This document provides best practices for writing Dockerfiles. It begins with a refresher on images, Dockerfile build processes, and areas for improvement. Examples are then given of improving a sample Dockerfile by reducing layers, reusing official images, using multi-stage builds to reduce image sizes, and adding build caching and reproducibility. Benchmarks show the improved Dockerfile builds faster and produces smaller images. New Dockerfile features in Docker 18.09 like context mounts and application caching are also briefly discussed.
This talk will give you tips and tricks to get better build time performance and smaller images. The most important take-away is: you should be using multi-stage Dockerfiles and enable BuildKit.
DCSF19 Tips and Tricks of the Docker Captains Docker, Inc.
Brandon Mitchell, BoxBoat
Docker Captain Brandon Mitchell will help you accelerate your adoption of Docker containers by delivering tips and tricks on getting the most out of Docker. Topics include managing disk usage, preventing subnet collisions, debugging container networking, understanding image layers, getting more value out of the default volume driver, and solving the UID/GID permission issues with volumes in a way that allows images to be portable from any developer laptop and to production.
Cloud Foundry Summit 2015: 10 common errors when pushing apps to cloud foundryJack-Junjie Cai
You may experience some errors when you push your application to CloudFoundry. Some of them are easier to figure out, while others may be mysterious and harder to diagnose. This session will examine 10 common errors that may happen during application push, including their symptom, the tools and techniques to diagnose them, and the possible solutions. The session will mostly focus on Java and node.js applications, but some of the tips applies to all runtimes.
Streamline your development environment with dockerGiacomo Bagnoli
These days applications are getting more and more complex. It's becoming quite
difficult to keep track of all the different components an application needs in order to
function (a database, a message queueing system, a web server, a document
store, a search engine, you name it.). How many times we heard 'it worked on my
machine'?. In this talk we are going to explore Docker, what it is, how it works
and how much it can benefit in keeping the development environment consistent.
We are going to talk about Dockerfiles, best practices, tools like fig and vagrant,
and finally show an example of how it applies to a ruby on rails
application.
The slides from my Deployment Tactics talk at the ThinkVitamin Code Management online conference (http://thinkvitamin.com/online-conferences/code-manage-deploy/).
This talk will give you tips and tricks to get better build time performance and smaller images. The most important take-away is: you should be using multi-stage Dockerfiles and enable BuildKit.
DCSF19 Tips and Tricks of the Docker Captains Docker, Inc.
Brandon Mitchell, BoxBoat
Docker Captain Brandon Mitchell will help you accelerate your adoption of Docker containers by delivering tips and tricks on getting the most out of Docker. Topics include managing disk usage, preventing subnet collisions, debugging container networking, understanding image layers, getting more value out of the default volume driver, and solving the UID/GID permission issues with volumes in a way that allows images to be portable from any developer laptop and to production.
Cloud Foundry Summit 2015: 10 common errors when pushing apps to cloud foundryJack-Junjie Cai
You may experience some errors when you push your application to CloudFoundry. Some of them are easier to figure out, while others may be mysterious and harder to diagnose. This session will examine 10 common errors that may happen during application push, including their symptom, the tools and techniques to diagnose them, and the possible solutions. The session will mostly focus on Java and node.js applications, but some of the tips applies to all runtimes.
Streamline your development environment with dockerGiacomo Bagnoli
These days applications are getting more and more complex. It's becoming quite
difficult to keep track of all the different components an application needs in order to
function (a database, a message queueing system, a web server, a document
store, a search engine, you name it.). How many times we heard 'it worked on my
machine'?. In this talk we are going to explore Docker, what it is, how it works
and how much it can benefit in keeping the development environment consistent.
We are going to talk about Dockerfiles, best practices, tools like fig and vagrant,
and finally show an example of how it applies to a ruby on rails
application.
The slides from my Deployment Tactics talk at the ThinkVitamin Code Management online conference (http://thinkvitamin.com/online-conferences/code-manage-deploy/).
DCSF 19 Deploying Rootless buildkit on KubernetesDocker, Inc.
DockerCon Open Source Summit: BuildKit
Akihiro Suda, NTT Corporation
Building images on Kubernetes is attractive for distributing workload across multiple nodes, typically in CI/CD pipeline. However, it had been considered dangerous due to the dependency on `securityContext.privileged`.
