Containers

MicroBadger API Provides Programmatic Access to Container Metadata

12 Jan 2017 1:00am, by

Liz Rice
Liz Rice is CEO of Microscaling Systems and one of the developers of MicroBadger.

Without metadata, container images are something of a black box: You have very little to go on other than the name, and perhaps some limited version information that might be present in a tag. Container image metadata (in the form of LABEL key-value pairs) gives you the opportunity to build much richer information into your images. Puppet’s Gareth Rushgrove likens this to the manifest or the bill of lading for a shipping container.

Our newly released MicroBadger API lets you programmatically query metadata about container images. I’m the CEO of MicroScaling Systems and one of the creators of the API. In this article, I’ll talk about why you might want to start thinking about metadata — and why this is just the first step to much more powerful deployment management.

Querying Metadata

When you have images on your local machine, you can query their metadata (including any labels) using docker inspect (here, for brevity I’m filtering to only show labels):

It’s easy to imagine tools that could put metadata like this to good use — for example:

  • Logging and visualization tools could use the human-readable name for clarity
  • Alerting could send information about the exact version of the code, using the version control labels vcs-ref and vcs-url
  • Suppose your biggest competitor just acquired some code that you use, and you’ve been asked to eliminate their code from your running deployment. If the labels are all in place you could use them to identify all the running containers supplied by that vendor.

You’ll notice that a lot of the labels use the namespace org.label-schema. This is a convention for label names that can be shared by third-party tools.

Querying Pre-deployment

But the docker inspect command only works if you have the image locally. What if you want to query information from the container registry before you pull the image?

You could write code to get the metadata using the registry API, but it involves multiple calls. We’ve made it much simpler with MicroBadger. Give it a try like this!

You’re probably wondering why this could be more help to you than Docker inspect.

As mentioned, you don’t have to have the image pulled locally. The API also returns metadata information about all the image versions, rather than just one specific one, and although at present this only supports Docker Hub, our intention is to add other registries as well.

The code running inside a container can access its own metadata this way with no more privileges than network access.

Perhaps the biggest advantage is that you simply need network access to get this information (for a public image, of course.) You don’t need to have access to the docker CLI. This means that the code running inside a container can get to it. The code running inside a container can access its own metadata this way with no more privileges than network access.

Experimental!

The MicroBadger API is still in experimental phase — and is far from being security hardened. That said, please feel free to kick the tires!

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.