍"VUPTDBMFͷߴ଎Խ ‣ ίϯςφϑϧ׆༻։ൃͰͷɺϦʔυλΠϜͷ࡟ݮ ‣ τϥΠΞϯυΤϥʔͷ͠΍͢͞ ‣ Կ͔ɺ͍ܰͬͯ͑͑΍Μ

ΠϝʔδͱϏϧυͷมભ

"MQJOF-JOVY.FFUVQ ެࣜΠϝʔδ "MQJOFԽൃද Ϗοάόϯ CVTZCPY "MQJOF ྲྀߦ શͯͷىݯ͸ TDSBUDI͔Β %PDLFS ᴈ໌ظ NVMUJTUBHF CVJME %PDLFS ॏ͞ͳͲ ؾʹ͠ͳ͍ ࣌୅ %PDLFS ྲྀߦظ ೶ߞཱ֬ ੴثͷൃ໌ ෢ՈͷఱԼ ͸͡·Δ మ๒఻དྷ ೆ๺ே࣌୅ Ԡਔͷཚ ૽ཚ͋Δ΋ ҆ఆظ΁ େࡔͷਞ ๛ਉ໓๢ 36/࡟ݮ ݮྔख๏ ऴᖼ EJTUSPMFTT ৽ͨͳ ϕʔεΠϝʔδ ࣌୅΁ େ੓ไؐ HMJCDͷཚ ೥දతͳΞϨ #VJME,JU ࠇધ ऻདྷ

ॳ৺ऀͷํ΋͍ΔͷͰɺ؆୯ʹ෮शΛ͹

TDSBUDI ‣ %PDLFSʹΑͬͯ༧໿͞ΕͨΠϝʔδ ‣ EPDLFSJNBHFQVMMͰऔಘͰ͖ͳ͍ಛघͳΠϝʔδ ‣ શͯͷΠϝʔδͷ࢝૆

TDSBUDI͔Βͭ͘Δ04ϕʔεΠϝʔδ '30.TDSBUDI ADD ubuntu-trusty-core-cloudimg-amd64-root.tar.gz / RUN set -xe \ && echo '#!/bin/sh' > /usr/sbin/policy-rc.d \ ... CMD [“/bin/bash”]

CVTZCPY ‣ ૊ΈࠐΈܥͷσΟετϦϏϡʔγϣϯ ‣ γϯάϧόΠφϦϢʔςΟϦςΟ ‣ αΠζ໿.# ‣ γϯάϧόΠφϦͷΞϓϦέʔγϣϯ޲͖ ‣ %BUB7PMVNF$POUBJOFSͱͯ͠͠͹͠͹࢖ΘΕͨΓ

"MQJOF-JOVY ‣ #VTZCPYϕʔεͰɺ͜Ε΋૊ΈࠐΈܥ޲͚ ‣ BMQJOFͷαΠζ໿.# ‣ ύοέʔδϚωʔδϟBQL ‣ ඪ४$ϥΠϒϥϦ͸NVTM ‣ ೥ʹɺඪ४%PDLFSΠϝʔδͷϕʔεΠϝʔδͱͯ͠ ࠾༻͞ΕΔ ‣ Ҏޙɺܰྔ͞ͱѻ͍΍͔͢͞Β޿·Δ

"MQJOFͰͷϏϧυ FROM alpine:3.7 RUN apk add --no-cache wget RUN wget https://github.com/progrium/entrykit/releases/download/ v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz RUN tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz RUN rm entrykit_0.4.0_Linux_x86_64.tgz RUN mv entrykit /bin/entrykit RUN chmod +x /bin/entrykit RUN entrykit --symlink

36/ͷ਺ΛݮΒ࣌͢୅ FROM alpine:3.7 RUN apk add --no-cache wget && \ wget https://github.com/progrium/entrykit/releases/download/ v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz && \ tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz && \ rm entrykit_0.4.0_Linux_x86_64.tgz && \ mv entrykit /bin/entrykit && \ chmod +x /bin/entrykit && \ entrykit --symlink 36/ͷճ਺͚ͩΠϝʔδϨΠϠʔ͕ੵΈॏͳΔ ྦ͙·͍͠Πϝʔδݮྔ࣌୅΁ಥೖ ˞Մಡੑ௿Լͱ࿑ྗ૿

