Patterns and antipatterns in Docker image lifecycle as was presented at Oracle Code SF 2017

whoami

Baruch Sadogursky, JFrog Developer Advocate, @jbaruch

Show notes!• http://jfrog.com/shownotes– Video– Slides– Links– Feedback– Raffle! (come early)

JFrog Xray

Poll Time!

Poll Time!üHeard about DockerüCan do the tutorialüPoCing, playing etc.üProduction, baby!

@JBARUCH #ORACLECODE HTTP://JFROG.COM/SHOWNOTES

JFrog Artifactory + Docker


Who’s using Docker and nothing else?

The Promotion Pyramid

Developmentbuilds

Dev Integrationtests

Integr.tests

StagingPre-ProdProd

Amountofbuilds

Build/Dep

loytim

e

Amountofbinaries

Pipeline: Quality Gates and Visibility

Source:AgileALM,MichaelHüttermann,ManningPublicationsCo.


$docker build


Too easy!


That’s why.


Let’s fix it!


Let’s fix it (again)!


That’s why you don’t trust Docker


Traditional Server Pattern

http://martinfowler.com/bliki/ImmutableServer.html


Immutable Server Pattern

http://martinfowler.com/bliki/ImmutableServer.html


What’s up with the gates?!


- QA shouldn’t test dev images


- QA shouldn’t test dev images- non-tested images shouldn't be

staged


- QA shouldn’t test dev images- non-tested images shouldn't be

staged- non-staged, non-tested or dev

images shouldn’t end up in production!!!

Not so fast…


Trumped-up limitations


The Anatomy of Docker Tag


Waitasecond,howcanIhavemorethanone

repositoryperhostnow?!

How can we support this?

https://host:8081/artifactory/docker-dev/busybox

https://host:8081/artifactory/docker-staging/busybox

https://host:8081/artifactory/docker-qa/busybox

https://host:8081/artifactory/docker-prod/busybox


“ONE REGISTRY PER HOST OUGHT TO BE ENOUGH FOR ANYBODY.”

Panic!


Virtual hosts/ports to the rescue

https://host:8081/artifactory/docker-dev/busybox

Contextname

VirtualrepositorynameTagname

https://host:port/v2/busybox

server {listen 5001;

server_name 192.168.99.100;if ($http_x_forwarded_proto = '') {

set $http_x_forwarded_proto $scheme;}rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-dev/$1/$2;…}

}


But then you realize…Waitasecond,nowIneedtopull,retagandpushfor

everystep?!

Anatomy of a container


Our LayersApplication:••.warfile

Framework:••JDK8+Wildfly

Base:••CentOS

Framework build

- Verified base image- Add system dependencies

from artifactory- JDK- Tomcat- Own it!

Minimal Framework build DockerfileFROM centos:7MAINTAINER [email protected]

@jbaruch #devnexus http://jfrog.com/shownotes

Application build

- Framework is your base- Run a java build- Add a file to base- Done!

Application build DockerfileFROM yourorg-docker.jfrog.io/yourorg/framework:latestMAINTAINER [email protected]

ADD https://yourorg.jfrog.io/yourorg/java-release-local/…/app-[RELEASE].war /opt/jboss/wildfly/standalone/deployments/app.war

FrameworkPipeline

ApplicationPipeline

HIGH QUALITY(software and information) SPEED LOW COST

(automation)

Fast releases > Modular > Automation

Conclusions: Release Fast or Die!

Q&A and Links• @jbaruch• #oraclecode• http://jfrog.com/shownotes– Video– Slides– Links– Feedback– Raffle! (come early)

Patterns and antipatterns in Docker image lifecycle as was presented at Oracle Code SF 2017

Technology

Transcript of Patterns and antipatterns in Docker image lifecycle as was presented at Oracle Code SF 2017