container-diff 谷歌开源镜像分析工具使用

赖鸿羲
2023-12-01
1. 安装
curl -LO https://storage.googleapis.com/container-diff/latest/container-diff-linux-amd64 && chmod +x container-diff-linux-amd64 && sudo mv container-diff-linux-amd64 /usr/local/bin/container-diff

备注:
 安装的时候是在阿里云的机器,但是就是网络不通,最简单的方法是先下载在上传阿里云服务器
 storage.googleapis.com国内 还是可以使用的
2. 命令
a.全部

sage:
  container-diff [command]

Available Commands:
  analyze     Analyzes an image: [image]
  diff        Compare two images: [image1] [image2]
  help        Help about any command
  version     Print the version of container-diff

Flags:
  -h, --help               help for container-diff
  -v, --verbosity string   This flag controls the verbosity of container-diff. (default "warning")

b. analyze

Usage:
  container-diff analyze [flags]

Flags:
  -h, --help              help for analyze
  -j, --json              JSON Output defines if the diff should be returned in a human readable format (false) or a JSON (true).
  -n, --no-cache          Set this to force retrieval of layers on each run.
  -o, --order             Set this flag to sort any file/package results by descending size. Otherwise, they will be sorted by name.
  -s, --save              Set this flag to save rather than remove the final image filesystems on exit.
  -t, --type Diff Types   This flag sets the list of analyzer types to use. Set it repeatedly to use multiple analyzers.

Global Flags:
  -v, --verbosity string   This flag controls the verbosity of container-diff. (default "warning")
c. 
2. 分析镜像
a. 参考命令
container-diff analyze <img>     [Run default analyzers]
container-diff analyze <img> --type=history  [History]
container-diff analyze <img> --type=file  [File System]
container-diff analyze <img> --type=pip  [Pip]
container-diff analyze <img> --type=apt  [Apt]
container-diff analyze <img> --type=node  [Node]
container-diff analyze <img> --type=apt --type=node  [Apt and Node]
本地镜像:daemon://
   container-diff analyze  daemon://dalongrong/fn:0.0.3 
远程镜像:remote:// 
   container-diff analyze nginx 
   输出如下:
   Retrieving image redis from source Cloud Registry
ERRO[0029] remove /tmp/redis263898236/var/lib/apt/lists/partial/.wh..wh..opq: no such fil
Retrieving analyses

