Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Building, Running, Patching Docker Containers – The Paradigm Shift

Containers are a way to wrap up an application into its own isolated box. This isolation empowers Developers and IT Operations to collaborate effectively as they have clear boundaries of configuration and execution. Come learn how adopting a container workflow and lifecycle management empowers change and stability from the first release. As a developer, you’ll see testing your build pipeline, before you commit your code and how the build pipeline is used for OS & Framework patching during and after active development. Come see how containers are a paradigm shift to a modern DevOps workflow, that will take some change, but empowers your company to new levels of collaboration. Also learn how to use Azure Container Registry (ACR) build to simplify container development and building by easily storing and managing container images for Azure deployments in a central registry

  • Be the first to comment

Building, Running, Patching Docker Containers – The Paradigm Shift

  1. 1. Shipping Manifest
  2. 2. ACR Build ACR Geo-replicated East US West Europe /Demo quotes-api web queue-worker queue- worker web quotes -api web queue- worker quotes -api queue- worker web quotes -api web queue- worker quotes -api Docker Hub MCR ACR Registries
  3. 3. docker build –t web:1 docker build –t quotes:1 docker build –t important:1 docker push web:1 docker push quotes:1 docker push important:1 HOST-A web:1 digest: 91e important:1 digest: 2re web:1 digest: 91e quotes:1 digest: u82 web:1 digest: 91e important:1 digest: 2re HOST-B quotes:1 digest: u82 important:1 digest: 2re quotes:1 digest: u82 important:1 digest: 2re HOST-C important:1 digest: 2re quotes:1 digest: u82 important:1 digest: 2re quotes:1 digest: u82 Image Cache Image Cache Image Cacheimportant:1 digest: 2re quotes:1 digest: u82 web:1 digest: 91e Image web:1 quotes:1 important:1 Digests 91e u82 2re 1 2 3 4 5 67important:1 digest: 2re quotes:1 digest: u82 web:1 digest: 91e quotes:1 digest: u82 important:1 digest: 2re quotes:1 digest: u82 important:1 digest: 2re 8
  4. 4. Inner-Loop Build/CI, Integrate, Test Production environments Run, Manage Container Service Service Fabric App Services Code Run Validate Debug CD, Deploy Source Code Control (SCC) Monitor and Diagnose Container Instances Azure Functions IoT Azure Batch
  5. 5. microsoft/aspnetcore-build COPY .sln COPY .csproj nuget restore copy source dotnet build publish dotnet publish microsoft/aspnetcore final COPY --from=publish /app ENTRYPOINT ["dotnet", "HelloWorld.dll"] FROM microsoft/aspnetcore:2.0 AS base WORKDIR /app FROM microsoft/aspnetcore-build:2.0 AS build WORKDIR /src COPY HelloWorld.sln ./ COPY HelloWorld/HelloWorld.csproj HelloWorld/ RUN dotnet restore -nowarn:msb3202,nu1503 COPY . . WORKDIR /src/HelloWorld RUN dotnet build -c Release -o /app FROM build AS publish RUN dotnet publish -c Release -o /app FROM base AS final WORKDIR /app COPY --from=publish /app . ENTRYPOINT ["dotnet", "HelloWorld.dll"]
  6. 6. web:1 web:1web:1web:1web:1web:1 docker build –t web:1 docker push web:1 Integration Staging Prod-Marketing Prod-Finance Prod-Mfr Web:1 Web:1 Web:1 Web:1Web:1
  7. 7. Contoso – Build Pool Northwind – Build Pool Build, Integrate, Test Hosted Build Agent Pool
  8. 8. Build, Integrate, Test Hosted Build Agent Pool
  9. 9. aka.ms/acr/build
  10. 10. Inner-Loop Build/CI, Integrate, Test Production environments Run, Manage Container Service Service Fabric App Services Code Run Validate Debug CD, Deploy Source Code Control (SCC) Monitor and Diagnose Container Instances Azure Functions IoT Azure Batch
