Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Moved container attributes to the registry #417

Merged
merged 14 commits into from
Oct 27, 2023
1 change: 1 addition & 0 deletions docs/attributes-registry/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,6 @@ Currently, the following namespaces exist:

* [HTTP](http.md)
* [URL](url.md)
* [Container](container.md)
AlexanderWert marked this conversation as resolved.
Show resolved Hide resolved

[developers recommendations]: https://github.com/open-telemetry/opentelemetry-specification/tree/v1.26.0/specification/common/attribute-naming.md#recommendations-for-application-developers
45 changes: 45 additions & 0 deletions docs/attributes-registry/container.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
<!--- Hugo front matter used to generate the website version of this page:
--->

# Container

## Container Attributes

<!-- semconv registry.container(omit_requirement_level) -->
| Attribute | Type | Description | Examples |
|---|---|---|---|
| `container.command` | string | The command used to run the container (i.e. the command name). [1] | `otelcontribcol` |
| `container.command_args` | string[] | All the command arguments (including the command/executable itself) run by the container. [2] | `[otelcontribcol, --config, config.yaml]` |
| `container.command_line` | string | The full command run by the container as a single string representing the full command. [2] | `otelcontribcol --config config.yaml` |
| `container.id` | string | Container ID. Usually a UUID, as for example used to [identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification). The UUID might be abbreviated. | `a3bf90e006b2` |
| `container.image.id` | string | Runtime specific image identifier. Usually a hash algorithm followed by a UUID. [2] | `sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f` |
| `container.image.name` | string | Name of the image the container was built on. | `gcr.io/opentelemetry/operator` |
| `container.image.repo_digests` | string[] | Repo digests of the container image as provided by the container runtime. [3] | `[example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb, internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578]` |
| `container.image.tags` | string[] | Container image tags. An example can be found in [Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect). Should be only the `<tag>` section of the full name for example from `registry.example.com/my-org/my-image:<tag>`. | `[v1.27.1, 3.5.7-0]` |
| `container.labels.<key>` | string | Container labels, `<key>` being the label name, the value being the label value. | `container.labels.app=nginx` |
| `container.name` | string | Container name used by container runtime. | `opentelemetry-autoconf` |
| `container.runtime` | string | The container runtime managing this container. | `docker`; `containerd`; `rkt` |

**[1]:** If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage.

**[2]:** Docker defines a sha256 of the image id; `container.image.id` corresponds to the `Image` field from the Docker container inspect [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect) endpoint.
K8s defines a link to the container registry repository with digest `"imageID": "registry.azurecr.io /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`.
The ID is assinged by the container runtime and can vary in different environments. Consider using `oci.manifest.digest` if it is important to identify the same image in different environments/runtimes.

**[3]:** [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238) report those under the `RepoDigests` field.
<!-- endsemconv -->

## Open Container Initiative (OCI)
AlexanderWert marked this conversation as resolved.
Show resolved Hide resolved

The [Open Container Initiative](https://opencontainers.org/) defines open industry standards around container formats and runtimes.

### OCI Image Manifest

<!-- semconv registry.oci.manifest(omit_requirement_level) -->
| Attribute | Type | Description | Examples |
|---|---|---|---|
| `oci.manifest.digest` | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` |

