SlideShare a Scribd company logo
1 of 40
Download to read offline
The First 10M Pulls:
Building the Official curl Image for Docker Hub
James Fuller, webcomposite s.r.o.
Have you ever ?
> curl https://curl.haxx.se
CURL DEMO
curl demo
curl / libcurl
command line tool and library for transferring data with
URLs
Daniel Stenberg - https://daniel.haxx.se/blog/2020/04/30/the-state-of-curl-2020/
Daniel Stenberg - https://daniel.haxx.se/blog/2020/04/30/the-state-of-curl-2020/
Daniel Stenberg - https://daniel.haxx.se/blog/2020/04/30/the-state-of-curl-2020/
Daniel Stenberg - https://daniel.haxx.se/blog/2020/04/30/the-state-of-curl-2020/
https://curl.haxx.se/docs/companies.html/
Daniel Stenberg - https://daniel.haxx.se/blog/2020/04/30/the-state-of-curl-2020/
Have you ever ?
>docker run curlimages/curl https://curl.haxx.se
curl docker demo
James Fuller
programmer
programmer, webcomposite
s.r.o.
@_james_fuller
Agenda
● Introduction
● Design
● Implementation
● Lessons learned
● Next steps
● Questions
James Fuller, webcomposite s.r.o.
c/C++/python/fp
bigdata, semantics, network
http://jim.fuller.name
@_james_fuller
jim.fuller@webcomposite.com
functional programming
Lead Engineer
HTTP
database
semantics
data network
Who is curl/libcurl ?
Benevolent dictator for lifeDaniel Stenberg ‘BDFL’ :
curl src - https://github.com/curl/
curl
curl-docker src - https://github.com/curl/curl-docker
dockerhub - curlimages/curl
Why curl docker image ?
https://twitter.com/jpmens/status/1166301485178728448
Design
Design decisions
base image vs end user consumption ?
‘homebrew’ vs builder framework ?
Design concerns
test docker image
ensure docker image is ‘secure’
Mitigate security risk
Rui Shu, Xiaohui Gu and William Enck –
“A Study of Security Vulnerabilities on Docker Hub”, March 2017
https://dl.acm.org/doi/pdf/10.1145/3029806.3029832
Implementation details
multi-stage
multi arch
minimal size image
Implementation
Implementation
Build.
generates docker image for end user
‘consumption’
Makefile build system
build targets expose all functionality
base on latest curl release tag
CI build/test/scan with travis
curl-docker build demo
Implementation
Test.
curl’s own extensive test suite
lint check dockerfile - projectatomic/dockerfile-lint
docker image test - google’s container-structure-test
run the container
tests demo
Implementation
Security.
virus checker: clamav
rootkit: rkhunter (chkrootkit)
system: lynis
docker: trivis, anchore
security scanning demo
Implementation
Publish.
docker buildx push
Lessons learned
Be conservative
Incremental enhancement
Don’t break the internet
Keep it simple
single image
adopt builder framework when ready
● security scanning works !
● docker build buildx makes it easy to ‘multi-arch’
● docker great for development, be more careful about
production
Other lessons learned
Next steps
Variation
”batteries included”, minimal,
…
Useful deps
ex. include jq
More
arch, ssl backends, http2/3
impl, tests, security, …
Standard
Library ?
Thank you & Questions ?

More Related Content

What's hot

Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)
Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)
Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)
Erica Windisch
 
Docker Plugin for Heat
Docker Plugin for HeatDocker Plugin for Heat
Docker Plugin for Heat
Docker, Inc.
 

What's hot (19)

Deis, a PaaS built with Docker, Docker Meetup Sao Paulo #3 @Wayra
Deis, a PaaS built with Docker,  Docker Meetup Sao Paulo #3 @WayraDeis, a PaaS built with Docker,  Docker Meetup Sao Paulo #3 @Wayra
Deis, a PaaS built with Docker, Docker Meetup Sao Paulo #3 @Wayra
 
Lessons Learned from running Docker in production
Lessons Learned from running Docker in productionLessons Learned from running Docker in production
Lessons Learned from running Docker in production
 
Continous Delivery to Kubernetes using Helm
Continous Delivery to Kubernetes using HelmContinous Delivery to Kubernetes using Helm
Continous Delivery to Kubernetes using Helm
 
Docker in practice
Docker in practiceDocker in practice
Docker in practice
 
Docker Ecosystem: Part III - Machine
Docker Ecosystem: Part III - MachineDocker Ecosystem: Part III - Machine
Docker Ecosystem: Part III - Machine
 
Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)
Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)
Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)
 
NLUUG Spring 2012 - OpenShift Primer
NLUUG Spring 2012 - OpenShift PrimerNLUUG Spring 2012 - OpenShift Primer
NLUUG Spring 2012 - OpenShift Primer
 
Into to Docker (Central PA Java User Group - 8/14/2017)
Into to Docker (Central PA Java User Group - 8/14/2017)Into to Docker (Central PA Java User Group - 8/14/2017)
Into to Docker (Central PA Java User Group - 8/14/2017)
 
