How To Easily And Quickly Compare Container Images

Container-diff - Compare Container Images

I’ve got a good news for those who are building applications on containers. Picture this scenario. You’re a software developer. You’re working on an application, on a run time container image which is maintained by someone else. In the middle of the development, the original creator of the container image releases a new version of that base image with updated system packages. You download the updated base image and continue rebuilding your application on it. Suddenly, your application stopped working. You have successfully made it working in the previous image, but your application didn’t work in the latest base image. You’re pretty sure the application worked well on the previous version of system packages in the base image, but you have no idea which one. This is where “Container-diff” comes in help. Container-diff is a new open source product from Google that helps you to easily and quickly compare container images hosted in Google cloud platform.

Using Container-diff, you can easily track what changes have been made between the two base images, so you can get a better understanding of what has really changed inside the images. This will save you a lot of time to find the package version incompatibility, and you can decide whether to rebuild the application on latest container image or just stick with the old version until you find a suitable workaround. It also helps you to easily examine whether your application is working on the new builds of a container image.

Container-diff analyzes the following in Container images.

  • Docker Image History
  • Image file system
  • Apt packages
  • pip packages
  • npm packages

In this guide, we will see how to install Container-diff and how to use it to compare container images.

Installing Container-diff

I tested it on Ubuntu 16.04 LTS server edition. It will probably work on Debian and other Ubuntu variants.

To install Container-diff on your Ubuntu system, just run the following command:

curl -LO https://storage.googleapis.com/container-diff/latest/container-diff-linux-amd64 && chmod +x container-diff-linux-amd64 && mkdir -p $HOME/bin && export PATH=$PATH:$HOME/bin && mv container-diff-linux-amd64 $HOME/bin/container-diff

Make sure you have installed Docker. If you haven’t installed it already, refer the following link.

Analyze Container Images

First, let us analyze a container image, for example Debian 9, which is stored in Google Container Registry.

container-diff analyze gcr.io/google-appengine/debian9:latest

Sample output:

Retrieving image gcr.io/google-appengine/debian9:latest from source Cloud Registry
Retrieving analyses

-----Apt-----

Packages found in gcr.io/google-appengine/debian9:latest:
NAME VERSION SIZE
-adduser 3.115 849K
-apt 1.4.8 3.5M
-base-files 9.9 deb9u2 333K
-base-passwd 3.5.43 229K
-bash 4.4-5 5.7M
-bsdutils 1:2.29.2-1 238K
-ca-certificates 20161130 nmu1 468K
-coreutils 8.26-3 14.7M
-dash 0.5.8-2.4 204K
-debconf 1.5.61 558K
-debian-archive-keyring 2017.5 118K
-debianutils 4.8.1.1 213K
-diffutils 1:3.5-3 1.3M
-dpkg 1.18.24 6.6M
-e2fslibs 1.43.4-2 449K
-e2fsprogs 1.43.4-2 3.9M
-findutils 4.6.0 git+20161106-2 1.8M
-gcc-6-base 6.3.0-18 209K
-gpgv 2.1.18-8~deb9u1 721K
-grep 2.27-2 1.1M
-gzip 1.6-5 b1 231K
-hostname 3.18 b1 47K
-init-system-helpers 1.48 131K
-libacl1 2.2.52-3 b1 62K
-libapt-pkg5.0 1.4.8 3M
-libattr1 1:2.4.47-2 b2 42K
-libaudit-common 1:2.6.7-2 30K
-libaudit1 1:2.6.7-2 150K
-libblkid1 2.29.2-1 367K
-libbz2-1.0 1.0.6-8.1 96K
-libc-bin 2.24-11 deb9u1 3.3M
-libc6 2.24-11 deb9u1 10.4M
-libcap-ng0 0.7.7-3 b1 43K
-libcomerr2 1.43.4-2 83K
-libdb5.3 5.3.28-12 deb9u1 1.8M
-libdebconfclient0 0.227 67K
-libfdisk1 2.29.2-1 469K
-libgcc1 1:6.3.0-18 108K
-libgcrypt20 1.7.6-2 deb9u2 1.2M
-libgpg-error0 1.26-2 572K
-liblz4-1 0.0~r131-2 b1 93K
-liblzma5 5.2.2-1.2 b1 339K
-libmount1 2.29.2-1 403K
-libncursesw5 6.0 20161126-1+deb9u1 347K
-libpam-modules 1.1.8-3.6 874K
-libpam-modules-bin 1.1.8-3.6 220K
-libpam-runtime 1.1.8-3.6 1016K
-libpam0g 1.1.8-3.6 229K
-libpcre3 2:8.39-3 668K
-libselinux1 2.6-3 b3 209K
-libsemanage-common 2.6-2 39K
-libsemanage1 2.6-2 291K
-libsepol1 2.6-2 653K
-libsmartcols1 2.29.2-1 257K
-libss2 1.43.4-2 95K
-libssl1.1 1.1.0f-3 deb9u1 3.4M
-libstdc++6 6.3.0-18 2M
-libsystemd0 232-25 deb9u1 652K
-libtinfo5 6.0 20161126-1+deb9u1 478K
-libudev1 232-25 deb9u1 222K
-libustr-1.0-1 1.0.4-6 258K
-libuuid1 2.29.2-1 107K
-login 1:4.4-4.1 2.7M
-lsb-base 9.20161125 49K
-mawk 1.3.3-17 b3 183K
-mount 2.29.2-1 444K
-multiarch-support 2.24-11 deb9u1 220K
-ncurses-base 6.0 20161126-1+deb9u1 340K
-ncurses-bin 6.0 20161126-1+deb9u1 536K
-netbase 5.4 44K
-openssl 1.1.0f-3 deb9u1 1.2M
-passwd 1:4.4-4.1 2.4M
-perl-base 5.24.1-3 deb9u2 7.4M
-sed 4.4-1 799K
-sensible-utils 0.0.9 110K
-sysvinit-utils 2.88dsf-59.9 110K
-tar 1.29b-1.1 2.7M
-tzdata 2017c-0 deb9u1 2.9M
-util-linux 2.29.2-1 3.5M
-zlib1g 1:1.2.8.dfsg-5 156K