-----Apt-----

Packages found in redis:
NAME                           VERSION                         SIZE
-acl                           2.2.52-2                        258K
-adduser                       3.113 nmu3                      1M
-apt                           1.0.9.8.4                       3.1M
-base-files                    8 deb8u9                        413K
-base-passwd                   3.5.37                          185K
-bash                          4.3-11 deb8u1                   4.9M
-bsdutils                      1:2.25.2-6                      181K
-coreutils                     8.23-4                          13.9M
-dash                          0.5.7-4 b1                      191K
-debconf                       1.5.56 deb8u1                   614K
-debconf-i18n                  1.5.56 deb8u1                   1.1M
-debian-archive-keyring        2017.5~deb8u1                   137K
-debianutils                   4.4 b1                          147K
-diffutils                     1:3.3-1 b1                      950K
-dmsetup                       2:1.02.90-2.2 deb8u1            123K
-dpkg                          1.17.27                         6.5M
-e2fslibs                      1.42.12-2 b1                    386K
-e2fsprogs                     1.42.12-2 b1                    2.7M
-findutils                     4.4.2-9 b1                      1.4M
-gcc-4.8-base                  4.8.4-1                         212K
-gcc-4.9-base                  4.9.2-10                        218K
-gnupg                         1.4.18-7 deb8u4                 4.8M
-gpgv                          1.4.18-7 deb8u4                 414K
-grep                          2.20-4.1                        1.2M
-gzip                          1.6-4                           239K
-hostname                      3.15                            59K
-init                          1.22                            29K
-initscripts                   2.88dsf-59                      165K
-insserv                       1.14.0-5                        183K
-libacl1                       2.2.52-2                        80K
-libapt-pkg4.12                1.0.9.8.4                       2.6M
-libattr1                      1:2.4.47-2                      30K
-libaudit-common               1:2.4-1                         49K
-libaudit1                     1:2.4-1 b1                      157K
-libblkid1                     2.25.2-6                        326K
-libbz2-1.0                    1.0.6-7 b3                      114K
-libc-bin                      2.19-18 deb8u10                 3.2M
-libc6                         2.19-18 deb8u10                 10M
-libcap2                       1:2.24-8                        61K
-libcap2-bin                   1:2.24-8                        110K
-libcomerr2                    1.42.12-2 b1                    69K
-libcryptsetup4                2:1.6.6-5                       227K
-libdb5.3                      5.3.28-9                        1.8M
-libdebconfclient0             0.192                           53K
-libdevmapper1.02.1            2:1.02.90-2.2 deb8u1            330K
-libgcc1                       1:4.9.2-10                      129K
-libgcrypt20                   1.6.3-2 deb8u4                  998K
-libgpg-error0                 1.17-3                          444K
-libkmod2                      18-3                            134K
-liblocale-gettext-perl        1.05-8 b1                       37K
-liblzma5                      5.1.1alpha 20120614-2+b3        309K
-libmount1                     2.25.2-6                        357K
-libncurses5                   5.9 20140913-1+b1               306K
-libncursesw5                  5.9 20140913-1+b1               388K
-libpam-modules                1.1.8-3.1 deb8u2+b1             788K
-libpam-modules-bin            1.1.8-3.1 deb8u2+b1             201K
-libpam-runtime                1.1.8-3.1 deb8u2                1.4M
-libpam0g                      1.1.8-3.1 deb8u2+b1             213K
-libpcre3                      2:8.35-3.3 deb8u4               618K
-libprocps3                    2:3.3.9-9                       132K
-libreadline6                  6.3-8 b3                        419K
-libselinux1                   2.3-2                           213K
-libsemanage-common            2.3-1                           65K
-libsemanage1                  2.3-1 b1                        245K
-libsepol1                     2.3-2                           339K
-libslang2                     2.3.0-2                         1.5M
-libsmartcols1                 2.25.2-6                        209K
-libss2                        1.42.12-2 b1                    82K
-libstdc++6                    4.9.2-10                        1.3M
-libsystemd0                   215-17 deb8u7                   183K
-libtext-charwidth-perl        0.04-7 b3                       85K
-libtext-iconv-perl            1.7-5 b2                        92K
-libtext-wrapi18n-perl         0.06-7                          28K
-libtinfo5                     5.9 20140913-1+b1               480K
-libudev1                      215-17 deb8u7                   101K
-libusb-0.1-4                  2:0.1.12-25                     42K
-libustr-1.0-1                 1.0.4-3 b2                      287K
-libuuid1                      2.25.2-6                        89K
-login                         1:4.2-3 deb8u4                  2.1M
-lsb-base                      4.1 Debian13+nmu1               72K
-mawk                          1.3.3-17                        198K
-mount                         2.25.2-6                        357K
-multiarch-support             2.19-18 deb8u10                 194K
-ncurses-base                  5.9 20140913-1                  371K
-ncurses-bin                   5.9 20140913-1+b1               535K
-passwd                        1:4.2-3 deb8u4                  2.1M
-perl-base                     5.20.2-3 deb8u9                 4.5M
-procps                        2:3.3.9-9                       670K
-readline-common               6.3-8                           109K
-sed                           4.2.2-4 deb8u1                  575K
-sensible-utils                0.0.9                           110K
-startpar                      0.59-3                          95K
-systemd                       215-17 deb8u7                   11.2M
-systemd-sysv                  215-17 deb8u7                   40K
-sysv-rc                       2.88dsf-59                      125K
-sysvinit-utils                2.88dsf-59                      147K
-tar                           1.27.1-2 deb8u1                 2.2M
-tzdata                        2017b-0 deb8u1                  1.7M
-udev                          215-17 deb8u7                   5.8M
-util-linux                    2.25.2-6                        2.7M
-zlib1g                        1:1.2.8.dfsg-2 b1               179K

   container-diff analyze remote://docker.io/dalongrong/mqttmosca --type=node // 指明是node 

   输出如下:
   
   Retrieving image docker.io/dalongrong/mqttmosca from source Cloud Registry
ERRO[0008] remove /tmp/docker.iodalongrongmqttmosca121533925/var/lib/apt/lists/.wh.partial: no such file or directory 
Retrieving analyses

-----Node-----

Packages found in docker.io/dalongrong/mqttmosca:
NAME                            VERSION        SIZE          INSTALLATION
-balanced-match                 0.4.2          8.5K          /node_modules/balanced-match/
-cnpm                           4.4.2          14.8M         /usr/local/lib/node_modules/cnpm/
-code-point-at                  1.0.0          10.1K         /node_modules/code-point-at/
-concat-map                     0.0.1          6.3K          /node_modules/concat-map/
-d                              0.1.1          20.9K         /node_modules/d/
-es5-ext                        0.10.12        445.1K        /node_modules/es5-ext/
-is-fullwidth-code-point        1.0.0          11.5K         /node_modules/is-fullwidth-code-point/
-npm                            3.8.6          8.5M          /usr/local/lib/node_modules/npm/
-number-is-nan                  1.0.0          4.4K          /node_modules/number-is-nan/
-pm2                            2.2.3          11.7M         /usr/local/lib/node_modules/pm2/
3. 镜像差异比较
1. 参考命令:
container-diff diff <img1> <img2>     [Run default differs]
container-diff diff <img1> <img2> --type=history  [History]
container-diff diff <img1> <img2> --type=file  [File System]
container-diff diff <img1> <img2> --type=pip  [Pip]
container-diff diff <img1> <img2> --type=apt  [Apt]
container-diff diff <img1> <img2> --type=node  [Node]
2. 使用(和上面的一样daemon:// 本地镜像  remote:// 远程 )
container-diff remote://docker.io/dalongrong/fn:0.0.9  remote://docker.io/dalongrong/mqttmosca 
具体信息就不粘贴了,太多了
4. 附加参数
比如: -j or --json 生成json 格式的数据
5. 总结
功能很强很大,容器的黑匣子对于我们来说就比较清晰了。
5. 参考资料
https://github.com/GoogleCloudPlatform/container-diff
 
 
 
 
 类似资料: