SlideShare a Scribd company logo

DCSF 19 Building Your Development Pipeline

Docker, Inc.
Docker, Inc.

Oliver Pomeroy, Docker & Laura Tacho, Cloudbees Enterprises often want to provide automation and standardisation on top of their container platform, using a pipeline to build and deploy their containerized applications. However this opens up new challenges; Do I have to build a new CI/CD Stack? Can I build my CI/CD pipeline with Kubernetes orchestration? What should my build agents look like? How do I integrate my pipeline into my enterprise container registry? In this session full of examples and how-to's, Olly and Laura will guide you through common situations and decisions related to your pipelines. We'll cover building minimal images, scanning and signing images, and give examples on how to enforce compliance standards and best practices across your teams.

Technology
1 of 50
Download to read offline
Building Your Development Pipeline
Olly Pomeroy Docker Laura Tacho CloudBees
What is a pipeline? A set of processes to make software development more efficient, secure, and high-quality. We want to deploy a containerized image. Our pipeline includes: ● Building the image ● Automated testing ● Security scanning ● Promoting the image and deploying to production
Build Test Secure Deploy! 21 3 4
Why use containers for your pipeline?
Containers make it easy to create consistent, reproducible environments because your environment is declared in a Dockerfile. You know exactly what’s running, where, and can modify and reproduce environments easily It also allows for efficiency by sharing some artifacts between dev, test, and prod. It’s about what’s INSIDE the container...
Since containers are lightweight, isolated, and fast to boot, they enable different workflows that are a great fit for your pipelines ● Fanning out to run large tasks across multiple containers ● Parallelizing workflows ...And what goes on OUTSIDE in systems and workflows
Certain things will be made easier, but Docker can’t do the work for you. It’s still up to you to: ● Follow 12-factor app guidelines like pinning dependencies ● Pay attention to size of images and understand what’s in them ● Perform security and vulnerability scans But there are still no shortcuts!
Building images in a pipeline
We size our build agents for that 1 job that requires a lot of CPU. The rest of the time they are pretty idle. We don’t standardize our tools, so I need everything on every build agent. Optimizing Build Agents
We size our build agents for that 1 job that requires a lot of CPU. The rest of the time they are pretty idle. We don’t standardize our tools, so I need everything on every build agent. On Demand Build Agents! A Build Agent Image for Everyone! But is this secure? Optimizing Build Agents
Containerized Build Agents: Docker in Docker $ docker run --privileged --name dind -d docker:18.09.0-dind $ docker run -it --rm --link dind:docker docker:18.09.0 sh / # docker images REPOSITORY TAG IMAGE ID CREATED SIZE / # docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
$ docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker:18.09.0 sh / # docker images REPOSITORY TAG IMAGE ID CREATED SIZE olly/jenkins-slave 1 fae1591c6584 3 hours ago 628MB nginx latest 62f816a209e6 6 days ago 109MB openjdk 8-stretch 954739b8bdfb 2 weeks ago 624MB golang latest 45e48f60e268 4 weeks ago 777MB / # docker ps CONTAINER ID IMAGE COMMAND STATUS NAMES b2e07edbd47e jenkins/slave:3.27-1 "sh" Up 2 hours optimistic_chandrasekhar 86f77c2b67f0 openjdk:8-stretch "sh" Up 3 hours distracted_mcnulty Containerized Build Agents: Mounted Socket
$ docker run -it --rm -v .pipedocker_engine:.pipedocker_engine docker:18.09.0 cmd C:>docker images REPOSITORY TAG IMAGE ID CREATED SIZE openjdk 1803 2f91c65915d9 2 weeks ago 5.2GB dtr.az.olly.dtcntr.net/openjdk 1803 2f91c65915d9 2 weeks ago 5.2GB docker 18.09.0 629e0258a222 2 weeks ago 5.11GB microsoft/aspnet 4.7.2-wind..cbdbd42e5a14 7 weeks ago 5.46GB windows/servercore 1803 1a4a9d0fd8af 7 weeks ago 4.93GB C:>docker ps CONTAINER ID IMAGE COMMAND STATUS NAMES a7911d0ff315 docker:18.09.0 "cmd" Up 9 seconds priceless_franklin Containerized Build Agents: Mounted Pipe (Windows)
Docker in Docker docker run dind, --privileged The container can do almost everything the host can do :( Mounted socket or pipe -v /var/run/docker.sock:/var/run/docker.sock -v .pipedocker_engine:.pipedocker_engine The container controls your Docker host. Any security applied to the socket has just been bypassed. :( Containerized Build Agents: Is this Secure?
Docker in Docker docker run dind, --privileged Rootless Docker? (Coming soon! Docker CE / EE 19.03!) Rootless building daemon? (Buildkit, Img, Kaniko) Mounted socket or pipe -v /var/run/docker.sock:/var/run/docker.sock -v .pipedocker_engine:.pipedocker_engine Dedicated build host? Dedicated build cluster? Containerized Build Agents: Is this Secure?
Building Container Images
Testing with containers
Build once, use everywhere Treat your Dockerfile as a shared artifact that can before different types of testing during all phases in your development process ● local testing during development ● standalone unit tests ● browser and integration tests ● promotion to staging or QA environments
Maintain flexibility in each environment ● Dev and test environments can be very different ○ Reuse the Dockerfile (or a shared base image, if that makes sense) ○ Create a specific docker-compose.yml file with your testing environment ○ Long(er)-running dev environment can coexist alongside ephemeral test environments
In practice: integration testing patterns docker-compose.yml docker-compose.test.yml version: '3' services: vote: build: ../vote/ ports: ["80"] depends_on: - redis - db networks: - front-tier - back-tier result: ... worker: ... redis: ... db: ... version: '3' services: test: build: ./tests/ depends_on: - vote - result - worker vote: ... result: ... worker: ... redis: ... db: ... Create new one-off application environment Create service to run integration tests
Configurations can be reused with many tools OSS Jenkins Jenkins X Hosted SaaS Circle CI CodeShip Travis CI Azure DevOps Supported on-prem CloudBees CloudBees Jenkins Distribution Circle CI Bamboo TeamCity GitLab and plenty more!
Parallel Testing with Docker ● Theory: employ task parallelism to split work across parallel computers (containers) ○ Think of your container as just one process, and split testing loads across processes ○ Improve performance on-demand by adding more containers ○ Manage environments simply with Docker ecosystem tools
Parallel Testing with Docker ● In practice: most CI tools do this for you i.e. declarative pipelines in Jenkinsfile, CodeShip steps, GitLab ● Use cases ○ Test against a matrix of versions ○ Cross-compile on Linux and Windows ○ Run integration tests against different browsers ● Caution: parallelism is great for testing, but not deploying.
Example: Windows & Linux Builds in Jenkins pipeline { agent none stages { stage("build and deploy on Windows and Linux") { parallel { stage("windows") { agent { label "windows" } stages { stage("build") {} stage("deploy") {} } } stage("linux") { agent { label "linux" } stages { stage("build") {} stage("deploy") {} } } } } } }
Example: Selenium Grid Selenium Hub Firefox Ubuntu Chrome MacOS Safari iOS Safari MacOS Chrome Windows
Securing Container Images
Security question Q. I’ve downloaded all of these container images, how do I know what's inside? What happens if there is an out of date package in there? How do I know which vulnerabilities are exposed? A. It's fine. They came from the DockerHub and the Dockerfile looks ok…
The Old World Host Operating System, Kernel… Devs Ops App1 App 2 App3 Java Python .Net
The New World Host Operating System, Kernel…. Devs Ops Who’s giving this TLC? App1 App 2 App3 Java Python .Net
Maybe we can check the Dockerfile? # Pull base image FROM oracle/serverjre:8 # Maintainer LABEL MAINTAINER=”bruno.borges@oracle.com” ENV ORACLE_HOME=/u01/oracle USER_MEM_ARGS="-Djava.security.egd=file:/ dev/./urandom" PATH=$PATH:/usr/java/default/bin:/u01/ora cle/oracle_common/common/bin RUN mkdir -p /u01 && ... Oracle Weblogic 12.1.3 Image FROM oraclelinux:7-slim LABEL MAINTAINER=”bruno.borges@oracle.com” ENV JAVA_PKG=server-jre-8u*-linux-x64.tar. gz JAVA_HOME=/usr/java/default ... oracle/serverjre:8 FROM scratch LABEL MAINTAINER=”ol-ovm-info_ww@oracle.com” ADD oraclelinux-7-slim-rootfs.tar.xz / oraclelinux:7-slim
