From e61f37c8014e8840a6aaf9b58b627de7e111d91f Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Tue, 17 Oct 2023 09:46:57 +0100 Subject: [PATCH 01/11] Moved container attributes to the registry Signed-off-by: ChrsMark --- docs/attributes-registry/README.md | 1 + docs/attributes-registry/container.md | 30 +++++++++ docs/resource/container.md | 21 +++--- model/registry/container.yaml | 89 ++++++++++++++++++++++++++ model/resource/container.yaml | 92 +++------------------------ 5 files changed, 140 insertions(+), 93 deletions(-) create mode 100644 docs/attributes-registry/container.md create mode 100644 model/registry/container.yaml diff --git a/docs/attributes-registry/README.md b/docs/attributes-registry/README.md index f1efd2ca7c..f7dab53e60 100644 --- a/docs/attributes-registry/README.md +++ b/docs/attributes-registry/README.md @@ -29,5 +29,6 @@ Currently, the following namespaces exist: * [HTTP](http.md) * [URL](url.md) +* [Container](container.md) [developers recommendations]: https://github.com/open-telemetry/opentelemetry-specification/tree/v1.26.0/specification/common/attribute-naming.md#recommendations-for-application-developers diff --git a/docs/attributes-registry/container.md b/docs/attributes-registry/container.md new file mode 100644 index 0000000000..b62bcbea23 --- /dev/null +++ b/docs/attributes-registry/container.md @@ -0,0 +1,30 @@ + + +# Container + +## Container Attributes + + +| Attribute | Type | Description | Examples | +|---|---|---|---| +| `container.command` | string | The command used to run the container (i.e. the command name). [1] | `otelcontribcol` | +| `container.command_args` | string[] | All the command arguments (including the command/executable itself) run by the container. [2] | `[otelcontribcol, --config, config.yaml]` | +| `container.command_line` | string | The full command run by the container as a single string representing the full command. [2] | `otelcontribcol --config config.yaml` | +| `container.id` | string | Container ID. Usually a UUID, as for example used to [identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification). The UUID might be abbreviated. | `a3bf90e006b2` | +| `container.image.id` | string | Runtime specific image identifier. Usually a hash algorithm followed by a UUID. [2] | `sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f` | +| `container.image.name` | string | Name of the image the container was built on. | `gcr.io/opentelemetry/operator` | +| `container.image.repo_digests` | string[] | Repo digests of the container image as provided by the container runtime. [3] | `[example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb, internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578]` | +| `container.image.tags` | string[] | Container image tags. An example can be found in [Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect). Should be only the `` section of the full name for example from `registry.example.com/my-org/my-image:`. | `[v1.27.1, 3.5.7-0]` | +| `container.labels.` | string | Container labels, `` being the label name, the value being the label value. | `container.labels.app=nginx` | +| `container.name` | string | Container name used by container runtime. | `opentelemetry-autoconf` | +| `container.runtime` | string | The container runtime managing this container. | `docker`; `containerd`; `rkt` | + +**[1]:** If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage. + +**[2]:** Docker defines a sha256 of the image id; `container.image.id` corresponds to the `Image` field from the Docker container inspect [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect) endpoint. +K8s defines a link to the container registry repository with digest `"imageID": "registry.azurecr.io /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`. +The ID is assinged by the container runtime and can vary in different environments. Consider using `oci.manifest.digest` if it is important to identify the same image in different environments/runtimes. + +**[3]:** [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238) report those under the `RepoDigests` field. + \ No newline at end of file diff --git a/docs/resource/container.md b/docs/resource/container.md index 827e20b779..a2b2c4b8fb 100644 --- a/docs/resource/container.md +++ b/docs/resource/container.md @@ -9,17 +9,16 @@ | Attribute | Type | Description | Examples | Requirement Level | |---|---|---|---|---| -| `container.command` | string | The command used to run the container (i.e. the command name). [1] | `otelcontribcol` | Opt-In | -| `container.command_args` | string[] | All the command arguments (including the command/executable itself) run by the container. [2] | `[otelcontribcol, --config, config.yaml]` | Opt-In | -| `container.command_line` | string | The full command run by the container as a single string representing the full command. [2] | `otelcontribcol --config config.yaml` | Opt-In | -| `container.id` | string | Container ID. Usually a UUID, as for example used to [identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification). The UUID