In this talk, Akihiro will show how to use Rootless BuildKit in Kubernetes, which can be executed as a non-root user without extra `securityContext` configuration.
Docker Container As A Service
X11 Linux apps on mac in a container.
In container Java development with STS or Eclipse in a container.
Docker UCP and swarm load balancing with Interlock.
Given at TechMaine's Java Users Group on Feb 26 2008
Why do we need another build tool when we already have Ant? By focusing on convention over configuration, Maven allows you to declaratively define how your project is built, which reduces a lot of the procedural code that you'd need to implement in every build file if you were using Ant. This, along with Maven's built-in management of repositories for project dependencies, allows you to streamline your build process. Ultimately Maven can reduce the amount of time that would otherwise be wasted hunting down jar files and fiddling with boilerplate build scripts.
This presentation covers Maven's core concepts. It introduces the Plugin architecture, and explain how the most popular plugins are used. It also covers the POM concept and how it relates to dependency tracking and repositories.
Looking at how people, with current deployments, can start using docker with out having to replace anything. Also giving a migration path that allows testing the separate pieces and migrating over slowly without painting yourself into a corner. Also covering why you might want to do this and the problems it may help to solve.
Securing Containers, One Patch at a Time - Michael Crosby, DockerDocker, Inc.
Responsible disclosure is a key ingredient of any solid security strategy. In this session, Docker maintainer Michael Crosby will explain the ins and outs of CVE-2016-9962: how it was discovered, how it could even happen in the first place, and how it was addressed. A vertiginous abseil at the boundaries of the kernel, in the fascinating land of system calls and randomized address space. You will think twice before leaking a file descriptor again.
Slides for my talk at the Blue4IT meeting in Utrecht. It shows you how to run everything in a Docker container. You can run the DTAP environment, the build environment and the development environment (including IDE) in Docker.
DNUG Webcast: IBM Notes V10 Performance BoostChristoph Adler
IBM Notes Clients mit einer gewissen Portion Performance zu versehen, muss nicht komliziert sein. Diese Session ist bereits für IBM Notes V10 Beta-2 aktualisiert. Komm in den Webcast und finde heraus, welche Stellschrauben, wie weit und in welche Richtung gedreht werden müssen, um IBM Notes maximal optimiert und mit höchster Stabilität nutzen zu können.
Hier werden auch Themen wie z.B. veraltete ODS, Netzwerk-Latenzen und Applikationsperformance behandelt und besprochen, wie man diese messen und beheben kann. Lerne Möglichkeiten das (Start-)Verhalten von IBM Notes Clients zu Analysieren und Best Practices bzgl. „Arbeitsumgebungs- und Verbindungsdokumenten“ anzuwenden und warum die catalog.nsf so wichtig ist.
Verbessere deine IBM Notes Client-Infrastruktur und mache deine Benutzer glücklich, indem du eine bessere Experience (schnellere und stabilere Clients) anbietest. Als Bonus wird Christoph Adler zeigen, wie man den Notes Client Start in virtualisierten Umgebungen (Citrix VMWare) um bis zu 75% beschleunigen kann.
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Docker, Inc.
At Docker, we are striving to enable the extensibility of Docker via "Plugins" and make them available for developers and enterprises alike. Come attend this talk to understand what it takes to build, ship, store and run plugins. We will deep dive into plugin lifecycle management on a single engine and across a swarm cluster. We will also demonstrate how you can integrate plugins from other enterprises or developers into your ecosystem. There will be fun demos accompanying this talk! This will be session will be beneficial to you if you: 1) Are an ops team member trying to integrate Docker with your favorite storage or network vendor 2) Are Interested in extending or customizing Docker; or 3) Want to become a Docker partner, and want to make the technology integration seamless.
Docker for developers on mac and windowsDocker, Inc.
The whole Docker ecosystem exists today because of every single developer who found ways of using Docker to improve how they build software; whether streamlining production deployments, speeding up continuous integration systems or standing up an application on your laptop to hack on. In this talk we want to take a step back and look at where Docker sits today from the software developers point of view - and then jump ahead and talk about where it might go in the future. In this talk, we’ll discuss:
* Making Docker an everyday part of the developing software on the desktop, with Docker for Windows and Docker for Mac
* Docker Compose, and the future of describing applications as code
* How Docker provides the best tools for developing applications destined to run on any Kubernetes cluster
This session should be of interest to anyone who writes software; from people who want to hack on a few personal projects, to polyglot open source programmers and to professional developers working in tightly controlled environments. Everyone deserves a better developer experience.
