TIAD 2016 : Using and abusing container metadata
1 like1,873 views
Container images are made up of layers, with each layer containing file system changes. Images can be tagged to distinguish versions and labeled to add metadata. Labels provide information like the image creator, description, and version references. Child images inherit labels from their parent image, but not the maintainer label. Automating builds with a Makefile allows labels to reference the current git commit and build time. Metadata helps understand what an image contains and how it was created.
![Look at the image information
$ docker inspect <namespace>/tiad
...
"Author": "liz@lizrice.com",
...
"Cmd": [
"/bin/sh",
"-c",
"echo `cat greeting`"
],
...
"Layers": [
"sha256:9007f5987db353ec398a223bc5a135c5a9601798b...
"sha256:182229f64cf81b7c99d6009c85764eb359f636f8df2...
...](https://image.slidesharecdn.com/usingandabusingcontainermetadata2-161019073948/85/TIAD-2016-Using-and-abusing-container-metadata-15-320.jpg)
TIAD 2016 : Using and abusing container metadata
- 1. Using and abusing container metadata Liz Rice @lizrice | @microscaling speakerdeck.com/lizrice/using-and-abusing -container-metadata
- 2. Agenda ● Container images and layers ● Container metadata and labels ● Metadata inheritance ● Metadata automation
- 3. Frisbee whizzing through the air above our heads over the sand into the water onto the waves out to sea. You cried a lot that day. Frisbee was a lovely dog. Brian Bilston
- 7. server Host OS bins / libs App A bins / libs App B image
- 10. Create a new directory $ mkdir tiad # or whatever you like $ cd tiad Create a file called greeting, something like this Hello TIAD
- 11. Create a file called Dockerfile FROM alpine:latest MAINTAINER <your@email.address> COPY greeting greeting CMD echo `cat greeting` Reverse quotes
- 12. You’ll need a Docker Hub namespace - Your Docker Hub name - Or maybe an organization
- 13. Build the container $ docker build -t <namespace>/tiad . Run it $ docker run <namespace>/tiad
- 14. Push it to Docker Hub - You’ll need your Docker Hub repo name $ docker push <namespace>/tiad - You might need to log in first $ docker login
- 15. Look at the image information $ docker inspect <namespace>/tiad ... "Author": "liz@lizrice.com", ... "Cmd": [ "/bin/sh", "-c", "echo `cat greeting`" ], ... "Layers": [ "sha256:9007f5987db353ec398a223bc5a135c5a9601798b... "sha256:182229f64cf81b7c99d6009c85764eb359f636f8df2... ...
- 16. Look up your image on microbadger.com
- 19. 2. Container metadata - Tagging - Labels
- 21. Tagging Distinguish between different versions of the same image
- 22. Edit the greeting file Build a new version of the container, with a new tag $ docker build -t <namespace>/tiad:new . Run it $ docker run <namespace>/tiad:new
- 23. Push it $ docker push <namespace>/tiad:new Find the Webhook for your image on MicroBadger POST to it to trigger re-inspection $ curl -X POST https://hooks.microbadger.com/<your webhook>
- 24. Look at it on Docker Hub (hub.docker.com) and MicroBadger - See both tagged versions (latest & new) - Which is most recent?
- 26. Labelling Add arbitrary metadata to your image
- 28. git ref usage contact vendor Image Alarm system automatically connected to contactReproduce problem with precise codebase Filter deployed images from vendor
- 29. Standard semantics for container labels label-schema.org
- 30. Add labels in your Dockerfile FROM alpine:latest MAINTAINER <your@email.address> COPY greeting greeting CMD echo `cat greeting` LABEL org.label-schema.name=“TIAD test” org.label-schema.description=“Whatever you like”
- 31. Build a new version of the container with another tag $ docker build -t <namespace>/tiad:labels . Push it, and call your MicroBadger web hook $ docker push <namespace>/tiad:labels $ curl -X POST https://hooks.microbadger.com/<your webhook>
- 32. 3. Child images & inheritance Some metadata gets handed down, and some doesn’t
- 33. Create a Dockerfile for a child image - call it Dockerfile.child FROM <namespace>/tiad:labels CMD echo yo peeps LABEL org.label-schema.description = “Overwrites the old description”
- 34. Build the child image $ docker build -f Dockerfile.child -t <namespace>/tiadchild . Push it $ docker push <namespace>/tiadchild Take a look at the child image on microbadger.com
- 35. Using FROM directive - inherits labels - doesn’t inherit MAINTAINER
- 37. You can filter images with particular labels: $ docker images --filter "label=org.label-schema.name" $ docker images --filter "label=org.label-schema.name=TIAD test" You can also filter running containers: $ docker ps --filter "label=org.label-schema.name" And apply labels at runtime $ docker run --label "label=org.label-schema.name" <namespace>/tiad:labels
- 38. Build-time labels - images are immutable e.g. - What code is in this image? - Where is the documentation? Run-time labels - can change after build e.g. - Test / acceptance status of this image
- 39. Add up-to-date git references into your image 4. Automate with a makefile
- 40. Initialize this directory under git - or do this with an existing repo + image + Dockerfile $ git init . Add to Dockerfile: ARG VCS_REF LABEL org.label-schema.vcs-ref=$VCS_REF
- 41. Add substitution params to Dockerfile: ARG VCS_REF LABEL org.label-schema.vcs-ref=$VCS_REF Build the image with value for that param: $ docker build --build-arg VCS_REF=`git rev-parse --short HEAD` .
- 42. You can include that as part of a Makefile, e.g. default: docker_build docker_build: docker build --build-arg VCS_REF=`git rev-parse --short HEAD` --build-arg BUILD_DATE=`date -u +“%Y-%m-$dT%H:%M:%SZ”` .
- 43. What not to do! ● Apply ‘latest’ to an old image ● Use someone else’s email as the maintainer ● Don’t look at labels before you build from an image
- 44. MicroBadger.com label-schema.org @lizrice | @microscaling Image: Peter Trimming