While Docker has enabled an unprecedented velocity of software production, it is all too easy to spin out of control. A promotion-based model is required to control and track the flow of Docker images as much as it is required for a traditional software development lifecycle. New tools often introduce new paradigms. We will examine the patterns and the antipatterns for Docker image management, and what impact the new tools have on the battle-proven paradigms of the software development lifecycle.
18. Let’s docker build in every env!
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES
20. That’s why.
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
Latest version
Latest version
Latest version
Latest version
21. That’s why.
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:14.04
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
Better now?
22. That’s why.
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
And now?
23. That’s why.
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
And now?What about those?
24. That’s why.
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN mvn clean install
CMD ”java –jar Main.class"
What about this?
25. That’s why.
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN download_random_sh*t_from_the_internet.sh
CMD ["/usr/bin/node", "/var/www/app.js"]
And how about this?
26. That’s why you don’t trust Docker
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES
34. What’s up with the gates?!
- QA shouldn’t test dev images
35. What’s up with the gates?!
- QA shouldn’t test dev images
- non-tested images shouldn't be
staged
36. What’s up with the gates?!
- QA shouldn’t test dev images
- non-tested images shouldn't be
staged
- non-staged, non-tested or dev
images shouldn’t end up in
production!!!
41. How can we support this?
https://host:8081/artifactory/docker-dev/busybox
https://host:8081/artifactory/docker-staging/busybox
https://host:8081/artifactory/docker-qa/busybox
https://host:8081/artifactory/docker-prod/busybox
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES
45. Virtual hosts/ports to the rescue
https://host:port/v2/busybox
Registry host Tag name
docker tag host:port/busybox
46. Virtual hosts/ports to the rescue
https://host:8081/artifactory/docker-dev/busybox
Virtual repository name Tag name
https://host:port/v2/busybox
Context name
Registry host Tag name
docker tag host:port/busybox
47. server {
listen 5001;
server_name 192.168.99.100;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-dev/$1/$2;
…
}
}
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES
48. But then you realize…
Wait a second, now I need
to pull, retag and push for
every step?!
51. Anatomy of a container
@JBARUCH #GSWAC HTTP://JFROG.COM/SHOWNOTES