Base Image Journey 2018

Base
Image
Journey 2018
@stormcat24
2018.10.09 Container Build Meetup #1

View Slide

XIPJT
‣ $ZCFS"HFOU *OD
‣ '3&4)-*7&UFDIMFBE
‣ IUUQTCMPHTUPSNDBUJP
‣ )PSTF3BDJOH"OBMZTU
stormcat24

View Slide

%PDLFS,VCFSOFUFT
࣮ફίϯςφ։ൃೖ໳
ʢٕज़ධ࿦ࣾʣ

View Slide

View Slide

ίϯςφ͸࣮ߦ͢Δલͷஈ֊Ͱ
উෛ͸ܾ·͍ͬͯΔ

View Slide

զʑ͕͜͜਺೥௥ٻ͖ͯͨ͠΋ͷ
‣ ΠϝʔδͷϏϧυ࣌ؒ
‣ ΞϓϦέʔγϣϯͱΠϝʔδαΠζͷ࡟ݮ
‣ ΑΓখͯ͘͞ɺ࢖͍΍͍͢ϕʔεΠϝʔδ
‣ ΠϝʔδΛ͍͔ʹεϚʔτʹϏϧυ͢Δ͔

View Slide

Ϗϧυͷ௥ٻʹΑͬͯಘΒΕΔ΋ͷ
‣ σϓϩΠ΍"VUPTDBMFͷߴ଎Խ
‣ ίϯςφϑϧ׆༻։ൃͰͷɺϦʔυλΠϜͷ࡟ݮ
‣ τϥΠΞϯυΤϥʔͷ͠΍͢͞
‣ Կ͔ɺ͍ܰͬͯ͑͑΍Μ

View Slide

ΠϝʔδͱϏϧυͷมભ

View Slide

"MQJOF-JOVY.FFUVQ

ެࣜΠϝʔδ
"MQJOFԽൃද
Ϗοάόϯ
CVTZCPY
"MQJOF
ྲྀߦ
શͯͷىݯ͸
TDSBUDI͔Β

%PDLFS
ᴈ໌ظ
NVMUJTUBHF
CVJME
%PDLFS

ॏ͞ͳͲ
ؾʹ͠ͳ͍
࣌୅

%PDLFS
ྲྀߦظ
೶ߞཱ֬
ੴثͷൃ໌
෢ՈͷఱԼ
͸͡·Δ
మ๒఻དྷ
ೆ๺ே࣌୅
Ԡਔͷཚ
૽ཚ͋Δ΋
҆ఆظ΁
େࡔͷਞ
๛ਉ໓๢
36/࡟ݮ
ݮྔख๏
ऴᖼ
EJTUSPMFTT
৽ͨͳ
ϕʔεΠϝʔδ
࣌୅΁
େ੓ไؐ
HMJCDͷཚ
೥දతͳΞϨ
#VJME,JU
ࠇધ
ऻདྷ

View Slide

ॳ৺ऀͷํ΋͍ΔͷͰɺ؆୯ʹ෮शΛ͹

View Slide

TDSBUDI
‣ %PDLFSʹΑͬͯ༧໿͞ΕͨΠϝʔδ
‣ EPDLFSJNBHFQVMMͰऔಘͰ͖ͳ͍ಛघͳΠϝʔδ
‣ શͯͷΠϝʔδͷ࢝૆

View Slide

TDSBUDI͔Βͭ͘Δ04ϕʔεΠϝʔδ
'30.TDSBUDI
ADD ubuntu-trusty-core-cloudimg-amd64-root.tar.gz /
RUN set -xe \
&& echo '#!/bin/sh' > /usr/sbin/policy-rc.d \
...
CMD [“/bin/bash”]

View Slide

CVTZCPY
‣ ૊ΈࠐΈܥͷσΟετϦϏϡʔγϣϯ
‣ γϯάϧόΠφϦϢʔςΟϦςΟ
‣ αΠζ໿.#
‣ γϯάϧόΠφϦͷΞϓϦέʔγϣϯ޲͖
‣ %BUB7PMVNF$POUBJOFSͱͯ͠͠͹͠͹࢖ΘΕͨΓ

View Slide

"MQJOF-JOVY
‣ #VTZCPYϕʔεͰɺ͜Ε΋૊ΈࠐΈܥ޲͚
‣ BMQJOFͷαΠζ໿.#
‣ ύοέʔδϚωʔδϟBQL
‣ ඪ४$ϥΠϒϥϦ͸NVTM
‣ ೥ʹɺඪ४%PDLFSΠϝʔδͷϕʔεΠϝʔδͱͯ͠
࠾༻͞ΕΔ
‣ Ҏޙɺܰྔ͞ͱѻ͍΍͔͢͞Β޿·Δ

