SlideShare a Scribd company logo

Labels, Labels, Labels

Docker, Inc., profile picture
Docker, Inc.

The document discusses the importance of using labels in software development for security, simplicity, and documentation. It provides specific examples of label schemas for container images, including details about authors, version control, and build information. Additionally, it outlines how to create and view these labels using Docker and Kubernetes commands.

Technology
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Andy Clemenko Labels, Labels, Labels… Senior Solutions Engineer, StackRox @clemenko clemenko andy@stackrox.com
https://andyc.info/dc20
Labels, Labels, Labels
Why Labels? • Security • Simplicity • Self Documenting • Audit Trail
Label Schema Key = Value • Author • Date • Description • Version • and more…
Labels for CI? • Source - Version Control • Commit Number • How to build • Where it was built • Build number
Labels for Security • Build Server • Version Control • Commit Number • How to was built • Build number
Sample Labels "org.opencontainers.image.authors": "clemenko@gmail.com", "org.opencontainers.image.source": "https://github.com/clemenko/dc20_labels/tree/master/demo_flask", "org.opencontainers.image.build": "docker build -t clemenko/flask_demo..." , "org.opencontainers.image.build_number": 22, "org.opencontainers.image.build.server": http://jenkins.dockr.life/, ”org.opencontainers.image.commit": "98c997f", "org.opencontainers.image.created": "05/07/20", "org.opencontainers.image.description": "The repository contains a simple flask application.", "org.opencontainers.image.healthz": "/healthz", "org.opencontainers.image.version": "0.1", "org.opencontainers.image.title": "clemenko/flask_demo", "org.zdocker.compose": ... , "org.zdocker.k8s": ...
Create Labels • Dockerfile • Build Argument • docker build - -label key=value LABEL org.opencontainers.image.authors=$BUILD_SIGNATURE org.opencontainers.image.source="https://github.com/cleme org.opencontainers.image.created=$BUILD_DATE org.opencontainers.image.build_number=$BUILD_NUMBER org.opencontainers.image.commit=$GIT_COMMIT org.opencontainers.image.build.server=$JENKINS_URL org.opencontainers.image.title="clemenko/flask_demo" org.opencontainers.image.description="The repository cont flask --> redis." org.opencontainers.image.version=$BUILD_VERSION org.opencontainers.image.healthz="/healthz"
View Labels • docker pull; docker inspect • skopeo $ skopeo inspect docker://docker.io/clemenko/flask_demo:prod | jq -r ' { "org.opencontainers.image.authors": "clemenko@gmail.com", "org.opencontainers.image.build.server": "http://jenkins.dockr.life/ "org.opencontainers.image.build_number": "2", "org.opencontainers.image.commit": "cb03b31", "org.opencontainers.image.created": "05/14/20", "org.opencontainers.image.healthz": "/healthz", "org.opencontainers.image.source": "https://github.com/clemenko/dc20 demo_flask", "org.opencontainers.image.title": "clemenko/flask_demo", "org.opencontainers.image.version": “0.1”…
Use Labels - k8s $ skopeo inspect docker://docker.io/clemenko/flask_demo:prod | jq -r '.Labels."org.zdocker.k8s"'| base64 -D | kubectl apply -f - namespace/flask created deployment.apps/flask created deployment.apps/mongo created deployment.apps/redis created service/flask created service/redis created service/mongo created ingress.networking.k8s.io/flask created ingressroute.traefik.containo.us/flask-ingressroute created
DEMO
Demo Stack ● DigitalOcean - Ubuntu 19.10 VMS ● k3s ● Traefik - Ingress Controller ● Jenkins - CI ● StackRox - Image Scanning and policy
https://andyc.info/dc20 thanks! andy@stackrox.com

More Related Content

PDF
How to Use Mirroring and Caching to Optimize your Container Registry
Docker, Inc.
 
PDF
How To Build and Run Node Apps with Docker and Compose
Docker, Inc.
 
PDF
Drone CI - Container native continuous Integration / Delivery
Patrick Jahns
 
PDF
Become a Docker Power User With Microsoft Visual Studio Code
Docker, Inc.
 
