问题
I'm using the official stable ZooKeeper Helm chart for Kubernetes which pulls a ZooKeeper Docker image from Google's sample images on Google Container Registry.
That ZooKeeper image is available here, however, I can't seem to find any reference to the Dockerfile for how it is built or if its Dockerfile is generated from some other representation (e.g., via Bazel). I'd like to know info like what else is installed on the image, what OS it's based on, etc.
In general are Dockerfiles for the Google sample images publicly hosted on GCR available?
For the ZooKeeper image specifically, I'd like to determine how it compares to Confluent's ZooKeeper image: is it similar? Does it bundle something extra for running ZooKeeper on top of Kubernetes? etc
So far I've done quite a bit of Googling, read through the Google Container Registry docs, poked around the Google org on GitHub, and searched Stack Overflow but haven't been able to locate this info.
回答1:
Please do not use images from gcr.io/google-samples for production use.
These images are used solely for GKE tutorials on cloud.google.com and they are not actively maintained, in the sense that we don't rebuild them for security vulnerabilities for the components on the images etc.
Source codes for some of the images are at https://github.com/GoogleCloudPlatform/kubernetes-engine-samples/.
回答2:
For actually seeing the difference between the images, I wouldn't trust the Dockerfile. There's no way to guarantee that a given image was produced by a given Dockerfile, since they're not reproducible.
Have you looked at container-diff?
$ container-diff diff confluentinc/cp-zookeeper gcr.io/google-samples/k8szk:v2
If you want something more lightweight (and you trust the image producer) you can glean some information from the config file "history", which has entries that roughly map to the original Dockerfile.
For gcr.io/google-samples/k8szk:v2, you can do this:
$ curl -L https://gcr.io/v2/google-samples/k8szk/blobs/sha256:2fd25e05d6e2046dc454f57e444214756b3ae459909d27d40a70258c98161737 | jq .
(That just downloads the config blob. You can find the config digest in the manifest file.)
For images produced by bazelbuild/rules_docker, it will just have "bazel build ..." for each entry, which isn't very useful to you :)
If you want to find the base image, I've had a surprising amount of success just Googling the sha256 digest of the first entry in the manifests's "layers".
For the zookeeper image in particular, it looks like it might be based on ubuntu:xenial-20161213.
来源:https://stackoverflow.com/questions/49435401/are-dockerfiles-available-for-googles-sample-images-on-google-container-registr