View Slide

"MQJOFͰͷϏϧυ
FROM alpine:3.7
RUN apk add --no-cache wget
RUN wget https://github.com/progrium/entrykit/releases/download/
v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz
RUN tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz
RUN rm entrykit_0.4.0_Linux_x86_64.tgz
RUN mv entrykit /bin/entrykit
RUN chmod +x /bin/entrykit
RUN entrykit --symlink

View Slide

36/ͷ਺ΛݮΒ࣌͢୅
FROM alpine:3.7
RUN apk add --no-cache wget && \
wget https://github.com/progrium/entrykit/releases/download/
v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz && \
tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz && \
rm entrykit_0.4.0_Linux_x86_64.tgz && \
mv entrykit /bin/entrykit && \
chmod +x /bin/entrykit && \
entrykit --symlink
36/ͷճ਺͚ͩΠϝʔδϨΠϠʔ͕ੵΈॏͳΔ
ྦ͙·͍͠Πϝʔδݮྔ࣌୅΁ಥೖ
˞Մಡੑ௿Լͱ࿑ྗ૿

View Slide

NVMUJTUBHFCVJME౸དྷ
FROM alpine:3.7 AS build
RUN apk add --no-cache wget
RUN wget https://github.com/progrium/entrykit/releases/download/
v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz
RUN tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz
RUN mv entrykit /bin/entrykit
FROM alpine:3.7
COPY --from=build /bin/entrykit /bin/
RUN chmod +x /bin/entrykit
RUN entrykit —symlink
‏ΞϓϦέʔγϣϯͷ഑ஔ͚ͩʹઐ೦Ͱ͖Δ
‏Ϗϧυ࣌ͷ࢈ഇॲཧ͕ෆཁ

View Slide

6CVOUVଞ
‣ ॳظ͸਺ඦ.#ͷΠϝʔδ͹͔Γͩͬͨ
‣ VCVOUV͸.#
‣ "OUJ"MQJOF੎ͷड͚ࡼ΁
‣ ܰྔԽʹΑΓɺϕʔεΠϝʔδͱͯ͠ͷར༻͸࠶ධՁ͞Ε
Δ΂͖

View Slide

৽ͨͳϕʔεΠϝʔδ࣌୅
ʢେ੓ไؐޙʣ

View Slide

EJTUSPMFTT
‣ IUUQTHJUIVCDPN(PPHMF$POUBJOFS5PPMTEJTUSPMFTT
‣ EJTUSPMFTTແҙຯͳɺແடংͳ
‣ ΞϓϦέʔγϣϯͱґଘϥϯλΠϜͷΈؚ͕·ΕΔ
‣ EJTUSPMFTTࣗମ͸#B[FMͰϏϧυ͞Ε͍ͯΔ

View Slide

࣮ߦ༻Πϝʔδͱͯ͠࠷௿ݶ࣋ͭ΂͖΋ͷ
‣ DBDFSUJGJDBUFT
‣ HMJCD
‣ MJCTTMPQFOTTM
‣ FUDQBTTXE SPPU

‣ UNQ

View Slide

EJTUSPMFTTՈ
‣ HDSJPEJTUSPMFTTCBTF
‣ HDSJPEJTUSPMFTTKBWB
‣ HDSJPEJTUSPMFTTDD
‣ HDSJPEJTUSPMFTTQZUIPO
‣ HDSJPEJTUSPMFTTOPEFKT
‣ HDSJPEJTUSPMFTTEPUOFU

View Slide

HDSJPEJTUSPMFTTCBTF
‣ ࣮ߦ༻Πϝʔδͱͯ͠࠷௿ݶඞཁͳ΋ͷΛඋ͑ͨΠϝʔδ
‣ αΠζ໿.#
‣ ͋͘·Ͱ࣮ߦ༻ɻ੒Ռ෺ΛϏϧυ͢Δʹ͸޲͍͍ͯͳ͍

View Slide

EJTUSPMFTT࢖͍ํ

View Slide

FHEJTUSPMFTT(PMBOH
FROM golang:1.10 as build-env
WORKDIR /go/src/app
ADD . /go/src/app
RUN go-wrapper download
RUN go-wrapper install
FROM gcr.io/distroless/base
COPY --from=build-env /go/bin/app /
CMD ["/app"]
‏(PͷެࣜΠϝʔδͰϏϧυ
‏NVMUJTUBUFCVJME

View Slide

EFCVHJNBHF
‣ EJTUSPMFTTʹ͸TI͕ແ͍
‣ ίϯςφͷதΛ८ճ͚ͨ͠Ε͹ɺEFCVHΠϝʔδΛ࢖͏
‣ CVTZCPYͷTI͕࢖͑Δ
$ docker container run -ti --entrypoint=sh gcr.io/distroless/base:debug
/ # ls -l
total 40
drwxr-xr-x 2 root root 12288 Jan 1 1970 busybox
drwxr-xr-x 5 root root 360 Oct 9 02:51 dev
drwxr-xr-x 5 root root 4096 Oct 9 02:51 etc
drwx------ 2 root root 4096 Oct 9 02:51 home
...