**[1]:** Follows [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), and specifically the [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests).
An example can be found in [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest).
<!-- endsemconv -->
24 changes: 12 additions & 12 deletions docs/resource/container.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,17 @@
<!-- semconv container -->
| Attribute | Type | Description | Examples | Requirement Level |
|---|---|---|---|---|
| `container.command` | string | The command used to run the container (i.e. the command name). [1] | `otelcontribcol` | Opt-In |
| `container.command_args` | string[] | All the command arguments (including the command/executable itself) run by the container. [2] | `[otelcontribcol, --config, config.yaml]` | Opt-In |
| `container.command_line` | string | The full command run by the container as a single string representing the full command. [2] | `otelcontribcol --config config.yaml` | Opt-In |
| `container.id` | string | Container ID. Usually a UUID, as for example used to [identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification). The UUID might be abbreviated. | `a3bf90e006b2` | Recommended |
joaopgrassi marked this conversation as resolved.
Show resolved Hide resolved
| `container.image.id` | string | Runtime specific image identifier. Usually a hash algorithm followed by a UUID. [2] | `sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f` | Recommended |
| `container.image.name` | string | Name of the image the container was built on. | `gcr.io/opentelemetry/operator` | Recommended |
| `container.image.repo_digests` | string[] | Repo digests of the container image as provided by the container runtime. [3] | `[example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb, internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578]` | Recommended |
| `container.image.tags` | string[] | Container image tags. An example can be found in [Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect). Should be only the `<tag>` section of the full name for example from `registry.example.com/my-org/my-image:<tag>`. | `[v1.27.1, 3.5.7-0]` | Recommended |
| `container.labels.<key>` | string | Container labels, `<key>` being the label name, the value being the label value. | `container.labels.app=nginx` | Recommended |
| `container.name` | string | Container name used by container runtime. | `opentelemetry-autoconf` | Recommended |
| `container.runtime` | string | The container runtime managing this container. | `docker`; `containerd`; `rkt` | Recommended |
| [`container.command`](../attributes-registry/container.md) | string | The command used to run the container (i.e. the command name). [1] | `otelcontribcol` | Opt-In |
| [`container.command_args`](../attributes-registry/container.md) | string[] | All the command arguments (including the command/executable itself) run by the container. [2] | `[otelcontribcol, --config, config.yaml]` | Opt-In |
| [`container.command_line`](../attributes-registry/container.md) | string | The full command run by the container as a single string representing the full command. [2] | `otelcontribcol --config config.yaml` | Opt-In |
| [`container.id`](../attributes-registry/container.md) | string | Container ID. Usually a UUID, as for example used to [identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification). The UUID might be abbreviated. | `a3bf90e006b2` | Recommended |
| [`container.image.id`](../attributes-registry/container.md) | string | Runtime specific image identifier. Usually a hash algorithm followed by a UUID. [2] | `sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f` | Recommended |
| [`container.image.name`](../attributes-registry/container.md) | string | Name of the image the container was built on. | `gcr.io/opentelemetry/operator` | Recommended |
| [`container.image.repo_digests`](../attributes-registry/container.md) | string[] | Repo digests of the container image as provided by the container runtime. [3] | `[example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb, internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578]` | Recommended |
| [`container.image.tags`](../attributes-registry/container.md) | string[] | Container image tags. An example can be found in [Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect). Should be only the `<tag>` section of the full name for example from `registry.example.com/my-org/my-image:<tag>`. | `[v1.27.1, 3.5.7-0]` | Recommended |
| [`container.labels.<key>`](../attributes-registry/container.md) | string | Container labels, `<key>` being the label name, the value being the label value. | `container.labels.app=nginx` | Recommended |
| [`container.name`](../attributes-registry/container.md) | string | Container name used by container runtime. | `opentelemetry-autoconf` | Recommended |
| [`container.runtime`](../attributes-registry/container.md) | string | The container runtime managing this container. | `docker`; `containerd`; `rkt` | Recommended |

**[1]:** If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage.

Expand Down Expand Up @@ -48,7 +48,7 @@ that defines an OCI Image manifest.
<!-- semconv oci.manifest -->
| Attribute | Type | Description | Examples | Requirement Level |
|---|---|---|---|---|
| `oci.manifest.digest` | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | Recommended |
| [`oci.manifest.digest`](../attributes-registry/container.md) | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | Recommended |

**[1]:** Follows [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), and specifically the [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests).
An example can be found in [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest).
Expand Down
86 changes: 86 additions & 0 deletions model/registry/container.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
groups:
- id: registry.container
prefix: container
type: resource
brief: >
A container instance.
attributes:
- id: name
type: string
brief: >
Container name used by container runtime.
examples: ['opentelemetry-autoconf']
- id: id
type: string
brief: >
Container ID. Usually a UUID, as for example used to
[identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification).
The UUID might be abbreviated.
examples: ['a3bf90e006b2']
- id: runtime
type: string
brief: >
The container runtime managing this container.
examples: ['docker', 'containerd', 'rkt']
- id: image.name
type: string
brief: >
Name of the image the container was built on.
examples: ['gcr.io/opentelemetry/operator']
- id: image.tags
type: string[]
brief: >
Container image tags. An example can be found in
[Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect).
Should be only the `<tag>` section of the full name for example
from `registry.example.com/my-org/my-image:<tag>`.
examples: ['v1.27.1', '3.5.7-0']
- id: image.id
type: string
brief: >
Runtime specific image identifier. Usually a hash algorithm followed by a UUID.
note: >
Docker defines a sha256 of the image id; `container.image.id` corresponds to the `Image` field from the Docker
container inspect [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect)
endpoint.

