Fixes and update after workshop

nicholasdille · Dec 2, 2020 · fe22c13 · fe22c13
1 parent f7d3cf5
commit fe22c13
Show file tree

Hide file tree

Showing 17 changed files with 132 additions and 92 deletions.
diff --git a/020_advanced/030_layers/layers.demo b/020_advanced/030_layers/layers.demo
@@ -8,14 +8,23 @@ docker push localhost:5000/hello-world-java
 # Check layers
 docker history hello-world-java
 
+# Analyze layers
+dive hello-world-java
+
 # Fetch image manifest
 curl http://localhost:5000/v2/hello-world-java/manifests/latest \
   --silent \
   --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
 | jq
 
 # Fetch image configuration
-curl http://localhost:5000/v2/hello-world-java/manifests/latest \
+DIGEST=$(
+  curl http://localhost:5000/v2/hello-world-java/manifests/latest \
+    --silent \
+    --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+  | jq --raw-output '.config.digest'
+)
+curl http://localhost:5000/v2/hello-world-java/blobs/${DIGEST} \
   --silent \
   --header "Accept: application/vnd.docker.container.image.v1+json" \
 | jq

diff --git a/020_advanced/030_layers/slides.template.md b/020_advanced/030_layers/slides.template.md
@@ -64,34 +64,38 @@ Upload image to local registry
 
 <!-- include: layers-1.command -->
 
+<!-- include: layers-2.command -->
+
+https://github.com/wagoodman/dive
+
 --
 
 ## Demo: Image Manifest
 
-<!-- include: layers-2.command -->
+<!-- include: layers-3.command -->
 
 --
 
 ## Demo: Image Configuration
 
-<!-- include: layers-3.command -->
+<!-- include: layers-4.command -->
 
 --
 
 ## Demo: Download image layer
 
-<!-- include: layers-4.command -->
-
 <!-- include: layers-5.command -->
 
+<!-- include: layers-6.command -->
+
 --
 
 ## Demo: Verifying a layer
 
-<!-- include: layers-6.command -->
-
 <!-- include: layers-7.command -->
 
+<!-- include: layers-8.command -->
+
 ---
 
 ## Registries

diff --git a/020_advanced/030_layers/tagging.demo b/020_advanced/030_layers/tagging.demo
@@ -4,7 +4,7 @@
 MANIFEST=$(
   curl http://localhost:5000/v2/hello-world-java/manifests/latest \
     --silent \
-    --header "Accept: application/vnd.docker.distribution.manifest.v2+json"        
+    --header "Accept: application/vnd.docker.distribution.manifest.v2+json"
 )
 
 # Upload manifest to new path
@@ -14,4 +14,4 @@ curl http://localhost:5000/v2/hello-world-java/manifests/new \
   --data "${MANIFEST}"
 
 # Test new tag
-docker pull localhost:5000/v2/hello-world-java/manifests/new
+docker pull localhost:5000/hello-world-java:new
diff --git a/020_advanced/100_pod_with_docker/docker-compose.yaml b/020_advanced/100_pod_with_docker/docker-compose.yaml
@@ -0,0 +1,13 @@
+version: "3.3"
+services:
+  pod:
+    image: alpine
+    command: [ "sh", "-c", "while true; do sleep 5; done" ]
+  dind:
+    image: docker:stable-dind
+    command: [ "dockerd", "--host", "tcp://127.0.0.1:2375" ]
+    privileged: true
+    network_mode: service:pod
+  registry:
+    image: registry:2
+    network_mode: service:pod
diff --git a/020_advanced/110_troubleshooting/04_build/slides.template.md b/020_advanced/110_troubleshooting/04_build/slides.template.md
@@ -0,0 +1,7 @@
+## Troubleshooting image builds
+
+XXX after failed image build
+
+XXX find last intermediate image (` ---> xxxxxxxxxxxx`)
+
+XXX inspect intermediate image: `docker run -it xxxxxxxxxxxx /bin/sh`
diff --git a/020_advanced/160_dockerfile/order/Dockerfile b/020_advanced/160_dockerfile/order/Dockerfile
@@ -6,9 +6,10 @@ RUN apt-get update \
         ca-certificates
 
 WORKDIR /src
-COPY . .
-
+COPY go.* . #package.json, gemfile, pom.xml
 RUN go mod download
+
+COPY . .
 RUN go build -o hello . \
  && cp hello /
 

diff --git a/020_advanced/160_dockerfile/reusability/Dockerfile b/020_advanced/160_dockerfile/reusability/Dockerfile
@@ -9,7 +9,7 @@ WORKDIR /src
 COPY go.* .
 RUN go mod download
 
