patterns and antipatterns in docker image lifecycle as was presented at scale 15x

This slide was intentionally left blank

whoami

Baruch Sadogursky, JFrog Developer Advocate, @jbaruch

Show notes!• http://jfrog.com/shownotes– Video– Slides– Links– Feedback– Raffle! (come early)

JFrog Xray

Poll Time!

Poll Time!üHeard about DockerüCan do the tutorialüPoCing, playing etc.üProduction, baby!

@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES

JFrog Artifactory + Docker


Who’s using Docker and nothing else?

The Promotion Pyramid

Developmentbuilds

Dev Integrationtests

Integr.tests

StagingPre-ProdProd

Amountofbuilds

Build/Dep

loytim

e

Amountofbinaries

Pipeline: Quality Gates and Visibility

Source:AgileALM,MichaelHüttermann,ManningPublicationsCo.


$docker build


Too easy!


That’s why.


FROM ubuntu

RUN apt-get install -y software-properties-common pythonRUN apt-get install -y nodejsRUN mkdir /var/www

ADD app.js /var/www/app.js

CMD ["/usr/bin/node", "/var/www/app.js"]

Latestversion

Latestversion

Latestversion

Latestversion

That’s why.


FROM ubuntu:14.04




Betternow?

That’s why.


FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98




Andnow?

That’s why.






Andnow?Whataboutthose?

That’s why.



RUN mvn clean install

CMD ”java –jar Main.class"

Whataboutthis?

That’s why.



RUN download_random_sh*t_from_the_internet.sh


Andhowaboutthis?

That’s why you don’t trust Docker


Traditional Server Pattern

http://martinfowler.com/bliki/ImmutableServer.html


Immutable Server Pattern

http://martinfowler.com/bliki/ImmutableServer.html


What’s up with the gates?!


- QA shouldn’t test dev images


- QA shouldn’t test dev images- non-tested images shouldn't be

staged


- QA shouldn’t test dev images- non-tested images shouldn't be

staged- non-staged, non-tested or dev

images shouldn’t end up in production!!!

Not so fast…


Trumped-up limitations


The Anatomy of Docker Tag


Waitasecond,howcanIhavemorethanone

repositoryperhostnow?!

How can we support this?

https://host:8081/artifactory/docker-dev/busybox

https://host:8081/artifactory/docker-staging/busybox

https://host:8081/artifactory/docker-qa/busybox

https://host:8081/artifactory/docker-prod/busybox


“ONE REGISTRY PER HOST OUGHT TO BE ENOUGH FOR ANYBODY.”

Panic!


Virtual hosts/ports to the rescue

Registryhost Tagname

docker tag host:port/busybox


https://host:port/v2/busybox




https://host:8081/artifactory/docker-dev/busybox

Virtualrepositoryname Tagname

https://host:port/v2/busybox

Contextname



server {listen 5001;

server_name 192.168.99.100;if ($http_x_forwarded_proto = '') {

set $http_x_forwarded_proto $scheme;}rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-dev/$1/$2;…}

}


But then you realize…Waitasecond,nowIneedtopull,retagandpushfor

everystep?!

Anatomy of a container


Our LayersApplication:••.warfile

Framework:••JDK8+Wildfly

Base:••CentOS

Framework build

- Verified base image- Add system dependencies

from artifactory- JDK- Tomcat- Own it!

Minimal Framework build DockerfileFROM centos:7MAINTAINER [email protected]

@jbaruch #devnexus http://jfrog.com/shownotes

Application build

- Framework is your base- Run a java build- Add a file to base- Done!

Application build DockerfileFROM yourorg-docker.jfrog.io/yourorg/framework:latestMAINTAINER [email protected]

ADD https://yourorg.jfrog.io/yourorg/java-release-local/…/app-[RELEASE].war /opt/jboss/wildfly/standalone/deployments/app.war

FrameworkPipeline

ApplicationPipeline

HIGH QUALITY(software and information) SPEED LOW COST

(automation)

Fast releases > Modular > Automation

Conclusions: Release Fast or Die!

Q&A and Links• @jbaruch• #scale15x• http://jfrog.com/shownotes– Video– Slides– Links– Feedback– Raffle! (come early)

patterns and antipatterns in docker image lifecycle as was presented at scale 15x

Travel