K8s defines a link to the container registry repository with digest `"imageID": "registry.azurecr.io
/namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`.

The ID is assinged by the container runtime and can vary in different environments.
Consider using `oci.manifest.digest` if it is important to identify the same
image in different environments/runtimes.
examples: ['sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f']
- id: image.repo_digests
type: string[]
brief: >
Repo digests of the container image as provided by the container runtime.
note: >
[Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and
[CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238)
report those under the `RepoDigests` field.
examples:
- 'example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb'
- 'internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578'
- id: command
type: string
note: >
If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage.
brief: >
The command used to run the container (i.e. the command name).
examples: [ 'otelcontribcol' ]
- id: command_line
type: string
brief: >
The full command run by the container as a single string representing the full command. [2]
examples: [ 'otelcontribcol --config config.yaml' ]
- id: command_args
type: string[]
brief: >
All the command arguments (including the command/executable itself) run by the container. [2]
examples: [ 'otelcontribcol, --config, config.yaml' ]
- id: labels
type: template[string]
brief: >
Container labels, `<key>` being the label name, the value being the label value.
examples: [ 'container.labels.app=nginx' ]
21 changes: 21 additions & 0 deletions model/registry/oci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
groups:
- id: registry.oci.manifest
prefix: oci.manifest
type: resource
brief: >
An OCI image manifest.
attributes:
- id: digest
type: string
brief: >
The digest of the OCI image manifest. For container images specifically is the
digest by which the container image is known.
note: >
Follows
[OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md),
and specifically the
[Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests).

An example can be found in
[Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest).
examples: [ 'sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4' ]
90 changes: 11 additions & 79 deletions model/resource/container.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,85 +5,17 @@ groups:
brief: >
A container instance.
attributes:
- id: name
type: string
brief: >
Container name used by container runtime.
examples: ['opentelemetry-autoconf']
- id: id
type: string
brief: >
Container ID. Usually a UUID, as for example used to
[identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification).
The UUID might be abbreviated.
examples: ['a3bf90e006b2']
- id: runtime
type: string
brief: >
The container runtime managing this container.
examples: ['docker', 'containerd', 'rkt']
- id: image.name
type: string
brief: >
Name of the image the container was built on.
examples: ['gcr.io/opentelemetry/operator']
- id: image.tags
type: string[]
brief: >
Container image tags. An example can be found in
[Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect).
Should be only the `<tag>` section of the full name for example
from `registry.example.com/my-org/my-image:<tag>`.
examples: ['v1.27.1', '3.5.7-0']
- id: image.id
type: string
brief: >
Runtime specific image identifier. Usually a hash algorithm followed by a UUID.
note: >
Docker defines a sha256 of the image id; `container.image.id` corresponds to the `Image` field from the Docker
container inspect [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect)
endpoint.

K8s defines a link to the container registry repository with digest `"imageID": "registry.azurecr.io
/namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`.

The ID is assinged by the container runtime and can vary in different environments.
Consider using `oci.manifest.digest` if it is important to identify the same
image in different environments/runtimes.
examples: ['sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f']
- id: image.repo_digests
type: string[]
brief: >
Repo digests of the container image as provided by the container runtime.
note: >
[Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and
[CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238)
report those under the `RepoDigests` field.
examples:
- 'example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb'
- 'internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578'
- id: command
type: string
- ref: container.name
- ref: container.id
- ref: container.runtime
- ref: container.image.name
- ref: container.image.tags
- ref: container.image.id
- ref: container.image.repo_digests
- ref: container.command
AlexanderWert marked this conversation as resolved.
Show resolved Hide resolved
requirement_level: opt_in
note: >
If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage.
brief: >
The command used to run the container (i.e. the command name).
examples: [ 'otelcontribcol' ]
- id: command_line
type: string
- ref: container.command_line
requirement_level: opt_in
brief: >
The full command run by the container as a single string representing the full command. [2]
examples: [ 'otelcontribcol --config config.yaml' ]
- id: command_args
type: string[]
- ref: container.command_args
requirement_level: opt_in
brief: >
All the command arguments (including the command/executable itself) run by the container. [2]
examples: [ 'otelcontribcol, --config, config.yaml' ]
- id: labels
type: template[string]
brief: >
Container labels, `<key>` being the label name, the value being the label value.
examples: [ 'container.labels.app=nginx' ]
- ref: container.labels
Loading
Loading