Base Image Journey 2018

Base Image Journey 2018

Container Build Meetup #1

0aac627116c6e2a87b9ae179500801df?s=128

stormcat24

October 09, 2018
Tweet

Transcript

  1. Base Image Journey 2018 @stormcat24 2018.10.09 Container Build Meetup #1

  2. XIPJT ‣ $ZCFS"HFOU *OD ‣ '3&4)-*7&UFDIMFBE ‣ IUUQTCMPHTUPSNDBUJP ‣ )PSTF3BDJOH"OBMZTU

    stormcat24
  3. %PDLFS,VCFSOFUFT ࣮ફίϯςφ։ൃೖ໳ ʢٕज़ධ࿦ࣾʣ

  4. None
  5. ίϯςφ͸࣮ߦ͢Δલͷஈ֊Ͱ উෛ͸ܾ·͍ͬͯΔ

  6. զʑ͕͜͜਺೥௥ٻ͖ͯͨ͠΋ͷ ‣ ΠϝʔδͷϏϧυ࣌ؒ ‣ ΞϓϦέʔγϣϯͱΠϝʔδαΠζͷ࡟ݮ ‣ ΑΓখͯ͘͞ɺ࢖͍΍͍͢ϕʔεΠϝʔδ ‣ ΠϝʔδΛ͍͔ʹεϚʔτʹϏϧυ͢Δ͔

  7. Ϗϧυͷ௥ٻʹΑͬͯಘΒΕΔ΋ͷ ‣ σϓϩΠ΍"VUPTDBMFͷߴ଎Խ ‣ ίϯςφϑϧ׆༻։ൃͰͷɺϦʔυλΠϜͷ࡟ݮ ‣ τϥΠΞϯυΤϥʔͷ͠΍͢͞ ‣ Կ͔ɺ͍ܰͬͯ͑͑΍Μ

  8. ΠϝʔδͱϏϧυͷมભ

  9. "MQJOF-JOVY.FFUVQ   ެࣜΠϝʔδ "MQJOFԽൃද Ϗοάόϯ CVTZCPY "MQJOF ྲྀߦ શͯͷىݯ͸

    TDSBUDI͔Β   %PDLFS ᴈ໌ظ NVMUJTUBHF CVJME %PDLFS ॏ͞ͳͲ ؾʹ͠ͳ͍ ࣌୅   %PDLFS ྲྀߦظ ೶ߞཱ֬ ੴثͷൃ໌ ෢ՈͷఱԼ ͸͡·Δ మ๒఻དྷ ೆ๺ே࣌୅ Ԡਔͷཚ ૽ཚ͋Δ΋ ҆ఆظ΁ େࡔͷਞ ๛ਉ໓๢ 36/࡟ݮ ݮྔख๏ ऴᖼ EJTUSPMFTT ৽ͨͳ ϕʔεΠϝʔδ ࣌୅΁ େ੓ไؐ HMJCDͷཚ ೥දతͳΞϨ #VJME,JU ࠇધ ऻདྷ
  10. ॳ৺ऀͷํ΋͍ΔͷͰɺ؆୯ʹ෮शΛ͹

  11. TDSBUDI ‣ %PDLFSʹΑͬͯ༧໿͞ΕͨΠϝʔδ ‣ EPDLFSJNBHFQVMMͰऔಘͰ͖ͳ͍ಛघͳΠϝʔδ ‣ શͯͷΠϝʔδͷ࢝૆

  12. TDSBUDI͔Βͭ͘Δ04ϕʔεΠϝʔδ '30.TDSBUDI ADD ubuntu-trusty-core-cloudimg-amd64-root.tar.gz / RUN set -xe \ &&

    echo '#!/bin/sh' > /usr/sbin/policy-rc.d \ ... CMD [“/bin/bash”]
  13. CVTZCPY ‣ ૊ΈࠐΈܥͷσΟετϦϏϡʔγϣϯ ‣ γϯάϧόΠφϦϢʔςΟϦςΟ ‣ αΠζ໿.# ‣ γϯάϧόΠφϦͷΞϓϦέʔγϣϯ޲͖ ‣

    %BUB7PMVNF$POUBJOFSͱͯ͠͠͹͠͹࢖ΘΕͨΓ
  14. "MQJOF-JOVY ‣ #VTZCPYϕʔεͰɺ͜Ε΋૊ΈࠐΈܥ޲͚ ‣ BMQJOFͷαΠζ໿.# ‣ ύοέʔδϚωʔδϟBQL ‣ ඪ४$ϥΠϒϥϦ͸NVTM ‣