As you can see, Container-diff displays the APT analysis with no –type flag specified.

The list of available analyzers are;

  • –type=history [History]
  • –type=file [File System]
  • –type=pip [Pip]
  • –type=apt [Apt]
  • –type=node [Node]

You can run multiple analyzers at once like below.

container-diff analyze gcr.io/google-appengine/debian9:latest --type=history --type=apt --type=file

Compare Container Images

To compare two Containers images, use the following command:

container-diff diff gcr.io/google-appengine/debian9:latest gcr.io/google-appengine/debian9:2017-10-18-191738

Here, I am comparing two container images, the latest Debian 9 build image and a Debian 9 image built on 18th, 10, 2017.

Sample output would be:

Starting diff on images gcr.io/google-appengine/debian9:latest and gcr.io/google-appengine/debian9:2017-10-18-191738, using differs: [apt]
Retrieving image gcr.io/google-appengine/debian9:2017-10-18-191738 from source Cloud Registry
Retrieving image gcr.io/google-appengine/debian9:latest from source Cloud Registry
Computing diffs

-----Apt-----

Packages found only in gcr.io/google-appengine/debian9:latest: None

Packages found only in gcr.io/google-appengine/debian9:2017-10-18-191738: None

Version differences:
PACKAGE IMAGE1 (gcr.io/google-appengine/debian9:latest) IMAGE2 (gcr.io/google-appengine/debian9:2017-10-18-191738)
-libssl1.1 1.1.0f-3 deb9u1, 3.4M 1.1.0f-3, 3.4M
-openssl 1.1.0f-3 deb9u1, 1.2M 1.1.0f-3, 1.2M
-tzdata 2017c-0 deb9u1, 2.9M 2017b-1, 2.9M

As you can see in the output, there are three packages have been updated in the latest build.

If there are no differences between the two images, you will see an output something like below.

Computing diffs

-----Apt-----

Packages found only in gcr.io/google-appengine/debian9:latest: None

Packages found only in gcr.io/google-appengine/debian9:2017-11-27-220229: None

Version differences: None

Like I already said, by default, with no –type flag specified, container-diff will run Apt package analysis.

We can run multiple analyzers at once as shown below.

container-diff diff gcr.io/google-appengine/debian9:latest gcr.io/google-appengine/debian9:2017-10-18-191738 --type=history --type=apt --type=node

Here, I am running three analyzers namely history, apt, and node.

Sample output would be:

Starting diff on images gcr.io/google-appengine/debian9:latest and gcr.io/google-appengine/debian9:2017-10-18-191738, using differs: [history apt node]
Retrieving image gcr.io/google-appengine/debian9:2017-10-18-191738 from source Cloud Registry
Retrieving image gcr.io/google-appengine/debian9:latest from source Cloud Registry
Computing diffs

-----Apt-----

Packages found only in gcr.io/google-appengine/debian9:latest: None

Packages found only in gcr.io/google-appengine/debian9:2017-10-18-191738: None

Version differences:
PACKAGE IMAGE1 (gcr.io/google-appengine/debian9:latest) IMAGE2 (gcr.io/google-appengine/debian9:2017-10-18-191738)
-libssl1.1 1.1.0f-3 deb9u1, 3.4M 1.1.0f-3, 3.4M
-openssl 1.1.0f-3 deb9u1, 1.2M 1.1.0f-3, 1.2M
-tzdata 2017c-0 deb9u1, 2.9M 2017b-1, 2.9M

-----History-----

Docker history lines found only in gcr.io/google-appengine/debian9:latest: None

Docker history lines found only in gcr.io/google-appengine/debian9:2017-10-18-191738: None

-----Node-----

Packages found only in gcr.io/google-appengine/debian9:latest: None

Packages found only in gcr.io/google-appengine/debian9:2017-10-18-191738: None

Version differences: None

You can also compare locally stored image with the remote image as shown below.

container-diff diff daemon://modified_debian:latest remote://gcr.io/google-appengine/debian9:latest

For more details, refer Container-diff official links given at the end of this guide.

And, that’s all for now. More good stuffs to come. Stay tuned!

Cheers!

Resources:

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You may also like...