  11. 11. Container Service Service Fabric App Services Container Instances Azure Functions IoT Azure Batch Source Code Control (SCC) .NET Inner-Loop Build/CI, Integrate, Test Code Run Validate Debug CD, Deploy Azure Container Registry Azure Container Registry ACR Build Docker Hub Host agents monitor, protect and report running containers Image Security Scanning Secure by default Upon release, set released flag in ACR (ACR-Auto-purge policies) 18 2 7 3 4 5 Microsoft Container Registry 6 * Work in progress Base Image Index
  12. 12. Docker Hub MCR ACR Registries SCC Providers ACR Build Azure Container Registry Build Triggers aka.ms/acr/build
  13. 13. FROM microsoft/aspnetcore-build:2.0 AS builder ARG BuildConfiguration=Release WORKDIR /src COPY *.sln ./ COPY Web/Web.csproj Web/ RUN dotnet restore COPY . . WORKDIR /src/Web RUN dotnet build -c $BuildConfiguration -o /app FROM builder AS publish ARG BuildConfiguration=Release RUN dotnet publish -c $BuildConfiguration -o /app FROM microsoft/aspnetcore:2.0 AS base WORKDIR /app EXPOSE 80 FROM base AS production WORKDIR /app COPY --from=publish /app . ENTRYPOINT ["dotnet", "Web.dll"] FROM microsoft/aspnetcore-build:2.0 AS builder ARG BuildConfiguration=Release WORKDIR /src COPY *.sln ./ COPY Web/Web.csproj Web/ RUN dotnet restore COPY . . WORKDIR /src/Web RUN dotnet build -c $BuildConfiguration -o /app FROM builder AS test WORKDIR /src/Web.test RUN dotnet test FROM builder AS publish ARG BuildConfiguration=Release RUN dotnet publish -c $BuildConfiguration -o /app FROM microsoft/aspnetcore:2.0 AS base WORKDIR /app EXPOSE 80 FROM base AS production WORKDIR /app COPY --from=publish /app . ENTRYPOINT ["dotnet", "Web.dll"]
  14. 14. FROM microsoft/aspnetcore:2.0 AS base WORKDIR /app EXPOSE 80 FROM microsoft/aspnetcore-build:2.0 AS builder ARG BuildConfiguration=Release WORKDIR /src COPY *.sln ./ COPY Web/Web.csproj Web/ RUN dotnet restore COPY . . WORKDIR /src/Web RUN dotnet build -c $BuildConfiguration -o /app FROM builder AS test WORKDIR /src/Web.test RUN dotnet test FROM builder AS publish ARG BuildConfiguration=Release RUN dotnet publish -c $BuildConfiguration -o /app FROM base AS production WORKDIR /app COPY --from=publish /app . ENTRYPOINT ["dotnet", "Web.dll"] test:1 Integration Env web:1 web:1test:1 Functional Testing w/Helm & Kubernetes - Dan Garfield Codefresh.io
  15. 15. Chart.yaml Values.yaml templates webapp.yaml quotesapi.yaml secrets.yaml _helpers.tpl charts nginx-ingress-0.12.0.tgz
  16. 16. Web-Build d5ab1fa web:1web:1test:t Dockerfile FROM Commit Id Build- task Context Dependencies ACRBase Images fx:1 web:sha@lafx:1(a) deploy Functional Tests deploy/test Integration Env web:1 web:1 Staging Env fx:1fx:1 FROM jenga.azurecr.io/baseimages/fx:1 COPY . /output EXPOSE 80 ENTRYPOINT ["entryPoint"] az acr build-task create –n Web-Build –t web:${{.Build.ID}} –c github.com/demo42/web –-git-access-token $PAT –r jenga If docker build succeeds (including any unit tests), Save the context & base image dependencies web:1 test:1 Id 1 Context Dependencies d5ab1fa
  17. 17. Integration Env 2 Web-Build fx:1(a) Dockerfile FROM Commit Id Build- task Context Dependencies ACRBase Images fx:1 d5ab1fa web:sha@lafx:1(a) deploy Functional Tests deploy/testweb:1fx:1 Id 1 Context Dependencies web:sha@yafx:1(b) deploydeploy/testfx:1(b) web:2web:2test:2web:2 web:2Base image updates restore the previous context fx ships an OS &/or FX Patch, using the stable 1 tag The build-task is monitoring changes based on the last build If Build & Unit Tests Succeed, Update the base image dependencies d5ab1fa fx:1(b) web:2 test:2 Staging Env
