CODEWITHSUNDEEP
docker
Vaccano
Vaccano

Reputation: 82361

What are the values listed under "Layers" in Docker Image Inspect?

I am trying to write a program that ensure that the parent (or grandparent or great grandparent, etc) of a container is a container on a an approved list of containers. (To ensure that only approved containers are used in my company.)

When I run the command docker image inspect on my image I get some json in response. Part of that json looks like this:

"RootFS": {
    "Type": "layers",
    "Layers": [
        "sha256:cb42413394c4059335228c137fe884ff3ab8946a014014309676c25e3ac86864",
        "sha256:800afb4d883be4a1552b6afb33602caf7c69d5d9caa929aa961e74dd4df1f7fa",
        "sha256:6db0849b3e99f6471e878c20fdc1449623a5374d563f8463a791533f80f0387b",
        "sha256:f3bc884425c59baed7a7487a156c18d091ee1b567ab2bb9d286f110d31abb020",
        "sha256:139aa1a59c8a79c06c61077a51f83793e977bc818875d70ad1cfe7ce9e96cecd",
        "sha256:093496e1b286284fe6158c87e50aff6a905b809ee5f76d9c1897945fc53fd84c",
        "sha256:86248bc7c05ebaee4860efed18d1f6225909bbc03eccedd36ea4a154275540e1",
        "sha256:fe5e09df9bed600922ead78527eb7ff8a6b241dcee185aaa1213942b484cb769",
        "sha256:8b9bd48d3c62d7ddac27dfcc2c3c0cded5ef8ee530118b9212c8f4b8fd2e6faf",
        "sha256:4466146b6e2c6e31ffc6bf194ad75758e641e4f99dc6020b67d37024d9f99a98",
        "sha256:68f8345afd825ee2a0b675b5e93eb7b5504ad71a77136ba2014bd876e3ddbe68",
        "sha256:49a130b8b29dc6ac46c23bee6ffea315fe4b8ce4f621926834ad5e4fe7694a00",
        "sha256:bd13a0d30d036bbbd17d539310d0f821405c882419db56884a9562aa6d538975",
        "sha256:68f4281d14f5e70fc4a558fd4e3affcef4185d3fde53cd758cf46070327bbb06",
        "sha256:4410271de2fbbc8c72d545dfe212c29b83dc9e94e53a101e92526bdfcc566070",
        "sha256:5df5ddaa2216e7fa23096d325a984ca5993b6b04100850202a51abdac543f324",
        "sha256:a938e714d49d5122040f6af3dffc68efb1e9f19167e0982d4e1d2f5932166bec",
        "sha256:6e835bd4ceec7cc3b858dbbb61c32f08e27d3171428c76806bfab53616be1bad"
    ]
},

I thought these would be the layers of my container image. But the list does not contain the container image's parent. By parent, I mean the container image used in the FROM clause to create the image I inspected.) (I checked using the docker image ls --digests command.)

What are these values?

And more importantly, is there a way to get a list of the actual layers of a container?

Upvotes: 0

Views: 291

Answers (1)

ItayB
ItayB

Reputation: 11337

maybe dive can help you. It's a tool for exploring a docker image, layer contents, and much more.

In addition to the TUI, you can get the output in json file:

dive <your_image> --json <output_filename>

UPDATE: another (simpler) way is using docker history <image> to get your image layers details, for example:

$ docker history docker.elastic.co/elasticsearch/elasticsearch:6.3.2                                                                          16:32:47
IMAGE          CREATED       CREATED BY                                      SIZE      COMMENT
96dd1575de0f   2 years ago   /bin/sh -c #(nop)  CMD ["eswrapper"]            0B
<missing>      2 years ago   /bin/sh -c #(nop)  ENTRYPOINT ["/usr/local/b…   0B
<missing>      2 years ago   /bin/sh -c #(nop)  LABEL org.label-schema.sc…   0B
<missing>      2 years ago   /bin/sh -c #(nop)  EXPOSE 9200 9300             0B
<missing>      2 years ago   /bin/sh -c chgrp 0 /usr/local/bin/docker-ent…   4.95kB
<missing>      2 years ago   /bin/sh -c #(nop) COPY --chown=1000:0file:73…   4.26kB
<missing>      2 years ago   /bin/sh -c #(nop)  ENV PATH=/usr/share/elast…   0B
<missing>      2 years ago   /bin/sh -c #(nop) COPY --chown=1000:0dir:003…   217MB
<missing>      2 years ago   /bin/sh -c #(nop) WORKDIR /usr/share/elastic…   0B
<missing>      2 years ago   /bin/sh -c groupadd -g 1000 elasticsearch &&…   296kB
<missing>      2 years ago   /bin/sh -c yum update -y &&     yum install …   65.3MB
<missing>      2 years ago   /bin/sh -c ln -sf /etc/pki/ca-trust/extracte…   40B
<missing>      2 years ago   /bin/sh -c #(nop)  ENV JAVA_HOME=/opt/jdk-10…   0B
<missing>      2 years ago   /bin/sh -c curl -s https://download.java.net…   343MB
<missing>      2 years ago   /bin/sh -c #(nop)  ENV ELASTIC_CONTAINER=true   0B
<missing>      2 years ago   /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B
<missing>      2 years ago   /bin/sh -c #(nop)  LABEL org.label-schema.sc…   0B
<missing>      2 years ago   /bin/sh -c #(nop) ADD file:8f4b3be0c1427b158…   200MB

Upvotes: 1

Related Questions