    ೥ʹɺඪ४%PDLFSΠϝʔδͷϕʔεΠϝʔδͱͯ͠ ࠾༻͞ΕΔ ‣ Ҏޙɺܰྔ͞ͱѻ͍΍͔͢͞Β޿·Δ
  15. "MQJOFͰͷϏϧυ FROM alpine:3.7 RUN apk add --no-cache wget RUN wget

    https://github.com/progrium/entrykit/releases/download/ v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz RUN tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz RUN rm entrykit_0.4.0_Linux_x86_64.tgz RUN mv entrykit /bin/entrykit RUN chmod +x /bin/entrykit RUN entrykit --symlink
  16. 36/ͷ਺ΛݮΒ࣌͢୅ FROM alpine:3.7 RUN apk add --no-cache wget && \

    wget https://github.com/progrium/entrykit/releases/download/ v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz && \ tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz && \ rm entrykit_0.4.0_Linux_x86_64.tgz && \ mv entrykit /bin/entrykit && \ chmod +x /bin/entrykit && \ entrykit --symlink 36/ͷճ਺͚ͩΠϝʔδϨΠϠʔ͕ੵΈॏͳΔ ྦ͙·͍͠Πϝʔδݮྔ࣌୅΁ಥೖ ˞Մಡੑ௿Լͱ࿑ྗ૿
  17. NVMUJTUBHFCVJME౸དྷ FROM alpine:3.7 AS build RUN apk add --no-cache wget

    RUN wget https://github.com/progrium/entrykit/releases/download/ v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz RUN tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz RUN mv entrykit /bin/entrykit FROM alpine:3.7 COPY --from=build /bin/entrykit /bin/ RUN chmod +x /bin/entrykit RUN entrykit —symlink ‏ΞϓϦέʔγϣϯͷ഑ஔ͚ͩʹઐ೦Ͱ͖Δ ‏Ϗϧυ࣌ͷ࢈ഇॲཧ͕ෆཁ
  18. 6CVOUVଞ ‣ ॳظ͸਺ඦ.#ͷΠϝʔδ͹͔Γͩͬͨ ‣ VCVOUV͸.# ‣ "OUJ"MQJOF੎ͷड͚ࡼ΁ ‣ ܰྔԽʹΑΓɺϕʔεΠϝʔδͱͯ͠ͷར༻͸࠶ධՁ͞Ε Δ΂͖

  19. ৽ͨͳϕʔεΠϝʔδ࣌୅ ʢେ੓ไؐޙʣ

  20. EJTUSPMFTT ‣ IUUQTHJUIVCDPN(PPHMF$POUBJOFS5PPMTEJTUSPMFTT ‣ EJTUSPMFTTແҙຯͳɺແடংͳ ‣ ΞϓϦέʔγϣϯͱґଘϥϯλΠϜͷΈؚ͕·ΕΔ ‣ EJTUSPMFTTࣗମ͸#B[FMͰϏϧυ͞Ε͍ͯΔ

  21. ࣮ߦ༻Πϝʔδͱͯ͠࠷௿ݶ࣋ͭ΂͖΋ͷ ‣ DBDFSUJGJDBUFT ‣ HMJCD ‣ MJCTTMPQFOTTM ‣ FUDQBTTXE SPPU

     ‣ UNQ
  22. EJTUSPMFTTՈ ‣ HDSJPEJTUSPMFTTCBTF ‣ HDSJPEJTUSPMFTTKBWB ‣ HDSJPEJTUSPMFTTDD ‣ HDSJPEJTUSPMFTTQZUIPO ‣

    HDSJPEJTUSPMFTTOPEFKT ‣ HDSJPEJTUSPMFTTEPUOFU
  23. HDSJPEJTUSPMFTTCBTF ‣ ࣮ߦ༻Πϝʔδͱͯ͠࠷௿ݶඞཁͳ΋ͷΛඋ͑ͨΠϝʔδ ‣ αΠζ໿.# ‣ ͋͘·Ͱ࣮ߦ༻ɻ੒Ռ෺ΛϏϧυ͢Δʹ͸޲͍͍ͯͳ͍

  24. EJTUSPMFTT࢖͍ํ

  25. FHEJTUSPMFTT (PMBOH FROM golang:1.10 as build-env WORKDIR /go/src/app ADD .

    /go/src/app RUN go-wrapper download RUN go-wrapper install FROM gcr.io/distroless/base COPY --from=build-env /go/bin/app / CMD ["/app"] ‏(PͷެࣜΠϝʔδͰϏϧυ ‏NVMUJTUBUFCVJME
  26. EFCVHJNBHF ‣ EJTUSPMFTTʹ͸TI͕ແ͍ ‣ ίϯςφͷதΛ८ճ͚ͨ͠Ε͹ɺEFCVHΠϝʔδΛ࢖͏ ‣ CVTZCPYͷTI͕࢖͑Δ $ docker container

    run -ti --entrypoint=sh gcr.io/distroless/base:debug / # ls -l total 40 drwxr-xr-x 2 root root 12288 Jan 1 1970 busybox drwxr-xr-x 5 root root 360 Oct 9 02:51 dev drwxr-xr-x 5 root root 4096 Oct 9 02:51 etc drwx------ 2 root root 4096 Oct 9 02:51 home ...
  27. ԿނEJTUSPMFTT͔ʁ