-FROM deps
+FROM deps AS builder
 COPY . .
 RUN go build -o hello . \
  && cp hello /

diff --git a/020_advanced/160_dockerfile/slides.template.md b/020_advanced/160_dockerfile/slides.template.md
@@ -84,6 +84,8 @@ Use image build for isolation
 
 Write build output to host
 
+https://github.com/chris-crone/containerized-go-dev
+
 --
 
 ## Container with build tooling 1/5
@@ -131,7 +133,7 @@ Use the same sources
 
 ```Dockerfile
 FROM base AS build
-RUN --mount=target=. \\
+RUN --mount=target=. \
     go build .
 ```
 

diff --git a/060_security/03_privileged_containers/slides.template.md b/060_security/03_privileged_containers/slides.template.md
@@ -5,10 +5,10 @@
 If able to start containers, just leave the isolation:
 
 ```bash
-docker run -it \\
-    --privileged \\
-    --pid=host \\
-    alpine \\
+docker run -it \
+    --privileged \
+    --pid=host \
+    alpine \
 	nsenter -t 1 -m -u -n -i sh
 ```
 

diff --git a/110_ecosystem/buildkit/cache/slides.template.md b/110_ecosystem/buildkit/cache/slides.template.md
@@ -13,7 +13,7 @@ Syntax is similar to mounting secrets
 ```plaintext
 # syntax = docker/dockerfile:experimental
 FROM ubuntu
-RUN --mount=type=cache,target=/tmp/cache \\
+RUN --mount=type=cache,target=/tmp/cache \
     ls -l /tmp/cache
 ```
 

diff --git a/110_ecosystem/buildkit/overview.template.md b/110_ecosystem/buildkit/overview.template.md
@@ -27,3 +27,5 @@ Remote build cache
 Builds secrets
 
 Unprivileged execution
+
+XXX docker-compose: 1.25.1 (`COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose build`)
diff --git a/110_ecosystem/buildkit/rootless/slides.template.md b/110_ecosystem/buildkit/rootless/slides.template.md
@@ -60,10 +60,10 @@ rootlesskit buildkitd
 Run the build
 
 ```plaintext
-buildctl \\
-    --addr unix:///run/user/$UID/buildkit/buildkitd.sock build \\
-    --frontend dockerfile.v0 \\
-    --local context=. \\
+buildctl \
+    --addr unix:///run/user/$UID/buildkit/buildkitd.sock build \
+    --frontend dockerfile.v0 \
+    --local context=. \
     --local dockerfile=.
 ```
 
@@ -82,29 +82,29 @@ buildctl \\
 Run the daemon in user context with a port publishing
 
 ```plaintext
-docker run --name buildkitd \\
-    --detach \\
-    --security-opt apparmor=unconfined \\
-    --security-opt seccomp=unconfined \\
-    --publish 127.0.0.1:1234:1234 \\
-    moby/buildkit:rootless \\
-        --oci-worker-no-process-sandbox \\
+docker run --name buildkitd \
+    --detach \
+    --security-opt apparmor=unconfined \
+    --security-opt seccomp=unconfined \
+    --publish 127.0.0.1:1234:1234 \
+    moby/buildkit:rootless \
+        --oci-worker-no-process-sandbox \
         --addr tcp://0.0.0.0:1234
 ```
 
 Run a build
 
 ```plaintext
-docker run --interactive --tty \\
-    --network container:buildkitd \\
-    --volume $PWD:/src \\
-    --workdir /src \\
-    --entrypoint buildctl \\
-    moby/buildkit \\
-        --addr tcp://127.0.0.1:1234 \\
-        build \\
-            --frontend dockerfile.v0 \\
-            --local context=. \\
+docker run --interactive --tty \
+    --network container:buildkitd \
+    --volume $PWD:/src \
+    --workdir /src \
+    --entrypoint buildctl \
+    moby/buildkit \
+        --addr tcp://127.0.0.1:1234 \
+        build \
+            --frontend dockerfile.v0 \
+            --local context=. \
             --local dockerfile=.
 ```
 
@@ -115,10 +115,10 @@ docker run --interactive --tty \\
 Run a build by running the daemon on-demand
 
 ```plaintext
-export BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \\
-buildctl-daemonless.sh build \\
-    --frontend dockerfile.v0 \\
-    --local context=. \\
+export BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \
+buildctl-daemonless.sh build \
+    --frontend dockerfile.v0 \
+    --local context=. \
     --local dockerfile=.
 ```
 