DockerCoreNet
DockerCoreNetDockerCoreNet
DockerCoreNet
 
Behind the scenes with Docker volume plugins
Behind the scenes with Docker volume pluginsBehind the scenes with Docker volume plugins
Behind the scenes with Docker volume plugins
 
Automating Mendix application deployments with Nix
Automating Mendix application deployments with NixAutomating Mendix application deployments with Nix
Automating Mendix application deployments with Nix
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
 
Introduction to Octopress at DRUG
Introduction to Octopress at DRUGIntroduction to Octopress at DRUG
Introduction to Octopress at DRUG
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at Twilio
 
Perl on-embedded-devices
Perl on-embedded-devicesPerl on-embedded-devices
Perl on-embedded-devices
 
Opps I deployed it again-ploneconf2010
Opps I deployed it again-ploneconf2010Opps I deployed it again-ploneconf2010
Opps I deployed it again-ploneconf2010
 
Puppeteerのお話
Puppeteerのお話Puppeteerのお話
Puppeteerのお話
 
EC2 Storage for Docker 150526b
EC2 Storage for Docker   150526bEC2 Storage for Docker   150526b
EC2 Storage for Docker 150526b
 
Docker Plugin for Heat
Docker Plugin for HeatDocker Plugin for Heat
Docker Plugin for Heat
 

Similar to The First 10M Pulls: Building The Official Curl Image for Docker Hub

Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing Stashboard
Docker, Inc.
 
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
Docker, Inc.
 

Similar to The First 10M Pulls: Building The Official Curl Image for Docker Hub (20)

Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!
 
mastering libcurl part 1
mastering libcurl part 1mastering libcurl part 1
mastering libcurl part 1
 
Docker @ Data Science Meetup
Docker @ Data Science MeetupDocker @ Data Science Meetup
Docker @ Data Science Meetup
 
Docker @ FOSS4G 2016, Bonn
Docker @ FOSS4G 2016, BonnDocker @ FOSS4G 2016, Bonn
Docker @ FOSS4G 2016, Bonn
 
Cloud expo-east-2015
Cloud expo-east-2015Cloud expo-east-2015
Cloud expo-east-2015
 
Interconnecting containers at scale #Dockercon
Interconnecting containers at scale #Dockercon Interconnecting containers at scale #Dockercon
Interconnecting containers at scale #Dockercon
 
Docker6anniversary
Docker6anniversaryDocker6anniversary
Docker6anniversary
 
Deploying Apache Spark Jobs on Kubernetes with Helm and Spark Operator
Deploying Apache Spark Jobs on Kubernetes with Helm and Spark OperatorDeploying Apache Spark Jobs on Kubernetes with Helm and Spark Operator
Deploying Apache Spark Jobs on Kubernetes with Helm and Spark Operator
 
BBL Premiers pas avec Docker
BBL Premiers pas avec DockerBBL Premiers pas avec Docker
BBL Premiers pas avec Docker
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
 
Installing Component Pack 6.0.0.6
Installing Component Pack 6.0.0.6Installing Component Pack 6.0.0.6
Installing Component Pack 6.0.0.6
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing Stashboard
 
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
 
DockerCon 2016 Seattle Recap
DockerCon 2016 Seattle RecapDockerCon 2016 Seattle Recap
DockerCon 2016 Seattle Recap
 
Docker for Ruby Developers
Docker for Ruby DevelopersDocker for Ruby Developers
Docker for Ruby Developers
 
Kubernetes Operability Tooling (GOTO Chicago 2019)
Kubernetes Operability Tooling (GOTO Chicago 2019)Kubernetes Operability Tooling (GOTO Chicago 2019)
Kubernetes Operability Tooling (GOTO Chicago 2019)
 
Docker Demo @ IuK Seminar
Docker Demo @ IuK SeminarDocker Demo @ IuK Seminar
Docker Demo @ IuK Seminar
 
How Stuffle uses Docker for deployments
How Stuffle uses Docker for deploymentsHow Stuffle uses Docker for deployments
How Stuffle uses Docker for deployments
 
JFrog container registry - DevOps extravaganza
JFrog container registry - DevOps extravaganza JFrog container registry - DevOps extravaganza
JFrog container registry - DevOps extravaganza
 
Don't screw it up! How to build durable API
Don't screw it up! How to build durable API Don't screw it up! How to build durable API
Don't screw it up! How to build durable API
 

More from Docker, Inc.

Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Virtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Virtual Meetup Docker + Arm: Building Multi-arch Apps with BuildxVirtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Virtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Docker, Inc.
 

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 
Sharing is Caring: How to Begin Speaking at Conferences
Sharing is Caring: How to Begin Speaking at ConferencesSharing is Caring: How to Begin Speaking at Conferences
Sharing is Caring: How to Begin Speaking at Conferences
 
Virtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Virtual Meetup Docker + Arm: Building Multi-arch Apps with BuildxVirtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Virtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
 

Recently uploaded

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 

Recently uploaded (20)

Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 

The First 10M Pulls: Building The Official Curl Image for Docker Hub