View Slide

ԿނEJTUSPMFTT͔ʁ

View Slide

࣮ߦʹඞཁ࠷খݶͷ΋ͷؚ͚͕ͩ·ΕΔ
ηΩϡϦςΟϦεΫͷ௿ݮ

View Slide

$7&هࡌͷ੬ऑੑʹରԠͨ͠
࠷৽ͷΠϝʔδ͕ৗʹఏڙ͞ΕΔ

View Slide

EJTUSPMFTT͸MBUFTU EFCVHͷΈ

View Slide

MBUFTU͚ͩఏڙͯ͠Δͷ͕ݡ͍
‣ EJTUSPMFTTϕʔεͷΠϝʔδΛϏϧυ͢Δࡍɺৗʹ࠷৽ͷ
ϕʔεΠϝʔδ͕ར༻Ͱ͖Δ
‣ ੬ऑੑରԠͷίετ%08/
‣ EJTUSPMFTTΛ࢖͏͜ͱ͕ࣗମ͕ηΩϡϦςΟΛߴΊΔͨΊ
ͷୈҰาʹͳΔ

View Slide

EJTUSPMFTTॴײ
‣ NVMUJTUBHFCVJMEͱͷߴ͍਌࿨ੑ
‣ ओཁͳݴޠϥϯλΠϜͷαϙʔτ
‣ ҆ఆͨ͠ΠϝʔδΛɺ࿑ྗແ͘ӡ༻͍ͯ࣌͘͠୅ʹಥೖ

View Slide

View Slide

+JC
‣ IUUQTHJUIVCDPN(PPHMF$POUBJOFS5PPMTKJC
‣ +BWBΞϓϦέʔγϣϯͷίϯςφԽʹಛԽͨ͠πʔϧ
‣ +JC͸ϕʔεΠϝʔδͰ͸ແͯ͘πʔϧ
‣ .BWFO (SBEMFͷϏϧυϓϩηεʹ૊ΈࠐΊΔ
‣ %PDLFSGJMFෆཁ

View Slide

CVJMEHSBEMF
jib.to.image = 'registry.hub.docker.com/stormcat24/hellojib:latest'
jib {
from {
image = 'gcr.io/distroless/java'
credHelper = 'osxkeychain'
}
to {
image = 'registry.hub.docker.com/stormcat24/hellojib:latest'
credHelper = 'osxkeychain'
auth {
username = dockerUsername
password = dockerPassword
}
}
container {
jvmFlags = ['-Djava.security.egd=ﬁle:/dev/./urandom', '-Duser.timezone=GMT+08', '-Xdebug']
mainClass = 'com.example.jib.JibApplication'
args = ['some args']
ports = ['8080']
}

View Slide

+JCͰϏϧυ
$ ./gradlew jib
warning: Base image 'gcr.io/distroless/java' does not use a speciﬁc image digest - build may not be reproducible
Containerizing application to stormcat24/hellojib...
Retrieving registry credentials for registry.hub.docker.com...
Getting base image gcr.io/distroless/java...
…
Built and pushed image as stormcat24/hellojib
BUILD SUCCESSFUL in 3s
$ docker image ls --ﬁlter "reference=stormcat24/hellojib"
REPOSITORY TAG IMAGE ID CREATED SIZE
stormcat24/hellojib latest 66a7c02acbdf 48 years ago 119MB
‐೥લʹͳͬͯͯ૲

View Slide

·ͱΊ
‣ EJTUSPMFTTͰϕʔεΠϝʔδ͸৽࣌୅΁ಥೖ
‣ ܰ͞΋େࣄ͕ͩɺܧଓతʹ҆ఆɾݎ࿚ੑ͋ΔΠϝʔδΛʢ͋
·Γҙࣝͤͣʹʣ࡞Γ΍͘͢͢ΔεΩʔϜ΁
‣ +JCͷΑ͏ʹɺΞϓϦέʔγϣϯࢦ޲ͳϏϧυπʔϧͷྲྀߦ
ͷஹ͠
‣ "MQJOF͸͜Ε͔Β΋·ͩ·ͩϝΠϯετϦʔϜͰ׆༂ɻ͠
͔͠ɺ෇͖߹͍ํΛ࠶ߟ͢Δ࣌ظʹ͸དྷ͍ͯΔ

View Slide

Thanks✋

View Slide

Base Image Journey 2018

Base Image Journey 2018

stormcat24

More Decks by stormcat24

Other Decks in Programming

Featured

Transcript