Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add oci.manifest.digest, container.image.repo_digests and make container.image.tag array #159

Merged
merged 22 commits into from
Sep 11, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ release.
- Update `.count` metric naming convention so that it only applies to UpDownCounters,
and add that `.total` should not be used by either Counters or UpDownCounters
([#107](https://github.com/open-telemetry/semantic-conventions/pull/107))
- Add `oci.manifest.digest`, `container.image.repo_digests` attributes. Make `container.image.tag` array and in plural form.
([#159](https://github.com/open-telemetry/semantic-conventions/pull/159))
- BREAKING: Rename `http.client.duration` and `http.server.duration` metrics to
`http.client.request.duration` and `http.server.request.duration` respectively.
([#224](https://github.com/open-telemetry/semantic-conventions/pull/224))
Expand Down
35 changes: 31 additions & 4 deletions docs/resource/container.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,44 @@
| `container.id` | string | Container ID. Usually a UUID, as for example used to [identify Docker containers](https://docs.docker.com/engine/reference/run/#container-identification). The UUID might be abbreviated. | `a3bf90e006b2` | Recommended |
| `container.runtime` | string | The container runtime managing this container. | `docker`; `containerd`; `rkt` | Recommended |
| `container.image.name` | string | Name of the image the container was built on. | `gcr.io/opentelemetry/operator` | Recommended |
| `container.image.tag` | string | Container image tag. | `0.1` | Recommended |
| `container.image.tags` | string[] | Container image tags. An example can be found in [Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect). Should be only the `<tag>` section of the full name for example from `registry.example.com/my-org/my-image:<tag>`. | `[v1.27.1, 3.5.7-0]` | Recommended |
| `container.image.id` | string | Runtime specific image identifier. Usually a hash algorithm followed by a UUID. [1] | `sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f` | Recommended |
| `container.command` | string | The command used to run the container (i.e. the command name). [2] | `otelcontribcol` | Opt-In |
| `container.image.repo_digests` | string[] | Repo digests of the container image as provided by the container runtime. [2] | `[example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb, internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578]` | Recommended |
| `container.command` | string | The command used to run the container (i.e. the command name). [3] | `otelcontribcol` | Opt-In |
| `container.command_line` | string | The full command run by the container as a single string representing the full command. [2] | `otelcontribcol --config config.yaml` | Opt-In |
| `container.command_args` | string[] | All the command arguments (including the command/executable itself) run by the container. [2] | `[otelcontribcol, --config, config.yaml]` | Opt-In |

**[1]:** Docker defines a sha256 of the image id; `container.image.id` corresponds to the `Image` field from the Docker container inspect [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect) endpoint.
K8s defines a link to the container registry repository with digest `"imageID": "registry.azurecr.io /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`.
OCI defines a digest of manifest.
The ID is assinged by the container runtime and can vary in different environments. Consider using `oci.manifest.digest` if it is important to identify the same image in different environments/runtimes.

**[2]:** If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage.
**[2]:** [Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and [CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238) report those under the `RepoDigests` field.

**[3]:** If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage.
<!-- endsemconv -->

## Open Container Initiative (OCI)

The [Open Container Initiative](https://opencontainers.org/) defines open industry standards around container formats and runtimes.

### OCI Image Manifest

This section refers to the [specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md)
that defines an OCI Image manifest.

**Status**: [Experimental][DocumentStatus]

**type:** `oci`

**Description:** Attributes of an OCI image manifest.

<!-- semconv oci.manifest -->
| Attribute | Type | Description | Examples | Requirement Level |
|---|---|---|---|---|
| `oci.manifest.digest` | string | The digest of the OCI image manifest. For container images specifically is the digest by which the container image is known. [1] | `sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4` | Recommended |

**[1]:** Follows [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md), and specifically the [Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests).
An example can be found in [Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest).
<!-- endsemconv -->

[DocumentStatus]: https://github.com/open-telemetry/opentelemetry-specification/tree/v1.22.0/specification/document-status.md
26 changes: 21 additions & 5 deletions model/resource/container.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,14 @@ groups:
brief: >
Name of the image the container was built on.
examples: ['gcr.io/opentelemetry/operator']
- id: image.tag
type: string
- id: image.tags
type: string[]
brief: >
Container image tag.
examples: ['0.1']
Container image tags. An example can be found in
[Docker Image Inspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect).
Should be only the `<tag>` section of the full name for example
from `registry.example.com/my-org/my-image:<tag>`.
examples: ['v1.27.1', '3.5.7-0']
- id: image.id
type: string
brief: >
Expand All @@ -44,8 +47,21 @@ groups:
K8s defines a link to the container registry repository with digest `"imageID": "registry.azurecr.io
/namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`.

OCI defines a digest of manifest.
The ID is assinged by the container runtime and can vary in different environments.
Consider using `oci.manifest.digest` if it is important to identify the same
image in different environments/runtimes.
examples: ['sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f']
- id: image.repo_digests
type: string[]
brief: >
Repo digests of the container image as provided by the container runtime.
note: >
[Docker](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) and
[CRI](https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238)
report those under the `RepoDigests` field.
examples:
- 'example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb'
- 'internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578'
- id: command
type: string
requirement_level: opt_in
Expand Down
21 changes: 21 additions & 0 deletions model/resource/oci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
groups:
- id: oci.manifest
prefix: oci.manifest
type: resource
brief: >
An OCI image manifest.
attributes:
- id: digest
type: string
brief: >
The digest of the OCI image manifest. For container images specifically is the
digest by which the container image is known.
note: >
Follows
[OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/main/manifest.md),
and specifically the
[Digest property](https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests).

An example can be found in
[Example Image Manifest](https://docs.docker.com/registry/spec/manifest-v2-2/#example-image-manifest).
examples: [ 'sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4' ]