might be abbreviated. | `a3bf90e006b2` | Recommended | -| `container.image.id` | string | Runtime specific image identifier. Usually a hash algorithm followed by a UUID. [2] | `sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f` | Recommended | -| `container.image.name` | string | Name of the image the container was built on. | `gcr.io/opentelemetry/operator` | Recommended | -| `container.image.repo_digests` | string[] | Repo digests of the container image as provided by the container runtime. [3] | `[example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb, internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578]` | Recommended | -| `container.image.tags` | string[] | Container image tags. An example can be found in [Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect). Should be only the `` section of the full name for example from `registry.example.com/my-org/my-image:`. | `[v1.27.1, 3.5.7-0]` | Recommended | -| `container.labels.` | string | Container labels, `` being the label name, the value being the label value. | `container.labels.app=nginx` | Recommended | -| `container.name` | string | Container name used by container runtime. | `opentelemetry-autoconf` | Recommended | -| `container.runtime` | string | The container runtime managing this container. | `docker`; `containerd`; `rkt` | Recommended | +| [`container.command`](../attributes-registry/container.md) | string | The command used to run the container (i.e. the command name). [1] | `otelcontribcol` | Opt-In | +| [`container.command_args`](../attributes-registry/container.md) | string[] | All the command arguments (including the command/executable itself) run by the container. [2] | `[otelcontribcol, --config, config.yaml]` | Opt-In | +| [`container.command_line`](../attributes-registry/container.md) | string | The full command run by the container as a single string representing the full command. [2] | `otelcontribcol --config config.yaml` | Opt-In | +| [`container.image.id`](../attributes-registry/container.md) | string | Runtime specific image identifier. Usually a hash algorithm followed by a UUID. [2] | `sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f` | Recommended | +| [`container.image.name`](../attributes-registry/container.md) | string | Name of the image the container was built on. | `gcr.io/opentelemetry/operator` | Recommended | +| [`container.image.repo_digests`](../attributes-registry/container.md) | string[] | Repo digests of the container image as provided by the container runtime. [3] | `[example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb, internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578]` | Recommended | +| [`container.image.tags`](../attributes-registry/container.md) | string[] | Container image tags. An example can be found in [Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect). Should be only the `` section of the full name for example from `registry.example.com/my-org/my-image:`. | `[v1.27.1, 3.5.7-0]` | Recommended | +| [`container.labels.`](../attributes-registry/container.md) | string | Container labels, `` being the label name, the value being the label value. | `container.labels.app=nginx` | Recommended | +| [`container.name`](../attributes-registry/container.md) | string | Container name used by container runtime. | `opentelemetry-autoconf` | Recommended | +| [`container.runtime`](../attributes-registry/container.md) | string | The container runtime managing this container. | `docker`; `containerd`; `rkt` | Recommended | **[1]:** If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage. diff --git a/model/registry/container.yaml b/model/registry/container.yaml new file mode 100644 index 0000000000..3905bcbe9e --- /dev/null +++ b/model/registry/container.yaml @@ -0,0 +1,89 @@ +groups: + - id: registry.container + prefix: container + type: resource + brief: > + A container instance. + attributes: + - id: name + type: string + brief: > + Container name used by container runtime. + examples: ['opentelemetry-autoconf'] + - id: id + type: string + brief: > + Container ID. Usually a UUID, as for example used to + [identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification). + The UUID might be abbreviated. + examples: ['a3bf90e006b2'] + - id: runtime + type: string + brief: > + The container runtime managing this container. + examples: ['docker', 'containerd', 'rkt'] + - id: image.name + type: string + brief: > + Name of the image the container was built on. + examples: ['gcr.io/opentelemetry/operator'] + - id: image.tags + type: string[] + brief: > + Container image tags. An example can be found in + [Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect). + Should be only the `` section of the full name for example + from `registry.example.com/my-org/my-image:`. + examples: ['v1.27.1', '3.5.7-0'] + - id: image.id + type: string + brief: > + Runtime specific image identifier. Usually a hash algorithm followed by a UUID. + note: > + Docker defines a sha256 of the image id; `container.image.id` corresponds to the `Image` field from the Docker + container inspect [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect) + endpoint. + + K8s defines a link to the container registry repository with digest `"imageID": "registry.azurecr.io + /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`. + + The ID is assinged by the container runtime and can vary in different environments. + Consider using `oci.manifest.digest` if it is important to identify the same + image in different environments/runtimes. + examples: ['sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f'] + - id: image.repo_digests + type: string[] + brief: > + Repo digests of the container image as provided by the container runtime. + note: > + [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and + [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238) + report those under the `RepoDigests` field. + examples: + - 'example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb' + - 'internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578' + - id: command + type: string + requirement_level: opt_in + note: > + If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage. + brief: > + The command used to run the container (i.e. the command name). + examples: [ 'otelcontribcol' ] + - id: command_line + type: string + requirement_level: opt_in + brief: > + The full command run by the container as a single string representing the full command. [2] + examples: [ 'otelcontribcol --config config.yaml' ] + - id: command_args + type: string[] + requirement_level: opt_in + brief: > + All the command arguments (including the command/executable itself) run by the container. [2] + examples: [ 'otelcontribcol, --config, config.yaml' ] + - id: labels + type: template[string] + brief: > + Container labels, `` being the label name, the value being the label value. + examples: [ 'container.labels.app=nginx' ] diff --git a/model/resource/container.yaml b/model/resource/container.yaml index 2080b7b9c6..798f8d1a1d 100644 --- a/model/resource/container.yaml +++ b/model/resource/container.yaml @@ -5,85 +5,13 @@ groups: brief: > A container instance. attributes: - - id: name - type: string - brief: > - Container name used by container runtime. - examples: ['opentelemetry-autoconf'] - - id: id - type: string - brief: > - Container ID. Usually a UUID, as for example used to - [identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification). - The UUID might be abbreviated. - examples: ['a3bf90e006b2'] - - id: runtime - type: string - brief: > - The container runtime managing this container. - examples: ['docker', 'containerd', 'rkt'] - - id: image.name - type: string - brief: > - Name of the image the container was built on. - examples: ['gcr.io/opentelemetry/operator'] - - id: image.tags - type: string[] - brief: > - Container image tags. An example can be found in - [Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect). - Should be only the `` section of the full name for example - from `registry.example.com/my-org/my-image:`. - examples: ['v1.27.1', '3.5.7-0'] - - id: image.id - type: string - brief: > - Runtime specific image identifier. Usually a hash algorithm followed by a UUID. - note: > - Docker defines a sha256 of the image id; `container.image.id` corresponds to the `Image` field from the Docker - container inspect [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect) - endpoint. - - K8s defines a link to the container registry repository with digest `"imageID": "registry.azurecr.io - /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`. - - The ID is assinged by the container runtime and can vary in different environments. - Consider using `oci.manifest.digest` if it is important to identify the same - image in different environments/runtimes. - examples: ['sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f'] - - id: image.repo_digests - type: string[] - brief: > - Repo digests of the container image as provided by the container runtime. - note: > - [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and - [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238) - report those under the `RepoDigests` field. - examples: - - 'example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb' - - 'internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578' - - id: command - type: string - requirement_level: opt_in - note: > - If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage. - brief: > - The command used to run the container (i.e. the command name). - examples: [ 'otelcontribcol' ] - - id: command_line - type: string - requirement_level: opt_in - brief: > - The full command run by the container as a single string representing the full command. [2] - examples: [ 'otelcontribcol --config config.yaml' ] - - id: command_args - type: string[] - requirement_level: opt_in - brief: > - All the command arguments (including the command/executable itself) run by the container. [2] - examples: [ 'otelcontribcol, --config, config.yaml' ] - - id: labels - type: template[string] - brief: > - Container labels, `` being the label name, the value being the