Patterns and antipatterns in Docker image lifecycle @ Codemash 2017

This slide was intentionally left blank

whoami

Baruch Sadogursky, JFrog Developer Advocate, @jbaruch

JFrog Xray

Poll Time!

Poll Time!üHeard about DockerüCan do the tutorialüPoCing, playing etc.üProduction, baby!

@JBARUCH #CODEMASH HTTP://JFROG.COM/SHOWNOTES


JFrog Artifactory + Docker


Who’s using Docker and nothing else?

The Promotion Pyramid

Developmentbuilds

Dev Integrationtests

Integr.tests

StagingPre-ProdProd

Amountofbuilds

Build/Dep

loytim

e

Amountofbinaries

Pipeline: Quality Gates and Visibility

Source:AgileALM,MichaelHüttermann,ManningPublicationsCo.


$docker build


Too easy!


That’s why.


Let’s fix it!


Let’s fix it (again)!


Let’s fix it (again)!


That’s why you don’t trust Docker


Traditional Server Pattern

http://martinfowler.com/bliki/ImmutableServer.html


Immutable Server Pattern

http://martinfowler.com/bliki/ImmutableServer.html


What’s up with the gates?!




- QA shouldn’t test dev images


- QA shouldn’t test dev images- non-tested images shouldn't be

staged


- QA shouldn’t test dev images- non-tested images shouldn't be

staged- non-staged, non-tested or dev

images shouldn’t end up in production!!!

Not so fast…


Trumped-up limitations


The Anatomy of Docker Tag


Waitasecond,howcanIhavemorethanone

repositoryperhostnow?!

How can we support this?

https://host:8081/artifactory/docker-dev/busybox

https://host:8081/artifactory/docker-staging/busybox

https://host:8081/artifactory/docker-qa/busybox

https://host:8081/artifactory/docker-prod/busybox


“ONE REGISTRY PER HOST OUGHT TO BE ENOUGH FOR ANYBODY.”

Panic!


Virtual hosts/ports to the rescue

https://host:8081/artifactory/docker-dev/busybox

Contextname

VirtualrepositorynameTagname

https://host:port/v2/busybox

server {listen 5001;

server_name 192.168.99.100;if ($http_x_forwarded_proto = '') {

set $http_x_forwarded_proto $scheme;}rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-dev/$1/$2;…}

}


But then you realize…Waitasecond,nowIneedtopull,retagandpushfor

everystep?!

Anatomy of a container


Our LayersApplication:••.warfile

Framework:••JDK8+Tomcat

Base:••ubuntu-trusty

Framework build

- Verified base image- Add system dependencies

from artifactory- JDK- Tomcat- Own it!

Minimal Framework build DockerfileFROM ubuntu:14.04MAINTAINER [email protected]


Application build

- Framework is your base- Run a java build- Add a file to base- Done!

Application build DockerfileFROM yourorg-docker.jfrog.io/myorg/framework:latestMAINTAINER [email protected]

ADD https://yourorg.jfrog.io/jbaruch/java-release-local/…/app-[RELEASE].war /var/lib/tomcat7/webapps/app.war









FrameworkPipeline

ApplicationPipeline

FrameworkPipeline

ApplicationPipeline

FrameworkPipeline

ApplicationPipeline


HIGH QUALITY(software and information) SPEED LOW COST

(automation)

Fast releases > Modular > Automation

Conclusions: Release Fast or Die!

Q&A and Links• @jbaruch• #codemash• http://jfrog.com/shownotes– Video– Slides– Links– Feedback– Raffle! (come early)

Technology

Patterns and antipatterns in Docker image lifecycle @ Codemash 2017