Base Image Journey 2018

Transcript

1. Base Image Journey 2018 @stormcat24 2018.10.09 Container Build Meetup #1

2. XIPJT ‣ $ZCFS"HFOU
   *OD
   ‣ '3&4)
   -*7&
   UFDI
   MFBE
   ‣ IUUQTCMPHTUPSNDBUJP
   ‣ )PSTF
   3BDJOH
   "OBMZTU

   stormcat24

3. %PDLFS,VCFSOFUFT
   ࣮ફίϯςφ։ൃೖ໳ ʢٕज़ධ࿦ࣾʣ

4. None

5. ίϯςφ͸࣮ߦ͢Δલͷஈ֊Ͱ উෛ͸ܾ·͍ͬͯΔ

6. զʑ͕͜͜਺೥௥ٻ͖ͯͨ͠΋ͷ ‣ ΠϝʔδͷϏϧυ࣌ؒ
   ‣ ΞϓϦέʔγϣϯͱΠϝʔδαΠζͷ࡟ݮ
   ‣ ΑΓখͯ͘͞ɺ࢖͍΍͍͢ϕʔεΠϝʔδ
   ‣ ΠϝʔδΛ͍͔ʹεϚʔτʹϏϧυ͢Δ͔

7. Ϗϧυͷ௥ٻʹΑͬͯಘΒΕΔ΋ͷ ‣ σϓϩΠ΍"VUPTDBMFͷߴ଎Խ
   ‣ ίϯςφϑϧ׆༻։ൃͰͷɺϦʔυλΠϜͷ࡟ݮ
   ‣ τϥΠΞϯυΤϥʔͷ͠΍͢͞
   ‣ Կ͔ɺ͍ܰͬͯ͑͑΍Μ

8. ΠϝʔδͱϏϧυͷมભ

9. "MQJOF
   -JOVY
   .FFUVQ
    
   ެࣜΠϝʔδ
   "MQJOFԽൃද Ϗοάόϯ CVTZCPY
   "MQJOF
   ྲྀߦ શͯͷىݯ͸
   

   TDSBUDI͔Β 
   %PDLFS
   ᴈ໌ظ NVMUJTUBHF
   CVJME
   %PDLFS ॏ͞ͳͲ
   ؾʹ͠ͳ͍
   ࣌୅ 
   %PDLFS
   ྲྀߦظ ೶ߞཱ֬ ੴثͷൃ໌ ෢ՈͷఱԼ
   ͸͡·Δ మ๒఻དྷ ೆ๺ே࣌୅
   Ԡਔͷཚ
   ૽ཚ͋Δ΋
   ҆ఆظ΁
   େࡔͷਞ
   ๛ਉ໓๢ 36/࡟ݮ
   ݮྔख๏
   ऴᖼ
   EJTUSPMFTT
   ৽ͨͳ
   ϕʔεΠϝʔδ
   ࣌୅΁ େ੓ไؐ HMJCDͷཚ ೥දతͳΞϨ #VJME,JU
   ࠇધ
   ऻདྷ

10. ॳ৺ऀͷํ΋͍ΔͷͰɺ؆୯ʹ෮शΛ͹

11. TDSBUDI ‣ %PDLFSʹΑͬͯ༧໿͞ΕͨΠϝʔδ
    ‣ EPDLFS
    JNBHF
    QVMMͰऔಘͰ͖ͳ͍ಛघͳΠϝʔδ
    ‣ શͯͷΠϝʔδͷ࢝૆

12. TDSBUDI͔Βͭ͘Δ04ϕʔεΠϝʔδ '30.
    TDSBUDI
    ADD ubuntu-trusty-core-cloudimg-amd64-root.tar.gz / RUN set -xe \ &&

    echo '#!/bin/sh' > /usr/sbin/policy-rc.d \ ... CMD [“/bin/bash”]

13. CVTZCPY ‣ ૊ΈࠐΈܥͷσΟετϦϏϡʔγϣϯ
    ‣ γϯάϧόΠφϦϢʔςΟϦςΟ
    ‣ αΠζ
    
    ໿.#
    ‣ γϯάϧόΠφϦͷΞϓϦέʔγϣϯ޲͖
    ‣

    %BUB
    7PMVNF
    $POUBJOFSͱͯ͠͠͹͠͹࢖ΘΕͨΓ

14. "MQJOF
    -JOVY ‣ #VTZCPYϕʔεͰɺ͜Ε΋૊ΈࠐΈܥ޲͚
    ‣ BMQJOFͷαΠζ
    
    ໿.#
    ‣ ύοέʔδϚωʔδϟBQL
    ‣ ඪ४$ϥΠϒϥϦ͸NVTM
    ‣

    ೥ʹɺඪ४%PDLFSΠϝʔδͷϕʔεΠϝʔδͱͯ͠ ࠾༻͞ΕΔ
    ‣ Ҏޙɺܰྔ͞ͱѻ͍΍͔͢͞Β޿·Δ

15. "MQJOFͰͷϏϧυ FROM alpine:3.7 RUN apk add --no-cache wget RUN wget

    https://github.com/progrium/entrykit/releases/download/ v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz RUN tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz RUN rm entrykit_0.4.0_Linux_x86_64.tgz RUN mv entrykit /bin/entrykit RUN chmod +x /bin/entrykit RUN entrykit --symlink