  18. 18. fx:2(d) 2 Web-Build fx:1(a) Dockerfile FROM Commit Id Build- task Context Dependencie s ACRBase Images fx:1 d5ab1fa web:sha@lafx:1(a) deploy Functional Tests deploy/testweb:1fx:1 Id 1 Context Dependencies web:sha@yafx:1(b) deploydeploy/testfx:1(b) web:2web:2test:2web:2 d5ab1fa fx:1(b) fx:2(d) Web-Build ef26q5c fx:2 ef26q5c web:sha@qe deploydeploy/test FROM jenga.azurecr.io/baseimages/fx:2 COPY . /output EXPOSE 80 ENTRYPOINT ["entryPoint"] If docker build succeeds (including any unit tests), Save the context & base image dependencies 3 fx:1(b) Dependencies fx:2(d) Integration Env Staging Env web:2web:3 web:3 web:3web:3test:4web:3 test:3 Container OS & Framework Patching
  19. 19. (1𝑝𝑟 = 1𝑏 + 1𝑝 + 1𝑡 + 1𝑑) ∗ 𝑙𝑖𝑓𝑒 𝑜𝑓 𝑑𝑒𝑣𝑒𝑙𝑜𝑝𝑚𝑒𝑛𝑡 1𝒑𝒂𝒕𝒄𝒉 = 𝒄𝒖𝒔𝒕 ∗ 𝒂𝒑𝒑𝒔 ∗ 1𝑏 + 1𝑝 + 1𝑡 + 1𝑑 ∗ 𝒍𝒊𝒇𝒆 𝒐𝒇 𝒕𝒉𝒆 𝒂𝒑𝒑 1 Pull Request = 1 Build = 1 Push = 1 Test = 1 Deploy= 1 Scan Contoso (Returns) = 1 Build = 1 Build = 1 Build = 1 Push = 1 Push = 1 Push = 1 Test = 1 Test = 1 Test = 1 Deploy = 1 Deploy = 1 Deploy = 1 Scan = 1 Scan = 1 Scan Adventure Works = 1 Build = 1 Build = 1 Build = 1 Push = 1 Push = 1 Push = 1 Test = 1 Test = 1 Test = 1 Deploy = 1 Deploy = 1 Deploy = 1 Scan = 1 Scan = 1 Scan Fabrikam Northwind = 1 Build = 1 Build = 1 Build = 1 Push = 1 Push = 1 Push = 1 Test = 1 Test = 1 Test = 1 Deploy = 1 Deploy = 1 Deploy = 1 Scan = 1 Scan = 1 Scan Smart Hotel 360 = 1 Build = 1 Build = 1 Build = 1 Push = 1 Push = 1 Push = 1 Test = 1 Test = 1 Test = 1 Deploy = 1 Deploy = 1 Deploy = 1 Scan = 1 Scan = 1 Scan Contoso (*) = 1 Build = 1 Build = 1 Build = 1 Push = 1 Push = 1 Push = 1 Test = 1 Test = 1 Test = 1 Deploy = 1 Deploy = 1 Deploy = 1 Scan = 1 Scan = 1 Scan .NET
  20. 20. Why stable tagging can create instability
  21. 21. Digests 91e u82 2re 3rp 1n4 docker build –t web:1 docker build –t quotes:1 docker build –t important:1 docker images REPOSITORY TAG DIGEST web 1 91e quotes 1 u82 important 1 2re docker push web:1 docker push quotes:1 docker push important:1 docker build –t quotes:1 docker build –t important:1 docker images REPOSITORY TAG DIGEST quotes 1 3rp important 1 1n4 docker push quotes:1 docker push important:1 HOST-A web:1 digest: 91e important:1 digest: 2re web:1 digest: 91e quotes:1 digest: u82 web:1 digest: 91e important:1 digest: 2re HOST-B quotes:1 digest: u82 important:1 digest: 2re quotes:1 digest: u82 important:1 digest: 2re HOST-C important:1 digest: 1n4 quotes:1 digest: 3rp important:1 digest: 1n4 quotes:1 digest: 3rp Image Cache Image Cache Image Cacheimportant:1 digest: 2re quotes:1 digest: u82 web:1 digest: 91e Image web:1 quotes:1 important:1 Digests 91e u82 2re quotes & important are in inconsistent states quotes:1 digest: 3rp important:1 digest: 1n4 1 2 3 4 5quotes:1 digest: u82 important:1 digest: 2re quotes:1 digest: u82 important:1 digest: 2re important:1 digest: 1n4 quotes:1 digest: 3rp web:1 digest: 91e 6 7 89
  22. 22. Tag Digest Tag Digest :1.2 :1 :1.0 91efj6 u82lq 2re7f 1n4ef3rpn1 :1.1 5wd1k :2.1:2.0 :2 :3.0 :3 :latest :1 :1.0 91efj6 u82lq e8s1f 2re7f1n4ef :1.1 3rpn1 :1.2 :2 :latest 28efq :2.0 Tag Digest :12204 91efj6 u82lq e8s1f 2re7f1n4ef :12328 3rpn1 :35091 28efq :4201:12401 :33810 :50201 Base Images FROM … Deployed Images docker run …
  23. 23. Docker Tagging: Best practices for tagging and versioning docker images
  24. 24. aka.ms/kubernetes aka.ms/acr/brigade aka.ms/helm aka.ms/acr/build aka.ms/acr/geo-replication aka.ms/acr/presentations github.com/demo42 blogs.msdn.microsoft.com/SteveLasker SteveLas@Microsoft.com
  25. 25. BRK2115 Building, Running, Patching Docker Containers – The Paradigm Shift

×