Foreword
尽管镜像仓库Harbor已经集成了Clair,但是他的功能现阶段感觉有点弱,不能完美的融入到pipline之中,dive可以解决这个问题。
dive会大大提升我们审查镜像的速度,并且可以将这个过程做成自动化,自动化的反馈与记录。
demo
Installation
Ubuntu/Debian
wget https://github.com/wagoodman/dive/releases/download/v0.7.2/dive_0.7.2_linux_amd64.deb
sudo apt install ./dive_0.7.2_linux_amd64.deb
RHEL/Centos
curl -OL https://github.com/wagoodman/dive/releases/download/v0.7.2/dive_0.7.2_linux_amd64.rpm
rpm -i dive_0.7.2_linux_amd64.rpm
Basic use
可以把cmd放到CI&CD的pipline的构建完成的动作
➜ ~ CI=true dive hub.lijinghua.club/test/py-test:v1
Using config file: /root/.dive.yaml
Fetching image... (this can take a while with large images)
Parsing image...
Analyzing image...
efficiency: 98.8929 % # 效率百分比
wastedBytes: 11876170 bytes (12 MB) #多余的字节 12M
userWastedPercent: 1.2857 % # 基本上它的值+效率百分比=100%
Run CI Validations...
Using default CI config
PASS: highestUserWastedPercent
SKIP: highestWastedBytes: rule disabled
PASS: lowestEfficiency
Result:PASS [Total:3] [Passed:2] [Failed:0] [Warn:0] [Skipped:1]
➜ ~ CI=true dive byrnedo/alpine-curl:0.1.6
Using config file: /root/.dive.yaml
Fetching image... (this can take a while with large images)
Parsing image...
Analyzing image...
efficiency: 99.3700 %
wastedBytes: 54099 bytes (54 kB)
userWastedPercent: 1.3057 %
Run CI Validations...
Using default CI config
PASS: highestUserWastedPercent
SKIP: highestWastedBytes: rule disabled
PASS: lowestEfficiency
Result:PASS [Total:3] [Passed:2] [Failed:0] [Warn:0] [Skipped:1]
Config file 默认使用顺序是
$XDG_CONFIG_HOME/dive/*.yaml$XDG_CONFIG_DIRS/dive/*.yaml~/.config/dive/*.yaml~/.dive.yaml
--help
--ci-config string If CI=true in the environment, use the given yaml to drive validation rules. (default ".dive-ci")
--config ## ~/.config/dive/*.yaml, or $XDG_CONFIG_HOME/dive.yaml)
-j, --json string Skip the interactive TUI and write the layer analysis statistics to a given file.
-v, --version display version number
输出json结果到文件
➜ ~ CI=true dive hub.lijinghua.club/test/py-test:v1 -j ./py-dive.json
Using config file: /root/.dive.yaml
Fetching image... (this can take a while with large images)
Parsing image...
Analyzing image... (export to './py-dive.json')
efficiency: 98.8929 %
wastedBytes: 11876170 bytes (12 MB)
userWastedPercent: 1.2857 %
Run CI Validations...
Using default CI config
PASS: highestUserWastedPercent
SKIP: highestWastedBytes: rule disabled
PASS: lowestEfficiency
Result:PASS [Total:3] [Passed:2] [Failed:0] [Warn:0] [Skipped:1]
➜ ~ cat ./py-dive.json
{
"layer": [
{
"index": 0,
"digestId": "sha256:f94641f1fe1f5c42c325652bf55f0513c881c86b620b912b15460e0bca07cc12",
"sizeBytes": 100574959,
"command": "#(nop) ADD file:caf91edab64f988bc24766c58ee66c00311c7c921296b8e5b51d7023422a1485 in / "
},
{
"index": 1,
"digestId": "sha256:ec62f19bb3aa1dcfacc9864be06f0af635c18021893d42598da1564beed97448",
"sizeBytes": 23210152,
"command": "apt-get update \u0026\u0026 apt-get install -y --no-install-recommends \t\tca-certificates \t\tcurl \t\tnetbase \t\twget \t\u0026\u0026 rm -rf /var/lib/apt/lists/*"
},
{
"index": 2,
"digestId": "sha256:2c719774c1e1c4b82c5b23bd40a7fc139aa5f0efddf7a969f72f8170c71dd058",
"sizeBytes": 7811994,
········· 略 ·······
旅途愉快~