Presented by Gareth Rushgrove, Sr. Software Engineer, Puppet Labs
The shipping container metaphor for Docker points to many of the advantages of building and running software using containers. But what about other essential parts of the shipping container ecosystem like the shipping manifest and bill of lading?
Many of the most powerful features of traditional package management tools like apt or yum are based on metadata associated with the packages. You can find out who created a package and when, check where a particular file came from, whether the package has a known vulnerability and more. What would this capability look like for Docker containers?
This talk will look at the power of metadata for containers, in particular:
* Docker provides labels for associating metadata with images and containers but how best to use them?* What problems can be solved by agreeing on standards for container metadata?* Exposing standard commands and endpoints to expose metadata about what is inside a container* Demo some open source toolings and also look at the sort of tools we might build atop those standards and low-level tools.
8. A manifest or ship's manifest
is a document listing the
cargo, passengers, and crew
of a ship, aircraft, or vehicle,
for the use of customs and
other officials.
9. A bill of lading is a
document issued by a carrier
which details a shipment of
merchandise and gives title
of that shipment to a
specified party.
21. Don’t do this - new layer per label
LABEL vendor=ACME Incorporated
LABEL com.example.version.is-beta
LABEL com.example.version="0.0.1-beta"
LABEL com.example.release-date="2015-02-12"
22. Better - only one layer
LABEL vendor="ACME Incorporated"
com.example.is-beta
com.example.version="0.0.1-beta"
com.example.release-date="2015-02-12"
37. Summary: A CD player app that rocks!
Name: cdplayer
Version: 1.0
Release: 1
Copyright: GPL
Group: Applications/Sound
Source: ftp://ftp.gnomovision.com/pub/cdplayer/cdplayer
URL: http://www.gnomovision.com/cdplayer/cdplayer.html
Distribution: WSS Linux
Vendor: White Socks Software, Inc.
Packager: Santa Claus <sclaus@northpole.com>
%description
It slices! It dices! It's a CD player app that
can't be beat. By using the resonant frequency
of the CD itself, it is able to simulate 20X
Example RPM spec file
46. All (third-party) tools should
prefix their keys with the
reverse DNS notation of a
domain controlled by the
author. For example,
com.example.some-label.
1
60. Check against Docker guidelines
$ dli lint
========> Check all labels have namespaces
[WARN] Label 'vendor' should use a namespace based
on reverse DNS notation
========> Check labels don't use reserved namespaces
========> Check labels only use valid characters
========> Check labels start and end with alpanumeric
characters
========> Check labels for double dots and dashes
61. $ dli validate
========> Check labels based on schema in 'schema.json'
[ERROR] u'com.example.is-beta' is a required property
Check against a schema
68. Dockerfile example
FROM alpine
LABEL net.morethanseven.dockerfile="/Dockerfile"
net.morethanseven.exec.packages="apk info -vv"
RUN apk add --update bash && rm -rf /var/cache/apk/*
COPY Dockerfile /
69. Discover out API
$ docker inspect -f "{{json .Config.Labels }}"
garethr/alpine
| jq
{
"net.morethanseven.dockerfile": "/Dockerfile",
"net.morethanseven.exec.packages": "apk info -vv"
}
70. Read the Dockerfile
$ docker run -i -t garethr/alpine cat /Dockerfile
FROM alpine
LABEL net.morethanseven.dockerfile="/Dockerfile"
net.morethanseven.exec.packages="apk info -vv"
RUN apk add --update bash && rm -rf /var/cache/apk/*
COPY Dockerfile /
71. $ docker run -i -t garethr/alpine apk info -vv
musl-1.1.11-r2 - the musl c library (libc) implementati
busybox-1.23.2-r0 - Size optimized toolbox of many comm
alpine-baselayout-2.3.2-r0 - Alpine base dir structure
openrc-0.15.1-r3 - OpenRC manages the services, startup
alpine-conf-3.2.1-r6 - Alpine configuration management
List installed packages