@@ -129,15 +129,15 @@ buildctl-daemonless.sh build \\
 Run a containerized build with the daemon on-demand
 
 ```plaintext
-docker run -it \\
-    --security-opt apparmor=unconfined \\
-    --security-opt seccomp=unconfined \\
-    --env BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \\
-    --volume $PWD:/src \\
-    --workdir /src \\
-    --entrypoint buildctl-daemonless.sh \\
-    moby/buildkit build \\
-        --frontend dockerfile.v0 \\
-        --local context=. \\
+docker run -it \
+    --security-opt apparmor=unconfined \
+    --security-opt seccomp=unconfined \
+    --env BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \
+    --volume $PWD:/src \
+    --workdir /src \
+    --entrypoint buildctl-daemonless.sh \
+    moby/buildkit build \
+        --frontend dockerfile.v0 \
+        --local context=. \
         --local dockerfile=.
 ```
diff --git a/110_ecosystem/buildkit/secrets/slides.template.md b/110_ecosystem/buildkit/secrets/slides.template.md
@@ -23,7 +23,7 @@ Use experimental syntax in `Dockerfile`:
 ```plaintext
 # syntax=docker/dockerfile:experimental
 FROM alpine
-RUN --mount=type=secret,id=mysite.key \\
+RUN --mount=type=secret,id=mysite.key \
     ls -l /run/secrets
 ```
 

diff --git a/110_ecosystem/buildkit/transition.template.md b/110_ecosystem/buildkit/transition.template.md
@@ -5,17 +5,17 @@ Sometime it is desirable to change context and Dockerfile
 What you are doing today
 
 ```plaintext
-$ docker build          \\
->     --file Dockerfile \\
+$ docker build          \
+>     --file Dockerfile \
 >     .
 ```
 
 How to do this using BuildKit
 
 ```plaintext
-$ buildctl build               \\
->     --frontend dockerfile.v0 \\
->     --local dockerfile=.     \\
+$ buildctl build               \
+>     --frontend dockerfile.v0 \
+>     --local dockerfile=.     \
 >     --local context=.
 ```
 
@@ -30,19 +30,19 @@ Publish an image in a registry
 Docker has taught us to build and push container images:
 
 ```plaintext
-docker build \\
-    --tag my_image_name \\
+docker build \
+    --tag my_image_name \
     .
 docker push my_image_name
 ```
 
 BuildKit can directly upload to an image registry:
 
 ```plaintext
-buildctl build \\
-    --frontend dockerfile.v0 \\
-    --local dockerfile=. \\
-    --local context=. \\
+buildctl build \
+    --frontend dockerfile.v0 \
+    --local dockerfile=. \
+    --local context=. \
     --output type=image,name=my_image_name,push=true
 ```
 
@@ -57,18 +57,18 @@ Pass build arguments to customize the image build
 The Docker way
 
 ```plaintext
-docker build \\
-    --build-arg name=value \\
+docker build \
+    --build-arg name=value \
     .
 ```
 
 The BuildKit way
 
 ```plaintext
-buildctl build \\
-    --frontend dockerfile.v0 \\
-    --local dockerfile=. \\
-    --local context=. \\
+buildctl build \
+    --frontend dockerfile.v0 \
+    --local dockerfile=. \
+    --local context=. \
     --opt build-arg:name=value
 ```
 
@@ -81,9 +81,9 @@ Use an existing image as build cache
 Docker is able to use an local image
 
 ```plaintext
-docker build \\
-    --cache-from my_image_name \\
-    --tag my_image_name \\
+docker build \
+    --cache-from my_image_name \
+    --tag my_image_name \
     .
 ```
 
@@ -92,11 +92,11 @@ BuildKit can use an image in a registry...
 ...and download helpful layers
 
 ```plaintext
-buildctl build \\
-    --frontend dockerfile.v0 \\
-    --local dockerfile=. \\
-    --local context=. \\
-    --output type=image,name=my_image_name,push=true \\
-    --export-cache type=inline \\
+buildctl build \
+    --frontend dockerfile.v0 \
+    --local dockerfile=. \
+    --local context=. \
+    --output type=image,name=my_image_name,push=true \
+    --export-cache type=inline \
     --import-cache type=registry,ref=my_image_name
 ```