whoami
Baruch Sadogursky, JFrog Developer Advocate, @jbaruch
Shownotes!
• www.jfrog.com/shownotes
– Slides
– Video (tomorrow)
– Links
– Feedback
– Raffle
Poll Time!
Poll Time!
üHeard about Docker
üCan do the tutorial
üPoCing, playing etc.
üProduction, baby!
@jbaruch #oscon www.jfrog.com/shownotes
@jbaruch #oscon www.jfrog.com/shownotes
Docker Workflow
Union File System
@jbaruch #oscon www.jfrog.com/shownotes
Image Layers - OpenJDK
@jbaruch #oscon www.jfrog.com/shownotes
Getting Started with Docker
@jbaruch #oscon www.jfrog.com/shownotes
@jbaruch #oscon www.jfrog.com/shownotes
JFrog Artifactory + Docker
@jbaruch #oscon www.jfrog.com/shownotes
Who’s using Docker and nothing else?
The Promotion Pyramid
Development	builds
Dev	Integration	tests
Integr.	tests
Staging
Pre-Prod
Prod
Amount	of	builds
Build/Deploy	time
Amount	of	
binaries
Pipeline: Quality Gates and Visibility
Source:	Agile	ALM,	Michael	Hüttermann,	Manning	Publications	Co.	
@jbaruch #oscon www.jfrog.com/shownotes
$docker build
@jbaruch #oscon www.jfrog.com/shownotes
Too easy!
@jbaruch #oscon www.jfrog.com/shownotes
That’s why.
FROM ubuntu
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
Latest	version
Latest	version
Latest	version
Latest	version
@jbaruch #oscon www.jfrog.com/shownotes
That’s why.
FROM ubuntu:14.04
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
Better	now?
@jbaruch #oscon www.jfrog.com/shownotes
That’s why.
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
And	now?
@jbaruch #oscon www.jfrog.com/shownotes
That’s why.
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
And	now?What	about	those?
@jbaruch #oscon www.jfrog.com/shownotes
That’s why.
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN mvn clean install
CMD ”java –jar Main.class"
What	about	this?
@jbaruch #oscon www.jfrog.com/shownotes
That’s why.
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN download_random_sh*t_from_the_internet.sh
CMD ["/usr/bin/node", "/var/www/app.js"]
And	how	about	this?
@jbaruch #oscon www.jfrog.com/shownotes
That’s why you don’t trust Docker
@jbaruch #oscon www.jfrog.com/shownotes
Traditional Server Pattern
http://martinfowler.com/bliki/ImmutableServer.html
@jbaruch #oscon www.jfrog.com/shownotes
Immutable Server Pattern
http://martinfowler.com/bliki/ImmutableServer.html
@jbaruch #oscon www.jfrog.com/shownotes
What’s up with the gates?!
@jbaruch #oscon www.jfrog.com/shownotes
What’s up with the gates?!
What’s up with the gates?!
- QA shouldn’t test dev images
What’s up with the gates?!
- QA shouldn’t test dev images
- non-tested images shouldn't be
staged
What’s up with the gates?!
- QA shouldn’t test dev images
- non-tested images shouldn't be
staged
- non-staged, non-tested or dev
images shouldn’t end up in
production!!!
Not so fast…
Trumped-up limitations
The Anatomy of Docker Tag
@jbaruch #oscon www.jfrog.com/shownotes
Wait	a	second,	how	can	I	
have	more	than	one	
repository	per	host	now?!
How can we support this?
https://host:8081/artifactory/docker-dev/busybox
https://host:8081/artifactory/docker-staging/busybox
https://host:8081/artifactory/docker-qa/busybox
https://host:8081/artifactory/docker-prod/busybox
@jbaruch #oscon www.jfrog.com/shownotes
“ONEREGISTRYPERHOSTOUGHTTOBEENOUGHFORANYBODY.”
Panic!
@jbaruch #oscon www.jfrog.com/shownotes
Virtual hosts/ports to the rescue
Registry	host Tag	name
docker tag host:port/busybox
@jbaruch #oscon www.jfrog.com/shownotes
Virtual hosts/ports to the rescue
https://host:port/v2/busybox
Registry	host Tag	name
docker tag host:port/busybox
@jbaruch #oscon www.jfrog.com/shownotes
Virtual hosts/ports to the rescue
https://host:8081/artifactory/docker-dev/busybox
Virtual	repository	name Tag	name
https://host:port/v2/busybox
Context	name
Registry	host Tag	name
docker tag host:port/busybox
server {
listen 5001;
server_name 192.168.99.100;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-dev/$1/$2;
…
}
}
@jbaruch #oscon www.jfrog.com/shownotes
But then you realize…
Wait	a	second,	now	I	need	
to	pull,	retag	and	push	for	
every	step?!
Anatomy of a container
@jbaruch #oscon www.jfrog.com/shownotes
Our Layers
Application:	
••.war	file
Framework:	
••JDK8	+	Wildfly
Base:	
••CentOS
Framework build
- Verified base image
- Add system dependencies
from artifactory
- JDK
- wildfly
- Own it!
Minimal Framework build Dockerfile
FROM centos:7
MAINTAINER you@yourorg.com
@jbaruch #oscon www.jfrog.com/shownotes
Application build
- Framework is your base
- Run a java build
- Add a file to base
- Done!
Application build Dockerfile
FROM yourorg-docker.jfrog.io/yourorg/framework:latest
MAINTAINER you@yourorg.com
ADD https://yourorg.jfrog.io/yourorg/java-release-local/…/app-[RELEASE].war
/opt/jboss/wildfly/standalone/deployments/app.war
@jbaruch #oscon www.jfrog.com/shownotes
Application build Dockerfile
FROM yourorg-docker.jfrog.io/yourorg/framework:latest
MAINTAINER you@yourorg.com
ADD https://yourorg.jfrog.io/yourorg/java-release-local/…/app-[RELEASE].war
/opt/jboss/wildfly/standalone/deployments/app.war
@jbaruch #oscon www.jfrog.com/shownotes
Application build Dockerfile
FROM yourorg-docker.jfrog.io/yourorg/framework:latest
MAINTAINER you@yourorg.com
ADD https://yourorg.jfrog.io/yourorg/java-release-local/…/app-[RELEASE].war
/opt/jboss/wildfly/standalone/deployments/app.war
@jbaruch #oscon www.jfrog.com/shownotes
@jbaruch #oscon www.jfrog.com/shownotes
Framework	Pipeline
Application	Pipeline
Framework	Pipeline
Application	Pipeline
Framework	Pipeline
Application	Pipeline
Q&A Time!
• www.jfrog.com/shownotes
– Slides
– Video (tomorrow)
– Links
– Feedback
– Raffle
• http://swampUP.jfrog.com
– Devops and JFrog leaders
– Devops and JFrog content
– Napa Valley in May!

Building a private CI/CD pipeline with Java and Docker in the cloud as presented at OSCON 2017