label value. - examples: [ 'container.labels.app=nginx' ] + - ref: container.name + - ref: container.runtime + - ref: container.image.name + - ref: container.image.tags + - ref: container.image.id + - ref: container.image.repo_digests + - ref: container.command + - ref: container.command_line + - ref: container.command_args + - ref: container.labels From 5f1a56709618fcbc52013627212c82c86eba9d80 Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Tue, 17 Oct 2023 11:40:29 +0100 Subject: [PATCH 02/11] Move OCI attributes to the registry Signed-off-by: ChrsMark --- docs/attributes-registry/container.md | 19 ++++++++++++++++++- docs/resource/container.md | 2 +- model/registry/oci.yaml | 21 +++++++++++++++++++++ model/resource/oci.yaml | 15 +-------------- 4 files changed, 41 insertions(+), 16 deletions(-) create mode 100644 model/registry/oci.yaml diff --git a/docs/attributes-registry/container.md b/docs/attributes-registry/container.md index b62bcbea23..d0840d8643 100644 --- a/docs/attributes-registry/container.md +++ b/docs/attributes-registry/container.md @@ -27,4 +27,21 @@ K8s defines a link to the container registry repository with digest `"imageID": The ID is assinged by the container runtime and can vary in different environments. Consider using `oci.manifest.digest` if it is important to identify the same image in different environments/runtimes. **[3]:** [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238) report those under the `RepoDigests` field. - \ No newline at end of file + + + +## Open Container Initiative (OCI) + +The [Open Container Initiative](https://opencontainers.org/) defines open industry standards around container formats and runtimes. + +### OCI Image Manifest + + + +| Attribute | Type | Description | Examples | +|---|---|---|---| +| `oci.manifest.digest` | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | + +**[1]:** Follows [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), and specifically the [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests). +An example can be found in [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest). + diff --git a/docs/resource/container.md b/docs/resource/container.md index a2b2c4b8fb..7a4d8e5591 100644 --- a/docs/resource/container.md +++ b/docs/resource/container.md @@ -47,7 +47,7 @@ that defines an OCI Image manifest. | Attribute | Type | Description | Examples | Requirement Level | |---|---|---|---|---| -| `oci.manifest.digest` | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | Recommended | +| [`oci.manifest.digest`](../attributes-registry/container.md) | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | Recommended | **[1]:** Follows [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), and specifically the [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests). An example can be found in [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest). diff --git a/model/registry/oci.yaml b/model/registry/oci.yaml new file mode 100644 index 0000000000..45e2838796 --- /dev/null +++ b/model/registry/oci.yaml @@ -0,0 +1,21 @@ +groups: + - id: registry.oci.manifest + prefix: oci.manifest + type: resource + brief: > + An OCI image manifest. + attributes: + - id: digest + type: string + brief: > + The digest of the OCI image manifest. For container images specifically is the + digest by which the container image is known. + note: > + Follows + [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), + and specifically the + [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests). + + An example can be found in + [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest). + examples: [ 'sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4' ] diff --git a/model/resource/oci.yaml b/model/resource/oci.yaml index fc1ff2ebb3..a673b53573 100644 --- a/model/resource/oci.yaml +++ b/model/resource/oci.yaml @@ -5,17 +5,4 @@ groups: brief: > An OCI image manifest. attributes: - - id: digest - type: string - brief: > - The digest of the OCI image manifest. For container images specifically is the - digest by which the container image is known. - note: > - Follows - [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), - and specifically the - [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests). - - An example can be found in - [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest). - examples: [ 'sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4' ] + - ref: oci.manifest.digest From 5dbeeb22132274fa692f76c1e14d44baaa3df86d Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Tue, 17 Oct 2023 11:42:17 +0100 Subject: [PATCH 03/11] remove blank lines Signed-off-by: ChrsMark --- docs/attributes-registry/container.