Maybe we can check the Dockerfile? # Pull base image FROM oracle/serverjre:8 # Maintainer LABEL MAINTAINER=”bruno.borges@oracle.com” ENV ORACLE_HOME=/u01/oracle USER_MEM_ARGS="-Djava.security.egd=file:/ dev/./urandom" PATH=$PATH:/usr/java/default/bin:/u01/ora cle/oracle_common/common/bin RUN mkdir -p /u01 && ... FROM scratch LABEL MAINTAINER=”ol-ovm-info_ww@oracle.com” ADD oraclelinux-7-slim-rootfs.tar.xz / FROM oraclelinux:7-slim LABEL MAINTAINER=”bruno.borges@oracle.com” ENV JAVA_PKG=server-jre-8u*-linux-x64.tar. gz JAVA_HOME=/usr/java/default ... Oracle Weblogic 12.1.3 Image oracle/serverjre:8 oraclelinux:7-slim
Image Vulnerability Scanning Docker Trusted Registry
How do I control what runs in my cluster?? Enforcing “Corporate Standards” or Best Practises to all of the container images within your environment: ○ Everyone builds from “myco/base:1” or “myco/base:2” ○ Container Images shouldn’t run as root by default You can add stages in to your Pipeline to make this happen! ○ Linting Dockerfiles (fromlatest, hadolint + many more) ○ Policy Engines (Anchore Engine, used within SysDig)
How do I control what runs in my cluster?? Enforcing that the “production” images are the only images that can run on my cluster. $ kubectl apply -f exampleapp.yaml Error from server (Forbidden): error when creating "exampleapp.yaml": pods "nginx" is forbidden: one or more container images do not meet the required signing policy: [nginx: image did not meet required signing policy] $ docker run nginx:latest docker: Error response from daemon: image did not meet required signing policy.
Automating your Pipeline with a Private Registry Automated Image Promotion dev/example qa/example Developer Pushes an Image to DTR Promotion Policy verifies that the image has no vulnerabilities. Webhooks at every step
Deploying in Containers
The Software Supply Chain New Code Lands in SCM Jenkins - Builds new Image from SCM Image Uploaded to Registry If Image has no vulnerabilities. Move to testing. Jenkins Pipeline runs QA on the Image. Security Team, sign off on image. Moves to Production. New Image lands in Production Jenkins Pipeline Creates the Deployment from Templates App Successfully Deployed to Docker EE Cluster. Continuous Integration Continuous Deployment
Out-of-the-Box Features Modern orchestration systems come pre-baked with many deployment features. The work is already done for you! This means that your pipeline needs to monitor for status updates, but not implement the functionality.
Deployment Strategies Rolling Update Update containers one-by-one (or in groups), so that the application has no downtime. It’s possible for two versions of the software to be deployed at the same time.
Deployment Strategies Rolling Update
Deployment Strategies Rolling Update
Deployment Strategies Rolling Update
Deployment Strategies Rolling Update
In practice: Rolling Updates and Auto-Rollbacks Swarm and Kubernetes handle this for you -- no need to custom build service: build: myapp/myservice image: ${REGISTRY-127.0.0.1:5000}/myservice:${TAG-latest} deploy: replicas: 7 update_config: delay: 5s failure_action: rollback max_failure_ratio: .5 monitor: 5s parallelism: 1 docker stack
In practice: Rolling Updates and Auto-Rollbacks ... strategy: type: RollingUpdate #this is the default rollingUpdate: maxSurge: 1 maxUnavailable: 1 Swarm and Kubernetes handle this for you -- no need to custom build kubernetes deployment
The Software Supply Chain
The Software Supply Chain New Code Lands in SCM Jenkins - Builds new Image from SCM Image Uploaded to Registry If Image has no vulnerabilities. Move to testing. Jenkins Pipeline runs QA on the Image. Security Team, sign off on image. Moves to Production. New Image lands in Production Jenkins Pipeline Creates the Deployment from Templates App Successfully Deployed to Docker EE Cluster. Continuous Integration Continuous Deployment
Thank You!
Rate & Share Rate this session in the DockerCon App Follow Laura @rhein_wein Follow Olly @ollypom Tweet #DockerCon

