-
Notifications
You must be signed in to change notification settings - Fork 34
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Michael McCracken <[email protected]>
- Loading branch information
1 parent
9bcda3b
commit 7439083
Showing
2 changed files
with
81 additions
and
112 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,41 +16,95 @@ patat: | |
|
|
||
| # Stacker 101 | ||
|
|
||
| - Terms | ||
| - How does it work | ||
| - How is it different | ||
| - Getting your base | ||
| - Importing things | ||
| - Making changes | ||
| - Debugging failures | ||
| - Minimizing Images | ||
| - What, Why and How | ||
| - Stacker Usecases with Examples | ||
| - Stacker eating Dockerfiles | ||
| - Stacker && SBOM Demo | ||
| - How to follow up & get help | ||
| - What's next for Stacker | ||
| - Q&A | ||
|
|
||
| --- | ||
|
|
||
| # What is Stacker | ||
|
|
||
| * OCI Native Container Image builder | ||
| * Built by Cisco, Open Source and public since day 1 | ||
|
|
||
| ``` | ||
| commit 0d25e66e287718979982487b7f8ae45a3a606321 | ||
| Author: Tycho Andersen <[email protected]> | ||
| Date: Wed Nov 29 17:42:50 2017 -0700 | ||
| initial commit | ||
| Signed-off-by: Tycho Andersen <[email protected]> | ||
| ``` | ||
|
|
||
| In heavy use by ACI, Nexus Dashboard and Nexus applications for years. | ||
|
|
||
|
|
||
| --- | ||
|
|
||
| # Why did we build this? | ||
|
|
||
| Build, Distribute and Run software as containers | ||
|
|
||
| --- | ||
|
|
||
|  | ||
|
|
||
| --- | ||
|
|
||
| # `OCI` "Standards" | ||
|
|
||
| * __image spec__: https://github.com/opencontainers/image-spec | ||
| * __distribution spec__: https://github.com/opencontainers/distribution-spec | ||
| * __runtime spec__: https://github.com/opencontainers/runtime-spec | ||
|
|
||
| --- | ||
|
|
||
| # `OCI` Ecosystem | ||
|
|
||
| | Purpose | Redhat | Microsoft | Google | Docker| Cisco | | ||
| | --- | --- | --- | --- | --- | --- | | ||
| | Build | `buildah` | | `bazel` | `buildx` | `stacker` | | ||
| | Push/pull | `skopeo` | `oras` | `crane` | _`docker`_ | | | ||
| | Run | `podman` | | | `docker` | | | ||
| | Sign | `cosign` | `notation` | `cosign` | `notaryv1` | | | ||
| | Registry | _`quay`_ | `acr` | _`gar`_ | _`distribution`_ | `zot` | | ||
|
|
||
| --- | ||
|
|
||
|
|
||
|  | ||
|
|
||
| --- | ||
|
|
||
|
|
||
| # Terms | ||
|
|
||
| - *container* | ||
| - a process tree running in a restricted environment | ||
| - a process tree running in a restricted environment | ||
| - *image* | ||
| - a packaged* directory tree to be used as the root filesystem for a container | ||
| - a packaged* directory tree to be used as the root filesystem for a container | ||
| - includes some config for how to run the container, often ignored in k8s | ||
| - *base image* | ||
| - an existing image to start from when building a new image | ||
| - an existing image to start from when building a new image | ||
| - *layer / content-addressed blob* | ||
| - implementation detail of current container images, coarse way to share storage | ||
| - implementation detail of current container images, coarse way to share storage | ||
| - *runtime* | ||
| - software that unpacks and mounts images and starts containers | ||
| - software that unpacks and mounts images and starts containers | ||
| - *OCI* | ||
| - Open Source Spec for container image and runtime tools and data formats | ||
| - includes a spec for on-disk image storage and for image repository API | ||
| - Open Source Spec for container image and runtime tools and data formats | ||
| - includes a spec for on-disk image storage and for image repository API | ||
| - *OCI Layout* | ||
| - just a directory somewhere on disk with one or more container images | ||
| - just a directory somewhere on disk with one or more container images | ||
| - *LXC* (not LXD) | ||
| - Open Source library for running and managing containers. Supports OCI among many image types. Builder agnostic. | ||
| - Open Source library for running and managing containers. Supports OCI among many image types. Builder agnostic. | ||
| - *Docker* | ||
| - Open Source tool for building, running and managing containers, does many other things. | ||
| - OCI specs (but not code) overlap significantly with docker | ||
| - Open Source tool for building, running and managing containers, does many other things. | ||
| - OCI specs (but not code) overlap significantly with docker | ||
|
|
||
| --- | ||
|
|
||
|
|
@@ -64,17 +118,6 @@ patat: | |
|
|
||
| - understandability & maintainability | ||
|
|
||
| <!-- | ||
| talk will focus on best practices | ||
| we want to be able to build minimal images | ||
| and track the inputs of a built image exactly | ||
| for bug tracking and security, it should be | ||
| easy to tell where something came from without | ||
| tracing through many files and scripts | ||
| --> | ||
|
|
||
| --- | ||
|
|
||
|
|
@@ -92,19 +135,11 @@ tracing through many files and scripts | |
|
|
||
| - Save any changes as a new image in an OCI Layout | ||
|
|
||
| <!-- | ||
| setting the stage, we will return to each of these coming up --> | ||
|
|
||
| . . . | ||
|
|
||
| Sounds a bit like "docker build," right? | ||
|
|
||
| <!-- | ||
| stacker convert | ||
| --> | ||
|
|
||
| --- | ||
|
|
||
|
|
@@ -511,3 +546,11 @@ paranoid? use the manifest hash of the layer: | |
| ```bash | ||
| bat -n --decorations always 2.stacker.yaml | ||
| ``` | ||
|
|
||
|
|
||
| --- | ||
|
|
||
| # backup architecture slide | ||
|
|
||
|  | ||
|
|
||