NVMUJTUBHFCVJME౸དྷ FROM alpine:3.7 AS build RUN apk add --no-cache wget RUN wget https://github.com/progrium/entrykit/releases/download/ v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz RUN tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz RUN mv entrykit /bin/entrykit FROM alpine:3.7 COPY --from=build /bin/entrykit /bin/ RUN chmod +x /bin/entrykit RUN entrykit —symlink ‏ΞϓϦέʔγϣϯͷ഑ஔ͚ͩʹઐ೦Ͱ͖Δ ‏Ϗϧυ࣌ͷ࢈ഇॲཧ͕ෆཁ

6CVOUVଞ ‣ ॳظ͸਺ඦ.#ͷΠϝʔδ͹͔Γͩͬͨ ‣ VCVOUV͸.# ‣ "OUJ"MQJOF੎ͷड͚ࡼ΁ ‣ ܰྔԽʹΑΓɺϕʔεΠϝʔδͱͯ͠ͷར༻͸࠶ධՁ͞Ε Δ΂͖

৽ͨͳϕʔεΠϝʔδ࣌୅ ʢେ੓ไؐޙʣ

EJTUSPMFTT ‣ IUUQTHJUIVCDPN(PPHMF$POUBJOFS5PPMTEJTUSPMFTT ‣ EJTUSPMFTTແҙຯͳɺແடংͳ ‣ ΞϓϦέʔγϣϯͱґଘϥϯλΠϜͷΈؚ͕·ΕΔ ‣ EJTUSPMFTTࣗମ͸#B[FMͰϏϧυ͞Ε͍ͯΔ

࣮ߦ༻Πϝʔδͱͯ͠࠷௿ݶ࣋ͭ΂͖΋ͷ ‣ DBDFSUJGJDBUFT ‣ HMJCD ‣ MJCTTMPQFOTTM ‣ FUDQBTTXE SPPU ‣ UNQ

EJTUSPMFTTՈ ‣ HDSJPEJTUSPMFTTCBTF ‣ HDSJPEJTUSPMFTTKBWB ‣ HDSJPEJTUSPMFTTDD ‣ HDSJPEJTUSPMFTTQZUIPO ‣ HDSJPEJTUSPMFTTOPEFKT ‣ HDSJPEJTUSPMFTTEPUOFU

HDSJPEJTUSPMFTTCBTF ‣ ࣮ߦ༻Πϝʔδͱͯ͠࠷௿ݶඞཁͳ΋ͷΛඋ͑ͨΠϝʔδ ‣ αΠζ໿.# ‣ ͋͘·Ͱ࣮ߦ༻ɻ੒Ռ෺ΛϏϧυ͢Δʹ͸޲͍͍ͯͳ͍

EJTUSPMFTT࢖͍ํ

FHEJTUSPMFTT(PMBOH FROM golang:1.10 as build-env WORKDIR /go/src/app ADD . /go/src/app RUN go-wrapper download RUN go-wrapper install FROM gcr.io/distroless/base COPY --from=build-env /go/bin/app / CMD ["/app"] ‏(PͷެࣜΠϝʔδͰϏϧυ ‏NVMUJTUBUFCVJME

EFCVHJNBHF ‣ EJTUSPMFTTʹ͸TI͕ແ͍ ‣ ίϯςφͷதΛ८ճ͚ͨ͠Ε͹ɺEFCVHΠϝʔδΛ࢖͏ ‣ CVTZCPYͷTI͕࢖͑Δ $ docker container run -ti --entrypoint=sh gcr.io/distroless/base:debug / # ls -l total 40 drwxr-xr-x 2 root root 12288 Jan 1 1970 busybox drwxr-xr-x 5 root root 360 Oct 9 02:51 dev drwxr-xr-x 5 root root 4096 Oct 9 02:51 etc drwx------ 2 root root 4096 Oct 9 02:51 home ...