Recommended

DCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface UpdateDCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface Update
Docker, Inc.
 
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
Docker, Inc.
 
DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy
Docker, Inc.
 
DCSF19 Containers for Beginners
DCSF19 Containers for BeginnersDCSF19 Containers for Beginners
DCSF19 Containers for Beginners
Docker, Inc.
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Patrick Chanezon
 
Containerizing Hardware Accelerated Applications
Containerizing Hardware Accelerated ApplicationsContainerizing Hardware Accelerated Applications
Containerizing Hardware Accelerated Applications
Docker, Inc.
 
Building your production tech stack for docker container platform
Building your production tech stack for docker container platformBuilding your production tech stack for docker container platform
Building your production tech stack for docker container platform
Docker, Inc.
 
Docker for developers on mac and windows
Docker for developers on mac and windowsDocker for developers on mac and windows
Docker for developers on mac and windows
Docker, Inc.
 

Recommended

DCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface UpdateDCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface Update
Docker, Inc.
 
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
Docker, Inc.
 
DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy
Docker, Inc.
 
DCSF19 Containers for Beginners
DCSF19 Containers for BeginnersDCSF19 Containers for Beginners
DCSF19 Containers for Beginners
Docker, Inc.
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Patrick Chanezon
 
Containerizing Hardware Accelerated Applications
Containerizing Hardware Accelerated ApplicationsContainerizing Hardware Accelerated Applications
Containerizing Hardware Accelerated Applications
Docker, Inc.
 
Building your production tech stack for docker container platform
Building your production tech stack for docker container platformBuilding your production tech stack for docker container platform
Building your production tech stack for docker container platform
Docker, Inc.
 
Docker for developers on mac and windows
Docker for developers on mac and windowsDocker for developers on mac and windows
Docker for developers on mac and windows
Docker, Inc.
 
Docker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott CoultonDocker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott Coulton
Docker, Inc.
 
DockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times NewsroomDockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times Newsroom
Docker, Inc.
 
DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith
Docker, Inc.
 
Troubleshooting tips from docker support engineers
Troubleshooting tips from docker support engineersTroubleshooting tips from docker support engineers
Troubleshooting tips from docker support engineers
Docker, Inc.
 
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
DockerCon SF 2015: Enabling Microservices @Orbitz
DockerCon SF 2015: Enabling Microservices @OrbitzDockerCon SF 2015: Enabling Microservices @Orbitz
DockerCon SF 2015: Enabling Microservices @Orbitz
Docker, Inc.
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller
Docker, Inc.
 
DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps
DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps
DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps
Docker, Inc.
 
Node.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and OpsNode.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and Ops
Bret Fisher
 
DCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDCEU 18: Docker Container Security
DCEU 18: Docker Container Security
Docker, Inc.
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
Docker, Inc.
 
DockerCon EU 2015: Placing a container on a train at 200mph
DockerCon EU 2015: Placing a container on a train at 200mphDockerCon EU 2015: Placing a container on a train at 200mph
DockerCon EU 2015: Placing a container on a train at 200mph
Docker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
Docker, Inc.
 
Windows container security
Windows container securityWindows container security
Windows container security
Docker, Inc.
 
Demystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in dockerDemystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in docker
Docker, Inc.
 
DockerCon EU 2015: Stop Being Lazy and Test Your Software!
DockerCon EU 2015: Stop Being Lazy and Test Your Software!DockerCon EU 2015: Stop Being Lazy and Test Your Software!
DockerCon EU 2015: Stop Being Lazy and Test Your Software!
Docker, Inc.
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and Swarm
Abhinandan P.b
 
Efficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura FrankEfficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura Frank
Docker, Inc.
 
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-ComposeTales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Docker, Inc.
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Docker, Inc.
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
Docker, Inc.
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
양재동 코드랩
 

More Related Content

What's hot

Docker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott CoultonDocker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott Coulton
Docker, Inc.
 
DockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times NewsroomDockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times Newsroom
Docker, Inc.
 
DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith
Docker, Inc.
 
Troubleshooting tips from docker support engineers
Troubleshooting tips from docker support engineersTroubleshooting tips from docker support engineers
Troubleshooting tips from docker support engineers
Docker, Inc.
 
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
DockerCon SF 2015: Enabling Microservices @Orbitz
DockerCon SF 2015: Enabling Microservices @OrbitzDockerCon SF 2015: Enabling Microservices @Orbitz
DockerCon SF 2015: Enabling Microservices @Orbitz
Docker, Inc.
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller
Docker, Inc.
 
DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps
DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps
DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps
Docker, Inc.
 
Node.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and OpsNode.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and Ops
Bret Fisher
 
DCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDCEU 18: Docker Container Security
DCEU 18: Docker Container Security
Docker, Inc.
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
Docker, Inc.
 