PPTX
Continuous Delivery with Jenkins & Kubernetes @ Sky
Adriana Vasiu
 
PPTX
2016 - Continuously Delivering Microservices in Kubernetes using Jenkins
devopsdaysaustin
 
PDF
Exploring Docker in CI/CD
Henry Huang
 
DOCX
Build Your Own SaaS using Docker
Julien Barbier
 
How to Use Mirroring and Caching to Optimize your Container Registry
Docker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
Docker, Inc.
 
Drone CI - Container native continuous Integration / Delivery
Patrick Jahns
 
Become a Docker Power User With Microsoft Visual Studio Code
Docker, Inc.
 
Continuous Delivery with Jenkins & Kubernetes @ Sky
Adriana Vasiu
 
2016 - Continuously Delivering Microservices in Kubernetes using Jenkins
devopsdaysaustin
 
Exploring Docker in CI/CD
Henry Huang
 
Build Your Own SaaS using Docker
Julien Barbier
 

What's hot (20)

PPTX
Docker and Windows: The State of the Union
Elton Stoneman
 
PDF
Activision's Skypilot: Delivering Amazing Game Experiences Through Containeri...
Docker, Inc.
 
PDF
OpenStack Preso: DevOps on Hybrid Infrastructure
rhirschfeld
 
PPTX
Continuous Delivery With Selenium Grid And Docker
Barbara Gonzalez
 
PDF
How to Improve Your Image Builds Using Advance Docker Build
Docker, Inc.
 
PDF
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
PDF
Improve your Java Environment with Docker
HanoiJUG
 
PPTX
Docker Security workshop slides
Docker, Inc.
 
PDF
Continuous Delivery Pipeline with Docker and Jenkins
Camilo Ribeiro
 
PDF
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Docker, Inc.
 
PDF
Dockers zero to hero
Nicolas De Loof
 
PDF
Jenkins & IaC
HungWei Chiu
 
PDF
Democratizing Development - Scott Gress
Docker, Inc.
 
PDF
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
Docker, Inc.
 
PDF
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
Docker, Inc.
 
PDF
GDGSCL - Docker a jeho provoz v Heroku a AWS
Ladislav Prskavec
 
PPTX
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Docker, Inc.
 
PPTX
Zero to Continuous Delivery on Google Cloud
James Heggs
 
PDF
Online Meetup: Why should container system / platform builders care about con...
Docker, Inc.
 
PDF
Container orchestration from theory to practice
Docker, Inc.
 
Docker and Windows: The State of the Union
Elton Stoneman
 
Activision's Skypilot: Delivering Amazing Game Experiences Through Containeri...
Docker, Inc.
 
OpenStack Preso: DevOps on Hybrid Infrastructure
rhirschfeld
 
Continuous Delivery With Selenium Grid And Docker
Barbara Gonzalez
 
How to Improve Your Image Builds Using Advance Docker Build
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Improve your Java Environment with Docker
HanoiJUG
 
Docker Security workshop slides
Docker, Inc.
 
Continuous Delivery Pipeline with Docker and Jenkins
Camilo Ribeiro
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Docker, Inc.
 
Dockers zero to hero
Nicolas De Loof
 
Jenkins & IaC
HungWei Chiu
 
Democratizing Development - Scott Gress
Docker, Inc.
 
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
Docker, Inc.
 
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
Docker, Inc.
 
GDGSCL - Docker a jeho provoz v Heroku a AWS
Ladislav Prskavec
 
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Docker, Inc.
 
Zero to Continuous Delivery on Google Cloud
James Heggs
 
Online Meetup: Why should container system / platform builders care about con...
Docker, Inc.
 
Container orchestration from theory to practice
Docker, Inc.
 