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/attributes-registry/container.md b/docs/attributes-registry/container.md index d0840d8643..1d7ddb4be9 100644 --- a/docs/attributes-registry/container.md +++ b/docs/attributes-registry/container.md @@ -29,14 +29,12 @@ The ID is assinged by the container runtime and can vary in different environmen **[3]:** [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238) report those under the `RepoDigests` field. - ## Open Container Initiative (OCI) The [Open Container Initiative](https://opencontainers.org/) defines open industry standards around container formats and runtimes. ### OCI Image Manifest - | Attribute | Type | Description | Examples | |---|---|---|---| From 44844a648ebf9bb99677faa149b89071a6d135cf Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Tue, 17 Oct 2023 12:33:06 +0100 Subject: [PATCH 04/11] Move requirement_level back Signed-off-by: ChrsMark --- model/registry/container.yaml | 3 --- model/resource/container.yaml | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/model/registry/container.yaml b/model/registry/container.yaml index 3905bcbe9e..0755d078af 100644 --- a/model/registry/container.yaml +++ b/model/registry/container.yaml @@ -64,7 +64,6 @@ groups: - 'internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578' - id: command type: string - requirement_level: opt_in note: > If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage. brief: > @@ -72,13 +71,11 @@ groups: examples: [ 'otelcontribcol' ] - id: command_line type: string - requirement_level: opt_in brief: > The full command run by the container as a single string representing the full command. [2] examples: [ 'otelcontribcol --config config.yaml' ] - id: command_args type: string[] - requirement_level: opt_in brief: > All the command arguments (including the command/executable itself) run by the container. [2] examples: [ 'otelcontribcol, --config, config.yaml' ] diff --git a/model/resource/container.yaml b/model/resource/container.yaml index 798f8d1a1d..0d81c94167 100644 --- a/model/resource/container.yaml +++ b/model/resource/container.yaml @@ -12,6 +12,9 @@ groups: - ref: container.image.id - ref: container.image.repo_digests - ref: container.command + requirement_level: opt_in - ref: container.command_line + requirement_level: opt_in - ref: container.command_args + requirement_level: opt_in - ref: container.labels From a39e84c627de4012bf20ab97003b877592803d1c Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Wed, 18 Oct 2023 21:39:48 +0100 Subject: [PATCH 05/11] Add missing attribute Signed-off-by: ChrsMark --- docs/resource/container.md | 1 + model/resource/container.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/resource/container.md b/docs/resource/container.md index 7a4d8e5591..cafc3ba137 100644 --- a/docs/resource/container.md +++ b/docs/resource/container.md @@ -12,6 +12,7 @@ | [`container.command`](../attributes-registry/container.md) | string | The command used to run the container (i.e. the command name). [1] | `otelcontribcol` | Opt-In | | [`container.command_args`](../attributes-registry/container.md) | string[] | All the command arguments (including the command/executable itself) run by the container. [2] | `[otelcontribcol, --config, config.yaml]` | Opt-In | | [`container.command_line`](../attributes-registry/container.md) | string | The full command run by the container as a single string representing the full command. [2] | `otelcontribcol --config config.yaml` | Opt-In | +| [`container.id`](../attributes-registry/container.md) | string | Container ID. Usually a UUID, as for example used to [identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification). The UUID might be abbreviated. | `a3bf90e006b2` | Recommended | | [`container.image.id`](../attributes-registry/container.md) | string | Runtime specific image identifier. Usually a hash algorithm followed by a UUID. [2] | `sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f` | Recommended | | [`container.image.name`](../attributes-registry/container.md) | string | Name of the image the container was built on. | `gcr.io/opentelemetry/operator` | Recommended | | [`container.image.repo_digests`](../attributes-registry/container.md) | string[] | Repo digests of the container image as provided by the container runtime. [3] | `[example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb, internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578]` | Recommended | diff --git a/model/resource/container.yaml b/model/resource/container.yaml index 0d81c94167..9741270e17 100644 --- a/model/resource/container.yaml +++ b/model/resource/container.yaml @@ -6,6 +6,7 @@ groups: A container instance. attributes: - ref: container.name + - ref: container.id - ref: container.runtime - ref: container.image.name - ref: container.image.tags From 6eb7de74f86fd26254fd32815c02415cbf04f413 Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Thu, 26 Oct 2023 09:46:20 +0100 Subject: [PATCH 06/11] sort docs list Signed-off-by: ChrsMark --- docs/attributes-registry/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/attributes-registry/README.md b/docs/attributes-registry/README.md index f7dab53e60..723be00cbf 100644 --- a/docs/attributes-registry/README.md +++ b/docs/attributes-registry/README.md @@ -27,8 +27,8 @@ All registered attributes are listed by namespace in this registry. Currently, the following namespaces exist: +* [Container](container.md) * [HTTP](http.md) * [URL](url.md) -* [Container](container.md) [developers recommendations]: https://github.com/open-telemetry/opentelemetry-specification/tree/v1.26.0/specification/common/attribute-naming.md#recommendations-for-application-developers From cc38e66799a33dcb306eecd2f50e459222ed19cb Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Thu, 26 Oct 2023 12:29:51 +0100 Subject: [PATCH 07/11] Move oci to separate file Signed-off-by: ChrsMark --- docs/attributes-registry/README.md | 1 + docs/attributes-registry/container.md | 13 ------------- docs/attributes-registry/oci.md | 14 ++++++++++++++ docs/resource/container.md | 2 +- 4 files changed, 16 insertions(+), 14 deletions(-) create mode 100644 docs/attributes-registry/oci.md diff --git a/docs/attributes-registry/README.md b/docs/attributes-registry/README.md index f2c3431301..a4995ec5f0 100644 --- a/docs/attributes-registry/README.md +++ b/docs/attributes-registry/README.md @@ -30,6 +30,7 @@ Currently, the following namespaces exist: * [Container](container.md) * [HTTP](http.md) * [Network](network.md) +* [OCI](oci.md) * [RPC](rpc.md) * [URL](url.md) * [User agent](user-agent.md) diff --git a/docs/attributes-registry/container.md b/docs/attributes-registry/container.md index 1d7ddb4be9..19942095d3 100644 --- a/docs/attributes-registry/container.md +++ b/docs/attributes-registry/container.md @@ -29,17 +29,4 @@ The ID is assinged by the container runtime and can vary in different environmen **[3]:** [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238) report those under the `RepoDigests` field. -## Open Container Initiative (OCI) -The [Open Container Initiative](https://opencontainers.org/) defines open industry standards around container formats and runtimes. - -### OCI Image Manifest - - -| Attribute | Type | Description | Examples | -|---|---|---|---| -| `oci.manifest.digest` | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | - -**[1]:** Follows [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), and specifically the [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests). -An example can be found in [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest). - diff --git a/docs/attributes-registry/oci.md b/docs/attributes-registry/oci.md new file mode 100644 index 0000000000..5c5573dd59 --- /dev/null +++ b/docs/attributes-registry/oci.md @@ -0,0 +1,14 @@ +## Open Container Initiative (OCI) + +The [Open Container Initiative](https://opencontainers.org/) defines open industry standards around container formats and runtimes. + +### OCI Image Manifest + + +| Attribute | Type | Description | Examples | +|---|---|---|---| +| `oci.manifest.digest` | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | + +**[1]:** Follows [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), and specifically the [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests). +An example can be found in [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest). + \ No newline at end of file diff --git a/docs/resource/container.md b/docs/resource/container.md index cafc3ba137..8acfc32176 100644 --- a/docs/resource/container.md +++ b/docs/resource/container.md @@ -48,7 +48,7 @@ that defines an OCI Image manifest. | Attribute | Type | Description | Examples | Requirement Level | |---|---|---|---|---| -| [`oci.manifest.digest`](../attributes-registry/container.md) | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | Recommended | +| [`oci.manifest.digest`](../attributes-registry/oci.md) | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | Recommended | **[1]:** Follows [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), and specifically the [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests). An example can be found in [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest). From 57ba587467d8470b96f4b01e468bd0935a8a52ed Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Thu, 26 Oct 2023 13:04:26 +0100 Subject: [PATCH 08/11] merge semconv definitions Signed-off-by: ChrsMark --- docs/resource/container.md | 24 ++---------------------- model/resource/container.yaml | 1 + model/resource/oci.yaml | 8 -------- 3 files changed, 3 insertions(+), 30 deletions(-) delete mode 100644 model/resource/oci.yaml diff --git a/docs/resource/container.md b/docs/resource/container.md index 8acfc32176..1abdd5c277 100644 --- a/docs/resource/container.md +++ b/docs/resource/container.md @@ -20,6 +20,7 @@ | [`container.labels.