DockerCon EU 2015: Placing a container on a train at 200mph
DockerCon EU 2015: Placing a container on a train at 200mphDockerCon EU 2015: Placing a container on a train at 200mph
DockerCon EU 2015: Placing a container on a train at 200mph
Docker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
Docker, Inc.
 
Windows container security
Windows container securityWindows container security
Windows container security
Docker, Inc.
 
Demystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in dockerDemystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in docker
Docker, Inc.
 
DockerCon EU 2015: Stop Being Lazy and Test Your Software!
DockerCon EU 2015: Stop Being Lazy and Test Your Software!DockerCon EU 2015: Stop Being Lazy and Test Your Software!
DockerCon EU 2015: Stop Being Lazy and Test Your Software!
Docker, Inc.
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and Swarm
Abhinandan P.b
 
Efficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura FrankEfficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura Frank
Docker, Inc.
 
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-ComposeTales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Docker, Inc.
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Docker, Inc.
 

What's hot (20)

Docker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott CoultonDocker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott Coulton
 
DockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times NewsroomDockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times Newsroom
 
DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith
 
Troubleshooting tips from docker support engineers
Troubleshooting tips from docker support engineersTroubleshooting tips from docker support engineers
Troubleshooting tips from docker support engineers
 
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
 
DockerCon SF 2015: Enabling Microservices @Orbitz
DockerCon SF 2015: Enabling Microservices @OrbitzDockerCon SF 2015: Enabling Microservices @Orbitz
DockerCon SF 2015: Enabling Microservices @Orbitz
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller
 
DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps
DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps
DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps
 
Node.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and OpsNode.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and Ops
 
DCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDCEU 18: Docker Container Security
DCEU 18: Docker Container Security
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
 
DockerCon EU 2015: Placing a container on a train at 200mph
DockerCon EU 2015: Placing a container on a train at 200mphDockerCon EU 2015: Placing a container on a train at 200mph
DockerCon EU 2015: Placing a container on a train at 200mph
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
 
Windows container security
Windows container securityWindows container security
Windows container security
 
Demystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in dockerDemystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in docker
 
DockerCon EU 2015: Stop Being Lazy and Test Your Software!
DockerCon EU 2015: Stop Being Lazy and Test Your Software!DockerCon EU 2015: Stop Being Lazy and Test Your Software!
DockerCon EU 2015: Stop Being Lazy and Test Your Software!
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and Swarm
 
Efficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura FrankEfficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura Frank
 
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-ComposeTales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
 

Similar to DCSF 19 Building Your Development Pipeline

DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
Docker, Inc.
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
양재동 코드랩
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tips
Samuel Chow
 
ContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small businessContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small business
Docker-Hanoi
 
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
Puppet
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Jo Ee Liew
 
Introduction to Docker and Monitoring with InfluxData
Introduction to Docker and Monitoring with InfluxDataIntroduction to Docker and Monitoring with InfluxData
Introduction to Docker and Monitoring with InfluxData
InfluxData
 
[@NaukriEngineering] Docker 101
[@NaukriEngineering] Docker 101[@NaukriEngineering] Docker 101
[@NaukriEngineering] Docker 101
Naukri.com
 
vodQA(Pune) 2018 - Docker in Testing
vodQA(Pune) 2018 - Docker in TestingvodQA(Pune) 2018 - Docker in Testing
vodQA(Pune) 2018 - Docker in Testing
vodQA
 
Docker in everyday development
Docker in everyday developmentDocker in everyday development
Docker in everyday development
Justyna Ilczuk
 
Using Docker to build and test in your laptop and Jenkins
Using Docker to build and test in your laptop and JenkinsUsing Docker to build and test in your laptop and Jenkins
Using Docker to build and test in your laptop and Jenkins
Micael Gallego
 
Run automated tests in Docker
Run automated tests in DockerRun automated tests in Docker
Run automated tests in Docker
Oleksandr Metelytsia
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Marcelo Ochoa
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Patrick Chanezon
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
DevOps.com
 
Scala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camouScala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camou
J On The Beach
 
DevOps Workflow: A Tutorial on Linux Containers
DevOps Workflow: A Tutorial on Linux ContainersDevOps Workflow: A Tutorial on Linux Containers
DevOps Workflow: A Tutorial on Linux Containers
inside-BigData.com
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
Andrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
Andrey Hristov
 

Similar to DCSF 19 Building Your Development Pipeline (20)

DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tips
 
ContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small businessContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small business
 