Talk given at Devoxx Belgium 2018
Spring Boot is awesome. Docker is awesome. Together you can do great things. But, are you doing it the right way? We'll walk you through, in detail, the optimal way to structure Docker images for Spring Boot applications for iterative development. Structuring your Docker images correctly is really important for teams doing continuous integration and continuous delivery. Using Docker best practices, we'll show you the code and the technologies used to optimize Docker images for Spring Boot apps!
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
Here are the slides from David Lutterkort's PuppetConf 2016 presentation called The Challenges with Container Configuration. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Introducing containers into your infrastructure brings new capabilities, but also new challenges, in particular around configuration. This talk will take a look under the hood at some of those operational challenges including:
* The difference between runtime and build-time configuration, and the importance of relating the two together.
* Configuration drift, immutable mental models and mutable container file systems.
* Who configures the orchestrators?
* Emergent vs. model driven configuration.
In the process we will identify some common problems and talk about potential solutions.
Talk from PuppetConf 2016
DCSF 19 Deploying Rootless buildkit on KubernetesDocker, Inc.
DockerCon Open Source Summit: BuildKit
Akihiro Suda, NTT Corporation
Building images on Kubernetes is attractive for distributing workload across multiple nodes, typically in CI/CD pipeline. However, it had been considered dangerous due to the dependency on `securityContext.privileged`.
In this talk, Akihiro will show how to use Rootless BuildKit in Kubernetes, which can be executed as a non-root user without extra `securityContext` configuration.
Docker Container As A Service
X11 Linux apps on mac in a container.
In container Java development with STS or Eclipse in a container.
Docker UCP and swarm load balancing with Interlock.
Given at TechMaine's Java Users Group on Feb 26 2008
Why do we need another build tool when we already have Ant? By focusing on convention over configuration, Maven allows you to declaratively define how your project is built, which reduces a lot of the procedural code that you'd need to implement in every build file if you were using Ant. This, along with Maven's built-in management of repositories for project dependencies, allows you to streamline your build process. Ultimately Maven can reduce the amount of time that would otherwise be wasted hunting down jar files and fiddling with boilerplate build scripts.
This presentation covers Maven's core concepts. It introduces the Plugin architecture, and explain how the most popular plugins are used. It also covers the POM concept and how it relates to dependency tracking and repositories.
Looking at how people, with current deployments, can start using docker with out having to replace anything. Also giving a migration path that allows testing the separate pieces and migrating over slowly without painting yourself into a corner. Also covering why you might want to do this and the problems it may help to solve.
Securing Containers, One Patch at a Time - Michael Crosby, DockerDocker, Inc.
Responsible disclosure is a key ingredient of any solid security strategy. In this session, Docker maintainer Michael Crosby will explain the ins and outs of CVE-2016-9962: how it was discovered, how it could even happen in the first place, and how it was addressed. A vertiginous abseil at the boundaries of the kernel, in the fascinating land of system calls and randomized address space. You will think twice before leaking a file descriptor again.
Slides for my talk at the Blue4IT meeting in Utrecht. It shows you how to run everything in a Docker container. You can run the DTAP environment, the build environment and the development environment (including IDE) in Docker.
DNUG Webcast: IBM Notes V10 Performance BoostChristoph Adler
IBM Notes Clients mit einer gewissen Portion Performance zu versehen, muss nicht komliziert sein. Diese Session ist bereits für IBM Notes V10 Beta-2 aktualisiert. Komm in den Webcast und finde heraus, welche Stellschrauben, wie weit und in welche Richtung gedreht werden müssen, um IBM Notes maximal optimiert und mit höchster Stabilität nutzen zu können.
Hier werden auch Themen wie z.B. veraltete ODS, Netzwerk-Latenzen und Applikationsperformance behandelt und besprochen, wie man diese messen und beheben kann. Lerne Möglichkeiten das (Start-)Verhalten von IBM Notes Clients zu Analysieren und Best Practices bzgl. „Arbeitsumgebungs- und Verbindungsdokumenten“ anzuwenden und warum die catalog.nsf so wichtig ist.