Ad

Similar to Labels, Labels, Labels (20)

PDF
Codetainer: a Docker-based browser code 'sandbox'
Jen Andre
 
PDF
Everything-as-code - A polyglot adventure
QAware GmbH
 
PDF
Everything-as-code. A polyglot adventure. #DevoxxPL
Mario-Leander Reimer
 
PDF
Chrome Devtools Protocol via Selenium/Appium (English)
Kazuaki Matsuo
 
PPT
Life of a Chromium Developer
mpaproductions
 
PDF
The Internal Architecture of Chrome Developer Tools
Miroslav Bajtoš
 
PDF
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
Andrey Karpov
 
PDF
Chrome Devtools Protocol via Selenium/Appium (Japanese)
Kazuaki Matsuo
 
PPTX
PittsburgJUG_Cloud-Native Dev Tools: Bringing the cloud back to earth
Grace Jansen
 
PDF
Sharpen your "Architectural Documentation" Saw
Kevin Hakanson
 
PPTX
CodeOne SF 2018 "Continuous Delivery with Containers: Lessons Learned"
Daniel Bryant
 
PDF
Engage 2019: Introduction to Node-Red
Paul Withers
 
PDF
OWASP SF - Reviewing Modern JavaScript Applications
Lewis Ardern
 
PDF
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
Indrajit Poddar
 
PDF
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
Aditya K Sood
 
PDF
Software Supply Chains for DevOps @ InfoQ Live 2021
Aysylu Greenberg
 
PPTX
Silicon Valley JUG - How to generate customized java 8 code from your database
Speedment, Inc.
 
PPTX
How to generate customized java 8 code from your database
Speedment, Inc.
 
PPTX
Marco Liberati - Write once, debug everywhere
Codemotion
 
PPTX
Web Components: The Future of Web Development is Here
John Riviello
 
Codetainer: a Docker-based browser code 'sandbox'
Jen Andre
 
Everything-as-code - A polyglot adventure
QAware GmbH
 
Everything-as-code. A polyglot adventure. #DevoxxPL
Mario-Leander Reimer
 
Chrome Devtools Protocol via Selenium/Appium (English)
Kazuaki Matsuo
 
Life of a Chromium Developer
mpaproductions
 
The Internal Architecture of Chrome Developer Tools
Miroslav Bajtoš
 
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
Andrey Karpov
 
Chrome Devtools Protocol via Selenium/Appium (Japanese)
Kazuaki Matsuo
 
PittsburgJUG_Cloud-Native Dev Tools: Bringing the cloud back to earth
Grace Jansen
 
Sharpen your "Architectural Documentation" Saw
Kevin Hakanson
 
CodeOne SF 2018 "Continuous Delivery with Containers: Lessons Learned"
Daniel Bryant
 
Engage 2019: Introduction to Node-Red
Paul Withers
 
OWASP SF - Reviewing Modern JavaScript Applications
Lewis Ardern
 
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
Indrajit Poddar
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
Aditya K Sood
 
Software Supply Chains for DevOps @ InfoQ Live 2021
Aysylu Greenberg
 
Silicon Valley JUG - How to generate customized java 8 code from your database
Speedment, Inc.
 
How to generate customized java 8 code from your database
Speedment, Inc.
 
Marco Liberati - Write once, debug everywhere
Codemotion
 
Web Components: The Future of Web Development is Here
John Riviello
 
Ad

More from Docker, Inc. (20)

PDF
Containerize Your Game Server for the Best Multiplayer Experience
Docker, Inc.
 
PDF
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
PDF
Securing Your Containerized Applications with NGINX
Docker, Inc.
 
PDF
Hands-on Helm
Docker, Inc.
 
PDF
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
PDF
The First 10M Pulls: Building The Official Curl Image for Docker Hub
Docker, Inc.
 
PDF
Monitoring in a Microservices World
Docker, Inc.
 
PDF
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
PDF
Predicting Space Weather with Docker
Docker, Inc.
 
PDF
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
PDF
Kubernetes at Datadog Scale
Docker, Inc.
 
PDF
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 
PDF
Developing with Docker for the Arm Architecture
Docker, Inc.
 
PDF
Sharing is Caring: How to Begin Speaking at Conferences
Docker, Inc.
 
PDF
Virtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Docker, Inc.
 
PDF
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
Docker, Inc.
 
PDF
DCSF 19 Developing Apps with Containers, Functions and Cloud Services
Docker, Inc.
 
PDF
DCSF 19 eBPF Superpowers
Docker, Inc.
 
PDF
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
Docker, Inc.
 
PDF
DCSF 19 Node.js Rocks in Docker for Dev and Ops
Docker, Inc.
 
Containerize Your Game Server for the Best Multiplayer Experience
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Securing Your Containerized Applications with NGINX
Docker, Inc.
 
