How do YOU validate the structure of your containers?
Speaking for myself, the phases I went through looked something like
1) “Wut?”2) “Notify me if/when the build fails”3) “Notify me if/when it fails during use”4) “I’ve done all that I can do, now leave me the f**k alone.”
The thing is, going from -1- to -4- is really pretty damn rapid, since, at scale all ”IF”s become “WHEN”s (and rapidly at that)
1) “Wut?”2) “Notify me if/when the build fails”3) “Notify me if/when it fails during use”4) “I’ve done all that I can do, now leave me the f**k alone.”
The thing is, going from -1- to -4- is really pretty damn rapid, since, at scale all ”IF”s become “WHEN”s (and rapidly at that)
And now, finally, a solution (or a very promising start to one) — Google’s Container Structure Test — https://goo.gl/spNXEq — which promises to verify and validate the contents and structure of containers.
It’s declarative (YAML!), and is really quite clever covering the following aspects
• File Existence and Contents : Checks that a file exists (or doesn’t!) in the image, and has the correct contents/metadata
• Commands : It’ll run a command inside the image (with setup/teardown!) and validate the output
• Metadata : Validate the images’s metadata (basically, “does the image match the dockerfile?” (•)
It’s declarative (YAML!), and is really quite clever covering the following aspects
• File Existence and Contents : Checks that a file exists (or doesn’t!) in the image, and has the correct contents/metadata
• Commands : It’ll run a command inside the image (with setup/teardown!) and validate the output
• Metadata : Validate the images’s metadata (basically, “does the image match the dockerfile?” (•)
A particularly clever bit is that the images are converted to in-memory filesystem representations when the tests are run, so you don’t even need a shell in the container. Tiny Images FTW!
Mind you, as if that wasn’t enough, since images are basically tarballs, the tests (except for the commands) actually just run against the tarball (more info on this at https://goo.gl/yo7Xkp).
Mind you, as if that wasn’t enough, since images are basically tarballs, the tests (except for the commands) actually just run against the tarball (more info on this at https://goo.gl/yo7Xkp).
Nifty!
(•) What, you think it always does? HAHAHAHAHAHAHAHA etc.
Comments