Verbessere deine IBM Notes Client-Infrastruktur und mache deine Benutzer glücklich, indem du eine bessere Experience (schnellere und stabilere Clients) anbietest. Als Bonus wird Christoph Adler zeigen, wie man den Notes Client Start in virtualisierten Umgebungen (Citrix VMWare) um bis zu 75% beschleunigen kann.
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Docker, Inc.
At Docker, we are striving to enable the extensibility of Docker via "Plugins" and make them available for developers and enterprises alike. Come attend this talk to understand what it takes to build, ship, store and run plugins. We will deep dive into plugin lifecycle management on a single engine and across a swarm cluster. We will also demonstrate how you can integrate plugins from other enterprises or developers into your ecosystem. There will be fun demos accompanying this talk! This will be session will be beneficial to you if you: 1) Are an ops team member trying to integrate Docker with your favorite storage or network vendor 2) Are Interested in extending or customizing Docker; or 3) Want to become a Docker partner, and want to make the technology integration seamless.
Docker for developers on mac and windowsDocker, Inc.
The whole Docker ecosystem exists today because of every single developer who found ways of using Docker to improve how they build software; whether streamlining production deployments, speeding up continuous integration systems or standing up an application on your laptop to hack on. In this talk we want to take a step back and look at where Docker sits today from the software developers point of view - and then jump ahead and talk about where it might go in the future. In this talk, we’ll discuss:
* Making Docker an everyday part of the developing software on the desktop, with Docker for Windows and Docker for Mac
* Docker Compose, and the future of describing applications as code
* How Docker provides the best tools for developing applications destined to run on any Kubernetes cluster
This session should be of interest to anyone who writes software; from people who want to hack on a few personal projects, to polyglot open source programmers and to professional developers working in tightly controlled environments. Everyone deserves a better developer experience.
Talk given at Devoxx Belgium 2018
Spring Boot is awesome. Docker is awesome. Together you can do great things. But, are you doing it the right way? We'll walk you through, in detail, the optimal way to structure Docker images for Spring Boot applications for iterative development. Structuring your Docker images correctly is really important for teams doing continuous integration and continuous delivery. Using Docker best practices, we'll show you the code and the technologies used to optimize Docker images for Spring Boot apps!
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
Here are the slides from David Lutterkort's PuppetConf 2016 presentation called The Challenges with Container Configuration. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Introducing containers into your infrastructure brings new capabilities, but also new challenges, in particular around configuration. This talk will take a look under the hood at some of those operational challenges including:
* The difference between runtime and build-time configuration, and the importance of relating the two together.
* Configuration drift, immutable mental models and mutable container file systems.
* Who configures the orchestrators?
* Emergent vs. model driven configuration.
In the process we will identify some common problems and talk about potential solutions.
Talk from PuppetConf 2016
Pluralsight Webinar: Simplify Your Project Builds with DockerElton Stoneman
Docker containers give you a consistent way to package and run your applications, but they can also power up your software builds. Join Pluralsight author and Docker Captain Elton Stoneman to learn how to compile apps inside containers—making Docker your build server and ditching the need to install any SDKs or runtimes to build and run your app from source.
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth RushgroveDocker, Inc.
Dockerfiles are great. They provide a zero-barrier-to-entry format for
describing a single Docker image which is immediately clear to anyone
reading them. But with that simplicity comes problems that become
apparent as your adoption of Docker gathers pace.
* Dockerfiles can inherit from other docker images, but images are not
Dockerfiles
* Dockerfile provides no built-in mechanism for creating abstractions,
so as usage grows identical or similar instructions can be duplicated
across many files
* The Docker APi exposes a build endpoint, but the API is very course,
taking Dockerfile as the transport rather than exposing the individual
instructions
* Dockerfiles are just that, files. So they can come from anywhere
The one layer per line in a Dockerfile limitation can lead to an
explosion of layers, which fail to take advantage of the promised
space and performance benefits.
Frank Macreery, Aptible CTO, gives Ruby devs an introduction to Docker, simplifying service-oriented architecture, wrapping databases in a uniform API, and achieving the Holy Grail of dev/prod parity.
