Difficulty: Intermediate
Estimated Time: 30-45 minutes

Background

This lab is focused on understanding how container images are built, tagged, organized and leveraged to deliver software in a range of use cases.

By the end of this lab you should be able to:

  • Understand what the Open Containers Intiative and why this standard is important for your container images
  • Internalize the difference between base images and multi-layered images
  • Understand the full URL to an image/repository
  • Command a complete understanding of what is inside of a container image
  • Use layers appropriately in your architecture and design

Video

This video will give you a background to all of the concepts in this lab.

Outline

  • Image Layers and Repositories: inspecting base images, layers and history
  • Image URLs: Mapping business requirements to the URL, Namespace, Repository and Tag
  • Image Internals: Inspecting the libraries, interpreters, and operating system components in a container image
  • Mapping Layers to Technical Requirements: using layers to meet the needs of everyone

Start Scenario

Once you have watched the background video, continue to the exercises.

In this course you learned:

  • Understand what the Open Containers Initiative and why this standard is important for your container images
  • Internalize the difference between base images and multi-layered images
  • Understand the full URL to an image/repository
  • Command a complete understanding of what is inside of a container image
  • Use layers appropriately in your architecture and design

You can find a copy of the slides and GitHub repo that contains all of these commands so that you can run them yourself in your own environment:

Also, if you have any questions tweet us at:

@OpenShift @RedHatAtomic @fatherlinux

Don’t stop now! The next scenario will only take about 10 minutes to complete.

Linux Container Internals - Lab 2: Container Images

Step 1 of 4

Topic 1 - Image Layers and Repositories: inspecting base images, layers and history

The goal of this exercise is to understand the difference between base images and multi-layered images (repositories). Also, try to understand the difference between an image layer and a repository.

Let's take a look at some base images. We will use the docker history command to inspect all of the layers in these repositories. Notice that these container images have no parent layers. These are base images and they are designed to be built upon. First, let's look at the full rhel7 base image:

docker pull registry.access.redhat.com/rhel7/rhel:latest

docker history rhel7

Now, let's take a look at the minimal base image from Red Hat, called the Red Hat Enterprise Linux 7 Atomic image. Notice that it's quite a bit smaller:

docker pull registry.access.redhat.com/rhel7-atomic:latest

docker history rhel7-atomic

Now, using a simple Dockerfile we created for you, build a multi-layered image:

docker build -t rhel7-change ~/labs/lab2-step1/

Do you see the newly created rhel7-change tag?

docker images

Can you see all of the layers that make up the new image/repository/tag? This command even shows a short summary of the commands run in each layer. This is very convenient for exploring how an image was made.

docker history rhel7-change

Now run the "dockviz" command. What does this command show you? What's the parent image of the rhel7-change image?

docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images -t

Notice that with the dockviz command we can trace back to the rhel7 base image. Remember, it is important to build on a trusted base image from a trusted source (aka have provenance or maintain chain of custody). Container repositories are made up of layers, but we often refer to them simply as "container images" or containers. When architecting systems, we must be precise with our language or we will cause confusion to our end users.