16. 36/ͷ਺ΛݮΒ࣌͢୅ FROM alpine:3.7 RUN apk add --no-cache wget && \

    wget https://github.com/progrium/entrykit/releases/download/ v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz && \ tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz && \ rm entrykit_0.4.0_Linux_x86_64.tgz && \ mv entrykit /bin/entrykit && \ chmod +x /bin/entrykit && \ entrykit --symlink 36/ͷճ਺͚ͩΠϝʔδϨΠϠʔ͕ੵΈॏͳΔ
    ྦ͙·͍͠Πϝʔδݮྔ࣌୅΁ಥೖ
    ˞Մಡੑ௿Լͱ࿑ྗ૿
    

17. NVMUJTUBHF
    CVJME౸དྷ FROM alpine:3.7 AS build RUN apk add --no-cache wget

    RUN wget https://github.com/progrium/entrykit/releases/download/ v0.4.0/entrykit_0.4.0_Linux_x86_64.tgz RUN tar -xvzf entrykit_0.4.0_Linux_x86_64.tgz RUN mv entrykit /bin/entrykit FROM alpine:3.7 COPY --from=build /bin/entrykit /bin/ RUN chmod +x /bin/entrykit RUN entrykit —symlink ‏ΞϓϦέʔγϣϯͷ഑ஔ͚ͩʹઐ೦Ͱ͖Δ ‏Ϗϧυ࣌ͷ࢈ഇॲཧ͕ෆཁ

18. 6CVOUVଞ ‣ ॳظ͸਺ඦ.#ͷΠϝʔδ͹͔Γͩͬͨ
    ‣ VCVOUV͸.#
    ‣ "OUJ
    "MQJOF੎ͷड͚ࡼ΁
    ‣ ܰྔԽʹΑΓɺϕʔεΠϝʔδͱͯ͠ͷར༻͸࠶ධՁ͞Ε Δ΂͖

19. ৽ͨͳϕʔεΠϝʔδ࣌୅
    ʢେ੓ไؐޙʣ

20. EJTUSPMFTT ‣ IUUQTHJUIVCDPN(PPHMF$POUBJOFS5PPMTEJTUSPMFTT
    ‣ EJTUSPMFTT
    
    ແҙຯͳɺແடংͳ
    ‣ ΞϓϦέʔγϣϯͱґଘϥϯλΠϜͷΈؚ͕·ΕΔ
    ‣ EJTUSPMFTTࣗମ͸#B[FMͰϏϧυ͞Ε͍ͯΔ

21. ࣮ߦ༻Πϝʔδͱͯ͠࠷௿ݶ࣋ͭ΂͖΋ͷ ‣ DBDFSUJGJDBUFT
    ‣ HMJCD
    ‣ MJCTTMPQFOTTM
    ‣ FUDQBTTXE
    SPPU

    
    ‣ UNQ

22. EJTUSPMFTTՈ ‣ HDSJPEJTUSPMFTTCBTF
    ‣ HDSJPEJTUSPMFTTKBWB
    ‣ HDSJPEJTUSPMFTTDD
    ‣ HDSJPEJTUSPMFTTQZUIPO
    ‣

    HDSJPEJTUSPMFTTOPEFKT
    ‣ HDSJPEJTUSPMFTTEPUOFU

23. HDSJPEJTUSPMFTTCBTF ‣ ࣮ߦ༻Πϝʔδͱͯ͠࠷௿ݶඞཁͳ΋ͷΛඋ͑ͨΠϝʔδ
    ‣ αΠζ
    
    ໿.#
    ‣ ͋͘·Ͱ࣮ߦ༻ɻ੒Ռ෺ΛϏϧυ͢Δʹ͸޲͍͍ͯͳ͍

24. EJTUSPMFTT࢖͍ํ

25. FH
    EJTUSPMFTT
    
    (PMBOH FROM golang:1.10 as build-env WORKDIR /go/src/app ADD .

    /go/src/app RUN go-wrapper download RUN go-wrapper install FROM gcr.io/distroless/base COPY --from=build-env /go/bin/app / CMD ["/app"] ‏(PͷެࣜΠϝʔδͰϏϧυ ‏NVMUJTUBUF
    CVJME

26. EFCVH
    JNBHF ‣ EJTUSPMFTTʹ͸TI͕ແ͍
    ‣ ίϯςφͷதΛ८ճ͚ͨ͠Ε͹ɺEFCVHΠϝʔδΛ࢖͏
    ‣ CVTZCPYͷTI͕࢖͑Δ $ docker container

    run -ti --entrypoint=sh gcr.io/distroless/base:debug / # ls -l total 40 drwxr-xr-x 2 root root 12288 Jan 1 1970 busybox drwxr-xr-x 5 root root 360 Oct 9 02:51 dev drwxr-xr-x 5 root root 4096 Oct 9 02:51 etc drwx------ 2 root root 4096 Oct 9 02:51 home ...

27. ԿނEJTUSPMFTT͔ʁ

28. ࣮ߦʹඞཁ࠷খݶͷ΋ͷؚ͚͕ͩ·ΕΔ ηΩϡϦςΟϦεΫͷ௿ݮ

29. $7&هࡌͷ੬ऑੑʹରԠͨ͠
    ࠷৽ͷΠϝʔδ͕ৗʹఏڙ͞ΕΔ

30. EJTUSPMFTT͸MBUFTU
    EFCVHͷΈ

31. MBUFTU͚ͩఏڙͯ͠Δͷ͕ݡ͍ ‣ EJTUSPMFTTϕʔεͷΠϝʔδΛϏϧυ͢Δࡍɺৗʹ࠷৽ͷ ϕʔεΠϝʔδ͕ར༻Ͱ͖Δ
    ‣ ੬ऑੑରԠͷίετ%08/
    ‣ EJTUSPMFTTΛ࢖͏͜ͱ͕ࣗମ͕ηΩϡϦςΟΛߴΊΔͨΊ ͷୈҰาʹͳΔ

32. EJTUSPMFTTॴײ ‣ NVMUJTUBHF
    CVJMEͱͷߴ͍਌࿨ੑ
    ‣ ओཁͳݴޠϥϯλΠϜͷαϙʔτ
    ‣ ҆ఆͨ͠ΠϝʔδΛɺ࿑ྗແ͘ӡ༻͍ͯ࣌͘͠୅ʹಥೖ

33. None

34. +JC ‣ IUUQTHJUIVCDPN(PPHMF$POUBJOFS5PPMTKJC
    ‣ +BWBΞϓϦέʔγϣϯͷίϯςφԽʹಛԽͨ͠πʔϧ
    ‣ +JC͸ϕʔεΠϝʔδͰ͸ແͯ͘πʔϧ
    ‣ .BWFO
    (SBEMFͷϏϧυϓϩηεʹ૊ΈࠐΊΔ
    

    ‣ %PDLFSGJMFෆཁ

35. CVJMEHSBEMF jib.to.image = 'registry.hub.docker.com/stormcat24/hellojib:latest' jib { from { image =

    'gcr.io/distroless/java' credHelper = 'osxkeychain' } to { image = 'registry.hub.docker.com/stormcat24/hellojib:latest' credHelper = 'osxkeychain' auth { username = dockerUsername password = dockerPassword } } container { jvmFlags = ['-Djava.security.egd=file:/dev/./urandom', '-Duser.timezone=GMT+08', '-Xdebug'] mainClass = 'com.example.jib.JibApplication' args = ['some args'] ports = ['8080'] }

36. +JCͰϏϧυ $ ./gradlew jib warning: Base image 'gcr.io/distroless/java' does not

    use a specific image digest - build may not be reproducible Containerizing application to stormcat24/hellojib... Retrieving registry credentials for registry.hub.docker.com... Getting base image gcr.io/distroless/java... … Built and pushed image as stormcat24/hellojib BUILD SUCCESSFUL in 3s $ docker image ls --filter "reference=stormcat24/hellojib" REPOSITORY TAG IMAGE ID CREATED SIZE stormcat24/hellojib latest 66a7c02acbdf 48 years ago 119MB ‐೥લʹͳͬͯͯ૲

37. ·ͱΊ ‣ EJTUSPMFTTͰϕʔεΠϝʔδ͸৽࣌୅΁ಥೖ
    ‣ ܰ͞΋େࣄ͕ͩɺܧଓతʹ҆ఆɾݎ࿚ੑ͋ΔΠϝʔδΛʢ͋ ·Γҙࣝͤͣʹʣ࡞Γ΍͘͢͢ΔεΩʔϜ΁
    ‣ +JCͷΑ͏ʹɺΞϓϦέʔγϣϯࢦ޲ͳϏϧυπʔϧͷྲྀߦ ͷஹ͠
    ‣

    "MQJOF͸͜Ε͔Β΋·ͩ·ͩϝΠϯετϦʔϜͰ׆༂ɻ͠ ͔͠ɺ෇͖߹͍ํΛ࠶ߟ͢Δ࣌ظʹ͸དྷ͍ͯΔ

38. Thanks✋