Vagrant or docker for java dev environmentOrest Ivasiv
Discussed docker concept, docker containers usage in Java project. Reviewed issues related to Vagrant docker provisioning. Reviewed docker use case in current project
사내 발표자료 겸 만들었는데, ECS Fargate를 이용하실 분들이라면, 편리하게 쓰실 수 있도록 최대한 상세하게 만들어 보았습니다.
사실 CloudFormation 등 배포는 좀 더 편리하게 할 수 있지만, 회사 사정도 있고, 제가 일단 그런 기술을 너무 늦게 알았기 때문에 다루지는 않았습니다.
The features released between Java 11 and Java 17 have brought a greater opportunity for developers to improve application development productivity as well and code expressiveness and readability. In this deep-dive session, you will discover all the recent Project Amber features added to the Java language such as Records (including Records serialization), Pattern Matching for `instanceof`, switch expression, sealed classes, and hidden classes. The main goal of the Amber Project is to bring Pattern Matching to the Java platform, which will impact both the language and the JDK APsI. You will discover record patterns, array patterns, as well as deconstruction patterns, through constructors, factory methods, and deconstructors.
You can find the code shown here: https://github.com/JosePaumard/devoxx-uk-2021
A team's learnings from adopting devops and automating an otherwise labor-intensive server fleet. The bottom line: As with code, automated tests and CI are king.
This talk was held at Barcamp Salzburg in October 2016.
Instrumentación de entrega continua con GitlabSoftware Guru
Mostraremos el caso real de cómo tenemos implementado en nuestra empresa el flujo de desarrollo para integración y entrega continua, instrumentado con GitLab.
Sesión presentada por David Padilla en SG Next 2017
Similar to DockerCon EU 2018 - Dockerfile Best Practices (20)
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
6. image: template to instantiate running containers.
References list of filesystem layers
layer: a list of changes to a rootfs
copy-on-write filesystem: allows smaller disk usage
Quick refresher on Images
7. Quick refresher on Build
Parse Dockerfile and get build steps to perform
build caching: no need to perform build steps where files or RUN
line have not changed, reuse cached layers
build context: local files that can be copied to the image
10. -rw-r--r-- 1 656 Dec 4 12:20 Dockerfile
drwxr-xr-x 2 6.1M Dec 4 09:44 docs/
-rw-r--r-- 1 1.7K Dec 3 09:48 pom.xml
-rw-r--r-- 1 1.0K Dec 4 10:12 README.md
drwxr-xr-x 4 44K Dec 3 09:48 src/
drwxr-xr-x 2 17M Dec 4 09:50 target/
Basic Java Spring Hello world web app
Example project
11. FROM debian
COPY . /app
RUN apt-get update
RUN apt-get -y install openjdk-8-jdk ssh emacs
CMD ["java", "-jar", "/app/target/app.jar"]
Let’s improve this Dockerfile
12. Let’s improve this Dockerfile
FROM debian
COPY . /app
RUN apt-get update
RUN apt-get -y install openjdk-8-jdk ssh emacs vim
CMD ["java", "-jar", "/app/target/app.jar"]
13. Order matters for caching
FROM debian
COPY . /app
RUN apt-get update
RUN apt-get -y install openjdk-8-jdk ssh vim
COPY . /app
CMD ["java", "-jar", "/app/target/app.jar"]
14. Order matters for caching
FROM debian
RUN apt-get update
RUN apt-get -y install openjdk-8-jdk ssh vim
COPY . /app
CMD ["java", "-jar", "/app/target/app.jar"]
15. More specific COPY to limit cache bust
FROM debian
RUN apt-get update
RUN apt-get -y install openjdk-8-jdk ssh vim
COPY . /app
COPY target/app.jar /app
CMD ["java", "-jar", "/app/target/app.jar"]
16. More specific COPY to limit cache bust
FROM debian
RUN apt-get update
RUN apt-get -y install openjdk-8-jdk ssh vim
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
Pro Tip! Use COPY, not ADD for local files
17. More specific COPY to limit cache bust
FROM debian
RUN apt-get update
RUN apt-get -y install openjdk-8-jdk ssh vim
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
18. Identify cacheable "units"
FROM debian
RUN apt-get update
RUN apt-get -y install openjdk-8-jdk ssh vim
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
19. Line buddies: apt-get update & install
FROM debian
RUN apt-get update
RUN apt-get -y install openjdk-8-jdk ssh vim