ԿނEJTUSPMFTT͔ʁ

࣮ߦʹඞཁ࠷খݶͷ΋ͷؚ͚͕ͩ·ΕΔ ηΩϡϦςΟϦεΫͷ௿ݮ

$7&هࡌͷ੬ऑੑʹରԠͨ͠ ࠷৽ͷΠϝʔδ͕ৗʹఏڙ͞ΕΔ

EJTUSPMFTT͸MBUFTU EFCVHͷΈ

MBUFTU͚ͩఏڙͯ͠Δͷ͕ݡ͍ ‣ EJTUSPMFTTϕʔεͷΠϝʔδΛϏϧυ͢Δࡍɺৗʹ࠷৽ͷ ϕʔεΠϝʔδ͕ར༻Ͱ͖Δ ‣ ੬ऑੑରԠͷίετ%08/ ‣ EJTUSPMFTTΛ࢖͏͜ͱ͕ࣗମ͕ηΩϡϦςΟΛߴΊΔͨΊ ͷୈҰาʹͳΔ

EJTUSPMFTTॴײ ‣ NVMUJTUBHFCVJMEͱͷߴ͍਌࿨ੑ ‣ ओཁͳݴޠϥϯλΠϜͷαϙʔτ ‣ ҆ఆͨ͠ΠϝʔδΛɺ࿑ྗແ͘ӡ༻͍ͯ࣌͘͠୅ʹಥೖ

No content

+JC ‣ IUUQTHJUIVCDPN(PPHMF$POUBJOFS5PPMTKJC ‣ +BWBΞϓϦέʔγϣϯͷίϯςφԽʹಛԽͨ͠πʔϧ ‣ +JC͸ϕʔεΠϝʔδͰ͸ແͯ͘πʔϧ ‣ .BWFO (SBEMFͷϏϧυϓϩηεʹ૊ΈࠐΊΔ ‣ %PDLFSGJMFෆཁ

CVJMEHSBEMF jib.to.image = 'registry.hub.docker.com/stormcat24/hellojib:latest' jib { from { image = 'gcr.io/distroless/java' credHelper = 'osxkeychain' } to { image = 'registry.hub.docker.com/stormcat24/hellojib:latest' credHelper = 'osxkeychain' auth { username = dockerUsername password = dockerPassword } } container { jvmFlags = ['-Djava.security.egd=file:/dev/./urandom', '-Duser.timezone=GMT+08', '-Xdebug'] mainClass = 'com.example.jib.JibApplication' args = ['some args'] ports = ['8080'] }

+JCͰϏϧυ $ ./gradlew jib warning: Base image 'gcr.io/distroless/java' does not use a specific image digest - build may not be reproducible Containerizing application to stormcat24/hellojib... Retrieving registry credentials for registry.hub.docker.com... Getting base image gcr.io/distroless/java... … Built and pushed image as stormcat24/hellojib BUILD SUCCESSFUL in 3s $ docker image ls --filter "reference=stormcat24/hellojib" REPOSITORY TAG IMAGE ID CREATED SIZE stormcat24/hellojib latest 66a7c02acbdf 48 years ago 119MB ‐೥લʹͳͬͯͯ૲

·ͱΊ ‣ EJTUSPMFTTͰϕʔεΠϝʔδ͸৽࣌୅΁ಥೖ ‣ ܰ͞΋େࣄ͕ͩɺܧଓతʹ҆ఆɾݎ࿚ੑ͋ΔΠϝʔδΛʢ͋ ·Γҙࣝͤͣʹʣ࡞Γ΍͘͢͢ΔεΩʔϜ΁ ‣ +JCͷΑ͏ʹɺΞϓϦέʔγϣϯࢦ޲ͳϏϧυπʔϧͷྲྀߦ ͷஹ͠ ‣ "MQJOF͸͜Ε͔Β΋·ͩ·ͩϝΠϯετϦʔϜͰ׆༂ɻ͠ ͔͠ɺ෇͖߹͍ํΛ࠶ߟ͢Δ࣌ظʹ͸དྷ͍ͯΔ

Thanks✋