Hands-on Helm
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
Docker, Inc.
 
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 
Developing with Docker for the Arm Architecture
Docker, Inc.
 
Sharing is Caring: How to Begin Speaking at Conferences
Docker, Inc.
 
Virtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Docker, Inc.
 
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
Docker, Inc.
 
DCSF 19 Developing Apps with Containers, Functions and Cloud Services
Docker, Inc.
 
DCSF 19 eBPF Superpowers
Docker, Inc.
 
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
Docker, Inc.
 
DCSF 19 Node.js Rocks in Docker for Dev and Ops
Docker, Inc.
 

Recently uploaded (20)

PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
A Presentation on Artificial Intelligence
memembruh336
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Approach and Philosophy of On baking technology
30anthuong17
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Encapsulation theory and applications.pdf
gurumoop
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 

Labels, Labels, Labels

  • 1. Andy Clemenko Labels, Labels, Labels… Senior Solutions Engineer, StackRox @clemenko clemenko [email protected]
  • 4. Why Labels? • Security • Simplicity • Self Documenting • Audit Trail
  • 5. Label Schema Key = Value • Author • Date • Description • Version • and more…
  • 6. Labels for CI? • Source - Version Control • Commit Number • How to build • Where it was built • Build number
  • 7. Labels for Security • Build Server • Version Control • Commit Number • How to was built • Build number
  • 8. Sample Labels "org.opencontainers.image.authors": "[email protected]", "org.opencontainers.image.source": "https://github.com/clemenko/dc20_labels/tree/master/demo_flask", "org.opencontainers.image.build": "docker build -t clemenko/flask_demo..." , "org.opencontainers.image.build_number": 22, "org.opencontainers.image.build.server": http://jenkins.dockr.life/, ”org.opencontainers.image.commit": "98c997f", "org.opencontainers.image.created": "05/07/20", "org.opencontainers.image.description": "The repository contains a simple flask application.", "org.opencontainers.image.healthz": "/healthz", "org.opencontainers.image.version": "0.1", "org.opencontainers.image.title": "clemenko/flask_demo", "org.zdocker.compose": ... , "org.zdocker.k8s": ...
  • 9. Create Labels • Dockerfile • Build Argument • docker build - -label key=value LABEL org.opencontainers.image.authors=$BUILD_SIGNATURE org.opencontainers.image.source="https://github.com/cleme org.opencontainers.image.created=$BUILD_DATE org.opencontainers.image.build_number=$BUILD_NUMBER org.opencontainers.image.commit=$GIT_COMMIT org.opencontainers.image.build.server=$JENKINS_URL org.opencontainers.image.title="clemenko/flask_demo" org.opencontainers.image.description="The repository cont flask --> redis." org.opencontainers.image.version=$BUILD_VERSION org.opencontainers.image.healthz="/healthz"
  • 10. View Labels • docker pull; docker inspect • skopeo $ skopeo inspect docker://docker.io/clemenko/flask_demo:prod | jq -r ' { "org.opencontainers.image.authors": "[email protected]", "org.opencontainers.image.build.server": "http://jenkins.dockr.life/ "org.opencontainers.image.build_number": "2", "org.opencontainers.image.commit": "cb03b31", "org.opencontainers.image.created": "05/14/20", "org.opencontainers.image.healthz": "/healthz", "org.opencontainers.image.source": "https://github.com/clemenko/dc20 demo_flask", "org.opencontainers.image.title": "clemenko/flask_demo", "org.opencontainers.image.version": “0.1”…
  • 11. Use Labels - k8s $ skopeo inspect docker://docker.io/clemenko/flask_demo:prod | jq -r '.Labels."org.zdocker.k8s"'| base64 -D | kubectl apply -f - namespace/flask created deployment.apps/flask created deployment.apps/mongo created deployment.apps/redis created service/flask created service/redis created service/mongo created ingress.networking.k8s.io/flask created ingressroute.traefik.containo.us/flask-ingressroute created
  • 12. DEMO
  • 13. Demo Stack ● DigitalOcean - Ubuntu 19.10 VMS ● k3s ● Traefik - Ingress Controller ● Jenkins - CI ● StackRox - Image Scanning and policy