  28. ࣮ߦʹඞཁ࠷খݶͷ΋ͷؚ͚͕ͩ·ΕΔ ηΩϡϦςΟϦεΫͷ௿ݮ

  29. $7&هࡌͷ੬ऑੑʹରԠͨ͠ ࠷৽ͷΠϝʔδ͕ৗʹఏڙ͞ΕΔ

  30. EJTUSPMFTT͸MBUFTU EFCVHͷΈ

  31. MBUFTU͚ͩఏڙͯ͠Δͷ͕ݡ͍ ‣ EJTUSPMFTTϕʔεͷΠϝʔδΛϏϧυ͢Δࡍɺৗʹ࠷৽ͷ ϕʔεΠϝʔδ͕ར༻Ͱ͖Δ ‣ ੬ऑੑରԠͷίετ%08/ ‣ EJTUSPMFTTΛ࢖͏͜ͱ͕ࣗମ͕ηΩϡϦςΟΛߴΊΔͨΊ ͷୈҰาʹͳΔ

  32. EJTUSPMFTTॴײ ‣ NVMUJTUBHFCVJMEͱͷߴ͍਌࿨ੑ ‣ ओཁͳݴޠϥϯλΠϜͷαϙʔτ ‣ ҆ఆͨ͠ΠϝʔδΛɺ࿑ྗແ͘ӡ༻͍ͯ࣌͘͠୅ʹಥೖ

  33. None
  34. +JC ‣ IUUQTHJUIVCDPN(PPHMF$POUBJOFS5PPMTKJC ‣ +BWBΞϓϦέʔγϣϯͷίϯςφԽʹಛԽͨ͠πʔϧ ‣ +JC͸ϕʔεΠϝʔδͰ͸ແͯ͘πʔϧ ‣ .BWFO (SBEMFͷϏϧυϓϩηεʹ૊ΈࠐΊΔ

    ‣ %PDLFSGJMFෆཁ
  35. CVJMEHSBEMF jib.to.image = 'registry.hub.docker.com/stormcat24/hellojib:latest' jib { from { image =

    'gcr.io/distroless/java' credHelper = 'osxkeychain' } to { image = 'registry.hub.docker.com/stormcat24/hellojib:latest' credHelper = 'osxkeychain' auth { username = dockerUsername password = dockerPassword } } container { jvmFlags = ['-Djava.security.egd=file:/dev/./urandom', '-Duser.timezone=GMT+08', '-Xdebug'] mainClass = 'com.example.jib.JibApplication' args = ['some args'] ports = ['8080'] }
  36. +JCͰϏϧυ $ ./gradlew jib warning: Base image 'gcr.io/distroless/java' does not

    use a specific image digest - build may not be reproducible Containerizing application to stormcat24/hellojib... Retrieving registry credentials for registry.hub.docker.com... Getting base image gcr.io/distroless/java... … Built and pushed image as stormcat24/hellojib BUILD SUCCESSFUL in 3s $ docker image ls --filter "reference=stormcat24/hellojib" REPOSITORY TAG IMAGE ID CREATED SIZE stormcat24/hellojib latest 66a7c02acbdf 48 years ago 119MB ‐೥લʹͳͬͯͯ૲
  37. ·ͱΊ ‣ EJTUSPMFTTͰϕʔεΠϝʔδ͸৽࣌୅΁ಥೖ ‣ ܰ͞΋େࣄ͕ͩɺܧଓతʹ҆ఆɾݎ࿚ੑ͋ΔΠϝʔδΛʢ͋ ·Γҙࣝͤͣʹʣ࡞Γ΍͘͢͢ΔεΩʔϜ΁ ‣ +JCͷΑ͏ʹɺΞϓϦέʔγϣϯࢦ޲ͳϏϧυπʔϧͷྲྀߦ ͷஹ͠ ‣

    "MQJOF͸͜Ε͔Β΋·ͩ·ͩϝΠϯετϦʔϜͰ׆༂ɻ͠ ͔͠ɺ෇͖߹͍ํΛ࠶ߟ͢Δ࣌ظʹ͸དྷ͍ͯΔ
  38. Thanks✋