`](../attributes-registry/container.md) | string | Container labels, `` being the label name, the value being the label value. | `container.labels.app=nginx` | Recommended | | [`container.name`](../attributes-registry/container.md) | string | Container name used by container runtime. | `opentelemetry-autoconf` | Recommended | | [`container.runtime`](../attributes-registry/container.md) | string | The container runtime managing this container. | `docker`; `containerd`; `rkt` | Recommended | +| [`oci.manifest.digest`](../attributes-registry/oci.md) | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [4] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | Recommended | **[1]:** If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage. @@ -28,29 +29,8 @@ K8s defines a link to the container registry repository with digest `"imageID": The ID is assinged by the container runtime and can vary in different environments. Consider using `oci.manifest.digest` if it is important to identify the same image in different environments/runtimes. **[3]:** [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238) report those under the `RepoDigests` field. - - -## Open Container Initiative (OCI) - -The [Open Container Initiative](https://opencontainers.org/) defines open industry standards around container formats and runtimes. - -### OCI Image Manifest - -This section refers to the [specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md) -that defines an OCI Image manifest. - -**Status**: [Experimental][DocumentStatus] - -**type:** `oci` - -**Description:** Attributes of an OCI image manifest. - - -| Attribute | Type | Description | Examples | Requirement Level | -|---|---|---|---|---| -| [`oci.manifest.digest`](../attributes-registry/oci.md) | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | Recommended | -**[1]:** Follows [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), and specifically the [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests). +**[4]:** Follows [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), and specifically the [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests). An example can be found in [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest). diff --git a/model/resource/container.yaml b/model/resource/container.yaml index 9741270e17..f5de6980ea 100644 --- a/model/resource/container.yaml +++ b/model/resource/container.yaml @@ -19,3 +19,4 @@ groups: - ref: container.command_args requirement_level: opt_in - ref: container.labels + - ref: oci.manifest.digest \ No newline at end of file diff --git a/model/resource/oci.yaml b/model/resource/oci.yaml deleted file mode 100644 index a673b53573..0000000000 --- a/model/resource/oci.yaml +++ /dev/null @@ -1,8 +0,0 @@ -groups: - - id: oci.manifest - prefix: oci.manifest - type: resource - brief: > - An OCI image manifest. - attributes: - - ref: oci.manifest.digest From d078ad925f8d49e2ecfe1ed5b351d47f582ecfb8 Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Thu, 26 Oct 2023 13:23:36 +0100 Subject: [PATCH 09/11] lint Signed-off-by: ChrsMark --- docs/attributes-registry/oci.md | 4 ++-- model/resource/container.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/attributes-registry/oci.md b/docs/attributes-registry/oci.md index 5c5573dd59..abfc4f7479 100644 --- a/docs/attributes-registry/oci.md +++ b/docs/attributes-registry/oci.md @@ -1,8 +1,8 @@ -## Open Container Initiative (OCI) +# Open Container Initiative (OCI) The [Open Container Initiative](https://opencontainers.org/) defines open industry standards around container formats and runtimes. -### OCI Image Manifest +## OCI Image Manifest | Attribute | Type | Description | Examples | diff --git a/model/resource/container.yaml b/model/resource/container.yaml index f5de6980ea..97923e440e 100644 --- a/model/resource/container.yaml +++ b/model/resource/container.yaml @@ -19,4 +19,4 @@ groups: - ref: container.command_args requirement_level: opt_in - ref: container.labels - - ref: oci.manifest.digest \ No newline at end of file + - ref: oci.manifest.digest From 23f3e49ea2a417b6e37bd18fb63abc6deda651fb Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Thu, 26 Oct 2023 13:25:20 +0100 Subject: [PATCH 10/11] remove blank lines Signed-off-by: ChrsMark --- docs/attributes-registry/container.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/attributes-registry/container.md b/docs/attributes-registry/container.md index 19942095d3..7cc959620b 100644 --- a/docs/attributes-registry/container.md +++ b/docs/attributes-registry/container.md @@ -28,5 +28,3 @@ The ID is assinged by the container runtime and can vary in different environmen **[3]:** [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238) report those under the `RepoDigests` field. - - From 90af11081b7606c2682a31d264e437d751c8132d Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Thu, 26 Oct 2023 15:00:06 +0100 Subject: [PATCH 11/11] change registry to use attribute_group type Signed-off-by: ChrsMark --- model/registry/container.yaml | 2 +- model/registry/oci.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/model/registry/container.yaml b/model/registry/container.yaml index 0755d078af..6909fe4ecb 100644 --- a/model/registry/container.yaml +++ b/model/registry/container.yaml @@ -1,7 +1,7 @@ groups: - id: registry.container prefix: container - type: resource + type: attribute_group brief: > A container instance. attributes: diff --git a/model/registry/oci.yaml b/model/registry/oci.yaml index 45e2838796..24e0cb93f2 100644 --- a/model/registry/oci.yaml +++ b/model/registry/oci.yaml @@ -1,7 +1,7 @@ groups: - id: registry.oci.manifest prefix: oci.manifest - type: resource + type: attribute_group brief: > An OCI image manifest. attributes: