patterns and antipatterns in docker image lifecycle as was presented at scale 15x
Post on 12-Apr-2017
199 Views
Preview:
TRANSCRIPT
This slide was intentionally left blank
whoami
Baruch Sadogursky, JFrog Developer Advocate, @jbaruch
Show notes!• http://jfrog.com/shownotes– Video– Slides– Links– Feedback– Raffle! (come early)
JFrog Xray
Poll Time!
Poll Time!üHeard about DockerüCan do the tutorialüPoCing, playing etc.üProduction, baby!
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
JFrog Artifactory + Docker
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
Who’s using Docker and nothing else?
The Promotion Pyramid
Developmentbuilds
Dev Integrationtests
Integr.tests
StagingPre-ProdProd
Amountofbuilds
Build/Dep
loytim
e
Amountofbinaries
Pipeline: Quality Gates and Visibility
Source:AgileALM,MichaelHüttermann,ManningPublicationsCo.
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
$docker build
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
Too easy!
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
That’s why.
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu
RUN apt-get install -y software-properties-common pythonRUN apt-get install -y nodejsRUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
Latestversion
Latestversion
Latestversion
Latestversion
That’s why.
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:14.04
RUN apt-get install -y software-properties-common pythonRUN apt-get install -y nodejsRUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
Betternow?
That’s why.
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN apt-get install -y software-properties-common pythonRUN apt-get install -y nodejsRUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
Andnow?
That’s why.
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN apt-get install -y software-properties-common pythonRUN apt-get install -y nodejsRUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
Andnow?Whataboutthose?
That’s why.
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN mvn clean install
CMD ”java –jar Main.class"
Whataboutthis?
That’s why.
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN download_random_sh*t_from_the_internet.sh
CMD ["/usr/bin/node", "/var/www/app.js"]
Andhowaboutthis?
That’s why you don’t trust Docker
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
Traditional Server Pattern
http://martinfowler.com/bliki/ImmutableServer.html
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
Immutable Server Pattern
http://martinfowler.com/bliki/ImmutableServer.html
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
What’s up with the gates?!
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
What’s up with the gates?!
What’s up with the gates?!
- QA shouldn’t test dev images
What’s up with the gates?!
- QA shouldn’t test dev images- non-tested images shouldn't be
staged
What’s up with the gates?!
- QA shouldn’t test dev images- non-tested images shouldn't be
staged- non-staged, non-tested or dev
images shouldn’t end up in production!!!
Not so fast…
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
Trumped-up limitations
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
The Anatomy of Docker Tag
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
Waitasecond,howcanIhavemorethanone
repositoryperhostnow?!
How can we support this?
https://host:8081/artifactory/docker-dev/busybox
https://host:8081/artifactory/docker-staging/busybox
https://host:8081/artifactory/docker-qa/busybox
https://host:8081/artifactory/docker-prod/busybox
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
“ONE REGISTRY PER HOST OUGHT TO BE ENOUGH FOR ANYBODY.”
Panic!
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
Virtual hosts/ports to the rescue
Registryhost Tagname
docker tag host:port/busybox
Virtual hosts/ports to the rescue
https://host:port/v2/busybox
Registryhost Tagname
docker tag host:port/busybox
Virtual hosts/ports to the rescue
https://host:8081/artifactory/docker-dev/busybox
Virtualrepositoryname Tagname
https://host:port/v2/busybox
Contextname
Registryhost Tagname
docker tag host:port/busybox
server {listen 5001;
server_name 192.168.99.100;if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;}rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-dev/$1/$2;…}
}
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
But then you realize…Waitasecond,nowIneedtopull,retagandpushfor
everystep?!
Anatomy of a container
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
Our LayersApplication:••.warfile
Framework:••JDK8+Wildfly
Base:••CentOS
Framework build
- Verified base image- Add system dependencies
from artifactory- JDK- Tomcat- Own it!
Minimal Framework build DockerfileFROM centos:7MAINTAINER you@yourorg.com
@jbaruch #devnexus http://jfrog.com/shownotes
Application build
- Framework is your base- Run a java build- Add a file to base- Done!
Application build DockerfileFROM yourorg-docker.jfrog.io/yourorg/framework:latestMAINTAINER you@yourorg.com
ADD https://yourorg.jfrog.io/yourorg/java-release-local/…/app-[RELEASE].war /opt/jboss/wildfly/standalone/deployments/app.war
Application build DockerfileFROM yourorg-docker.jfrog.io/yourorg/framework:latestMAINTAINER you@yourorg.com
ADD https://yourorg.jfrog.io/yourorg/java-release-local/…/app-[RELEASE].war /opt/jboss/wildfly/standalone/deployments/app.war
Application build DockerfileFROM yourorg-docker.jfrog.io/yourorg/framework:latestMAINTAINER you@yourorg.com
ADD https://yourorg.jfrog.io/yourorg/java-release-local/…/app-[RELEASE].war /opt/jboss/wildfly/standalone/deployments/app.war
Application build DockerfileFROM yourorg-docker.jfrog.io/yourorg/framework:latestMAINTAINER you@yourorg.com
ADD https://yourorg.jfrog.io/yourorg/java-release-local/…/app-[RELEASE].war /opt/jboss/wildfly/standalone/deployments/app.war
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
FrameworkPipeline
ApplicationPipeline
FrameworkPipeline
ApplicationPipeline
FrameworkPipeline
ApplicationPipeline
@JBARUCH #SCALE15X HTTP://JFROG.COM/SHOWNOTES
HIGH QUALITY(software and information) SPEED LOW COST
(automation)
Fast releases > Modular > Automation
Conclusions: Release Fast or Die!
Q&A and Links• @jbaruch• #scale15x• http://jfrog.com/shownotes– Video– Slides– Links– Feedback– Raffle! (come early)
top related