![skopeo](/workshops/security_openshift/images/skopeo.png)
Skopeo is a command line utility for various operations on container images and image repositories.
Skopeo is able to inspect a repository on a Docker registry and fetch images layers. By inspect I mean it fetches the repository’s manifest and it is able to show you a docker inspect-like json output about a whole repository or a tag.
This tool, in contrast to docker inspect, helps you gather useful information about a repository or a tag before pulling it (using disk space) - e.g. - which tags are available for the given repository? which labels the image has?
Login as ec2-user, if you are root
just type exit.
exit
Lets use Skopeo to inspect a Fedora image on Docker Hub. Additionally we are
using the jq
tool to parse the response and
make it look better.
skopeo inspect docker://docker.io/fedora | jq '.'
jq
is easy to use, lets parse the just the digest out of this response.
skopeo inspect docker://docker.io/fedora | jq '.Digest'
Download images to the filesystem
Skopeo can be used to download and copy images to either a local filesystem or to other remote registries.
mkdir /home/ec2-user/busybox
skopeo copy docker://busybox:latest dir:/home/ec2-user/busybox
Now lets download a image into the OCI format so we can compare them.
mkdir busybox_ocilayout
skopeo copy docker://busybox:latest oci:/home/ec2-user/busybox_ocilayout
You can see that the busybox default image is laid out differently compared to the OCI image.
ls -la /home/ec2-user/busybox
ls -la /home/ec2-user/busybox_ocilayout
The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. At a high-level an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.
This helps to bring standards on how to bundle and run containers across the industry.
Image Metadata
Defining image metadata helps OpenShift better consume your Docker images, allowing OpenShift to create a better experience for developers using your image. For example, you can add metadata to provide helpful descriptions of your image, or offer suggestions on other images that may also be needed.
Examine images with Labels.
skopeo inspect docker://centos/mongodb-26-centos7 | jq '.'
skopeo inspect docker://centos/mongodb-26-centos7 | jq '.Labels'
skopeo inspect docker://openshift/wildfly-101-centos7 | jq '.'
skopeo inspect docker://openshift/wildfly-101-centos7 | jq '.Labels'