Skip to content

Instantly share code, notes, and snippets.

View estesp's full-sized avatar
💻
I work on containers. And review PRs.

Phil Estes estesp

💻
I work on containers. And review PRs.
513 followers · 1 following
View GitHub Profile
@estesp
estesp / idmatch.go
Created September 18, 2014 19:21
proposal for name vs. ID lookup priority
package main
import (
"fmt"
"flag"
"regexp"
)
var (
fullID = regexp.MustCompile(`^[0-9a-fA-F]{64}$`)
@estesp
estesp / keybase.md
Created March 2, 2015 21:16

Keybase proof

I hereby claim:

  • I am estesp on github.
  • I am estesp (https://keybase.io/estesp) on keybase.
  • I have a public key whose fingerprint is 27F3 EA26 8A97 867E AF0B D05C 0F38 6284 C03A 1162

To claim this, I am signing this object:

@estesp
estesp / testdial.go
Created June 5, 2015 15:30
Improperly named lookup test which actually doesn't use `net.Dial()`
package main
import (
"fmt"
"net"
"os"
)
func main() {
addrs, err := net.LookupIP(os.Args[1])
@estesp
estesp / long-running-tests.md
Created January 12, 2016 21:25
Top 25 longest-running integration tests in Docker engine

Sampled from a 1/12/2016 run of standard Linux x64 engine janky run.

Total time of these 25 tests adds up to 663.8 seconds

These 25 make up 2.2% of total tests, but ~29% of total test runtime.

DockerDaemonSuite.TestDaemonNoSpaceleftOnDeviceError            107.143s
DockerTrustSuite.TestTrustedPushWithFailingServer               95.405s
DockerSuite.TestRunSeccompDefaultProfile                        81.711s
@estesp
estesp / overlay-copy-up-and-delete-with-userns.md
Last active March 29, 2016 08:50
Overlay bug with user namespaces + copy_up + dir removal (whiteout)

overlayfs copy-up without userns

Setup: create proper directories, with a pre-existing dir (called dir) in lower, and then mount as overlay fs:

$ mkdir upper lower work merged upper lower/dir
$ sudo mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merged

You can now create files in the merged/dir to force a copy up of lower/dir to upper/dir:

@estesp
estesp / skydns-high-uid.md
Last active April 15, 2016 04:25
high UID/GID entries stored in Docker images

Image: gcr.io/google_containers/skydns:2015-10-13-8c72f8c

  • Packages an exploded tarball as one of the layers: skydns_sources.tar.gz
  • This tarball seems to have come from a filesystem where high uids were in use:
/skydns_sources.tar.gz # ls -al
total 12
drwxr-xr-x    3 root     root          4096 Oct 13 20:25 .
drwxr-xr-x 25 root root 4096 Apr 6 18:42 ..
@estesp
estesp / clash-instructions.md
Last active August 12, 2016 18:25
Ubuntu 16.04 / LXFS / Docker daemon + user namespaces clash

The Problem

See Docker issue #24834 for the more complete background. The short story is that if lxcfs is installed (which it is by default in Ubuntu 16.04) and you attempt to use the Docker daemon with user namespaces enabled, most likely you will end up with a confusing "container command could not be invoked error" like the one here:

# docker run --rm busybox date
docker: Error response from daemon: Container command 'date' could not be invoked..
@estesp
estesp / Multi-arch Implementation.md
Last active March 21, 2017 14:10
Multi-architecture support in content manifest scheme version 2

The new generic distributed content manifest format (schema version 2) [see distribution/distribution#62] is approaching final approval, and while some discussion has happened in-line, it seems reasonable to break out the various pieces that would be required to implement a multi-arch Docker image solution on top of the flexible manifest format being proposed.

As a starting point it is useful to discuss what the intended use case is for multi-architecture images in the Docker platform. The following requirements summarize the expected capabilities of the engine + registry + storage/retrieval format that is implemented.

Requirements

  • A specific repository name:tag manifest will need to contain the proper information for access/retrieval of multiple architectures
    • For example docker pull ubuntu:15.04 should have the capability on a POWER system to pull the POWER-specific image layers which comprise an Ubuntu 15.04 image
  • Not every name:tag manifests will have information for
@estesp
estesp / gcr.io-manifest-tool-log.txt
Created July 11, 2017 17:03
gcr.io looks like it *almost* supports manifest list v2.2 spec objects
$ ./manifest-tool --debug push from-spec alpine-gcp.yaml
DEBU[0000] endpoints: [{false https://gcr.io v2 false true 0xc420352000} {false http://gcr.io v2 false true 0xc420352000} {false https://gcr.io v1 false true
0xc420352180} {false http://gcr.io v1 false true 0xc420352180}]
DEBU[0000] repoName: test-gcloud-1690/alpine
INFO[0000] Retrieving digests of images...
DEBU[0000] authConfig for gcr.io: oauth2accesstoken
DEBU[0000] endpoints: [{false https://gcr.io v2 false true 0xc420352300} {false http://gcr.io v2 false true 0xc420352300}]
DEBU[0000] Trying to fetch image manifest of gcr.io/test-gcloud-1690/alpine_ppc64le repository from https://gcr.io v2
INFO[0001] Image "gcr.io/test-gcloud-1690/alpine_ppc64le:latest" is digest sha256:15780ed5342bafabe42cb609d2ca62534c12c1ae7681b10b978d2a8e781e0957; size: 528 DEBU[0001] Adding manifest references of "gcr.io/test-gcloud-1690/alpine_ppc64le:latest" to blob mount requests
DEBU[0001] Adding manifest "test-gcloud-1690/alpine_ppc64
@estesp
estesp / codefresh-manifest-tool-errors.md
Last active July 11, 2017 19:10
Codefresh image registry manifest-tool push errors

Codefresh has a Docker v2-API supporting image registry that is "Powered by Google Container Registry (gcr.io)" (per blog post link).

While gcr.io has its own issues with support of manifest list objects defined in the v2.2 image spec, Codefresh registry seems to have slightly different support than the current implementation of GCR, in that cross-repo blob mount/manifest references don't work at all (they do in GCR); but both registries refuse to accept the media type for a manifest list PUT API call.

Attempting cross-repository push to codefresh registry