RUN apt-get update && apt-get -y install
openjdk-8-jdk ssh vim
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
20. Line buddies: apt-get update & install
FROM debian
RUN apt-get update && apt-get -y install
openjdk-8-jdk ssh vim
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
21. Remove unnecessary dependencies
FROM debian
RUN apt-get update && apt-get -y install
openjdk-8-jdk ssh vim
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
26. Reuse official images when possible
FROM debian
RUN apt-get update &&
apt-get -y install --no-install-recommends
openjdk-8-jdk
&& rm -rf /var/lib/apt/lists/*
FROM openjdk
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
27. Reuse official images when possible
- Reduce time spent on maintenance
(frequently updated with fixes)
- Reduce size (shared layers between images)
- Pre-configured for container use
- Built by smart people
- Bonus: scanned for vulnerabilities on Docker Hub
28. Reuse official images when possible
FROM openjdk
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
29. Use more specific tags
FROM openjdk:latest
FROM openjdk:8
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
30. Use more specific tags
FROM openjdk:8
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
31. Use more specific tags
Read the image's documentation on
Docker Hub
https://hub.docker.com/_/openjdk
32. Use more specific tags
FROM openjdk:8-jre
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
33. Use more specific tags
FROM openjdk:8-jre
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
34. Look for minimal flavors
FROM openjdk:8-jre-slim
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
35. Look for minimal flavors
FROM openjdk:8-jre-slim
FROM openjdk:8-jre-alpine
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
36. Look for minimal flavors
REPOSITORY TAG SIZE
openjdk 8 624MB
openjdk 8-jre 443MB
openjdk 8-jre-slim 204MB
openjdk 8-jre-alpine 83MB
37. Look for minimal flavors
FROM openjdk:8-jre-alpine
COPY target/app.jar /app
CMD ["java", "-jar", "/app/app.jar"]
39. Build from source in a consistent environment
- Build environment is described in the Dockerfile
- Correct versions of build tools installed
- Prevent inconsistencies between environments
- There may be system dependencies
- The "source of truth" is the source code not the build artifact
40. Build from source in a consistent environment
FROM openjdk:8-jre-alpine
FROM maven:3.6-jdk-8-alpine
COPY app.jar /app
COPY pom.xml /app/
COPY src /app/src
RUN cd /app && mvn -e -B package
CMD ["java", "-jar", "/app/app.jar"]
41. Build from source in a consistent environment
FROM maven:3.6-jdk-8-alpine
COPY pom.xml /app/
COPY src /app/src
RUN cd /app && mvn -e -B package
CMD ["java", "-jar", "/app/app.jar"]
42. Build from source in a consistent environment
FROM maven:3.6-jdk-8-alpine
WORKDIR /app
COPY pom.xml /app/.
COPY src /app./src
RUN cd /app && mvn -e -B package
CMD ["java", "-jar", "/app/app.jar"]
43. Build from source in a consistent environment
FROM maven:3.6-jdk-8-alpine
WORKDIR /app
COPY pom.xml .
COPY src ./src
RUN mvn -e -B package
CMD ["java", "-jar", "/app/app.jar"]
52. FROM maven:3.6-jdk-8-alpine AS builder
...
FROM openjdk:8-jre-jessie AS release-jessie
COPY --from=builder /app/target/app.jar /
CMD ["java", "-jar", "/app.jar"]
FROM openjdk:8-jre-alpine AS release-alpine
COPY --from=builder /app/target/app.jar /
CMD ["java", "-jar", "/app.jar"]
docker build --target X
53. FROM maven:3.6-jdk-8-alpine AS builder
...
FROM openjdk:8-jre-jessie AS release-jessie
COPY --from=builder /app/target/app.jar /
CMD ["java", "-jar", "/app.jar"]
FROM openjdk:8-jre-alpine AS release-alpine
COPY --from=builder /app/target/app.jar /
CMD ["java", "-jar", "/app.jar"]
docker build --target X
54. FROM maven:3.6-jdk-8-alpine AS builder
...
FROM openjdk:8-jre-jessie AS release-jessie
COPY --from=builder /app/app.jar /
CMD ["java", "-jar", "/app.jar"]
FROM openjdk:8-jre-alpine AS release-alpine
COPY --from=builder /app/app.jar /
CMD ["java", "-jar", "/app.jar"]
docker build --target X
55. ARG flavor=alpine
FROM maven:3.6-jdk-8-alpine AS builder
...
FROM openjdk:8-jre-$flavor AS release
COPY --from=builder /app/target/app.jar /
CMD ["java", "-jar", "/app.jar"]
Global ARG: docker build --build-arg K=V
56. FROM maven:3.6-jdk-8-alpine AS builder
...
FROM openjdk:8-jre-alpine AS lint
RUN wget https://github.com/checkstyle/checkstyle/releases/download/checkstyle-8.15/checkstyle-8.15-all.jar
COPY checks.xml .
COPY src /src
RUN java -jar checkstyle-8.15-all.jar -c checks.xml /src
Various environments: build, dev, test, lint, ...
57. FROM maven:3.6-jdk-8-alpine AS builder
...
FROM openjdk:8-jre-alpine AS release
COPY --from=builder /app/target/app.jar /
CMD ["java", "-jar", "/app.jar"]
FROM builder AS dev
RUN apk add --no-cache strace
ENTRYPOINT ["ash"]
Various environments: build, dev, test, lint, ...
58. FROM maven:3.6-jdk-8-alpine AS builder
...
RUN mvn -e -B package -DskipTests
FROM builder AS unit-test
RUN mvn -e -B test
FROM release AS integration-test
RUN apk add --no-cache curl
RUN ./test/run.sh
Various environments: build, dev, test, lint, ...
59. FROM maven:3.6-jdk-8-alpine AS builder
...
FROM tiborvass/whalesay AS assets
RUN whalesay "¡Hola DockerCon!" > /out/assets.html
FROM openjdk:8-jre-alpine AS release
COPY --from=builder /app/app.jar /
COPY --from=assets /out /assets
CMD ["java", "-jar", "/app.jar"]
Multi-stage: build concurrently
64. “Supercharged Docker Build with BuildKit”
BlackBelt session Wednesday 12pm
- What’s new
- New Dockerfile features (RUN --mount, secrets, ssh,
syntax customization)
65. # syntax = docker/dockerfile:1.0-experimental
# syntax=docker/dockerfile:1.0-experimental
FROM maven:3.6-jdk-8-alpine AS builder
WORKDIR /app
COPY . /app
RUN mvn -e -B package
FROM openjdk:8-jre-alpine
COPY --from=builder /app/app.jar /
CMD ["java", "-jar", "/app.jar"]
66. Context mounts (v18.09 only)
# syntax=docker/dockerfile:1.0-experimental
FROM maven:3.6-jdk-8-alpine AS builder
WORKDIR /app
COPY . /app
RUN --mount=target=. mvn -e -B package -DoutputDirectory=/
FROM openjdk:8-jre-alpine
COPY --from=builder /app/app.jar /
CMD ["java", "-jar", "/app.jar"]
67. Context mounts (v18.09 only)
# syntax=docker/dockerfile:1.0-experimental
FROM maven:3.6-jdk-8-alpine AS builder
WORKDIR /app
RUN --mount=target=. mvn -e -B package -DoutputDirectory=/
FROM openjdk:8-jre-alpine
COPY --from=builder /app.jar /
CMD ["java", "-jar", "/app.jar"]
68. Application cache (v18.09 only)
# syntax=docker/dockerfile:1.0-experimental
FROM maven:3.6-jdk-8-alpine AS builder
WORKDIR /app
RUN --mount=target=. --mount=type=cache,target=/root/.m2
&& mvn package -DoutputDirectory=/
FROM openjdk:8-jre-alpine
COPY --from=builder /app.jar /
CMD ["java", "/app.jar"]
69. We went from:
- inconsistent build/dev/test environments
- bloated image
- slow build and incremental build times (cache busts)
To:
- consistent build/dev/test environments
- minimal image
- very fast build and incremental build times
Improvements recap
70. Read more on blog posts
https://medium.com/@tonistiigi/advance
d-multi-stage-build-patterns-6f741b852f
ae
https://medium.com/@tonistiigi/build-secrets-a
nd-ssh-forwarding-in-docker-18-09-ae8161d06
6
72. Take A Breakout Survey
Access your session and/or workshop surveys for the conference at any time by tapping the
Sessions link on the navigation menu or block on the home screen.
Find the session/workshop you attended and tap on it to view the session details. On this page, you
will find a link to the survey.