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Introduction to Docker and Monitoring with InfluxData
Introduction to Docker and Monitoring with InfluxDataIntroduction to Docker and Monitoring with InfluxData
Introduction to Docker and Monitoring with InfluxData
 
[@NaukriEngineering] Docker 101
[@NaukriEngineering] Docker 101[@NaukriEngineering] Docker 101
[@NaukriEngineering] Docker 101
 
vodQA(Pune) 2018 - Docker in Testing
vodQA(Pune) 2018 - Docker in TestingvodQA(Pune) 2018 - Docker in Testing
vodQA(Pune) 2018 - Docker in Testing
 
Docker in everyday development
Docker in everyday developmentDocker in everyday development
Docker in everyday development
 
Using Docker to build and test in your laptop and Jenkins
Using Docker to build and test in your laptop and JenkinsUsing Docker to build and test in your laptop and Jenkins
Using Docker to build and test in your laptop and Jenkins
 
Run automated tests in Docker
Run automated tests in DockerRun automated tests in Docker
Run automated tests in Docker
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
 
Scala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camouScala, docker and testing, oh my! mario camou
Scala, docker and testing, oh my! mario camou
 
DevOps Workflow: A Tutorial on Linux Containers
DevOps Workflow: A Tutorial on Linux ContainersDevOps Workflow: A Tutorial on Linux Containers
DevOps Workflow: A Tutorial on Linux Containers
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 

More from Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
Docker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
Docker, Inc.
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
Docker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
Docker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
Docker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
Docker, Inc.
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
Docker, Inc.
 

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Recently uploaded

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 

Recently uploaded (20)

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 

DCSF 19 Building Your Development Pipeline

  • 3. What is a pipeline? A set of processes to make software development more efficient, secure, and high-quality. We want to deploy a containerized image. Our pipeline includes: ● Building the image ● Automated testing ● Security scanning ● Promoting the image and deploying to production
  • 5. Why use containers for your pipeline?
  • 6. Containers make it easy to create consistent, reproducible environments because your environment is declared in a Dockerfile. You know exactly what’s running, where, and can modify and reproduce environments easily It also allows for efficiency by sharing some artifacts between dev, test, and prod. It’s about what’s INSIDE the container...
  • 7. Since containers are lightweight, isolated, and fast to boot, they enable different workflows that are a great fit for your pipelines ● Fanning out to run large tasks across multiple containers ● Parallelizing workflows ...And what goes on OUTSIDE in systems and workflows
  • 8. Certain things will be made easier, but Docker can’t do the work for you. It’s still up to you to: ● Follow 12-factor app guidelines like pinning dependencies ● Pay attention to size of images and understand what’s in them ● Perform security and vulnerability scans But there are still no shortcuts!
  • 9. Building images in a pipeline
  • 10. We size our build agents for that 1 job that requires a lot of CPU. The rest of the time they are pretty idle. We don’t standardize our tools, so I need everything on every build agent. Optimizing Build Agents
  • 11. We size our build agents for that 1 job that requires a lot of CPU. The rest of the time they are pretty idle. We don’t standardize our tools, so I need everything on every build agent. On Demand Build Agents! A Build Agent Image for Everyone! But is this secure? Optimizing Build Agents
  • 12. Containerized Build Agents: Docker in Docker $ docker run --privileged --name dind -d docker:18.09.0-dind $ docker run -it --rm --link dind:docker docker:18.09.0 sh / # docker images REPOSITORY TAG IMAGE ID CREATED SIZE / # docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
  • 13. $ docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker:18.09.0 sh / # docker images REPOSITORY TAG IMAGE ID CREATED SIZE olly/jenkins-slave 1 fae1591c6584 3 hours ago 628MB nginx latest 62f816a209e6 6 days ago 109MB openjdk 8-stretch 954739b8bdfb 2 weeks ago 624MB golang latest 45e48f60e268 4 weeks ago 777MB / # docker ps CONTAINER ID IMAGE COMMAND STATUS NAMES b2e07edbd47e jenkins/slave:3.27-1 "sh" Up 2 hours optimistic_chandrasekhar 86f77c2b67f0 openjdk:8-stretch "sh" Up 3 hours distracted_mcnulty Containerized Build Agents: Mounted Socket
  • 14. $ docker run -it --rm -v .pipedocker_engine:.pipedocker_engine docker:18.09.0 cmd C:>docker images REPOSITORY TAG IMAGE ID CREATED SIZE openjdk 1803 2f91c65915d9 2 weeks ago 5.2GB dtr.az.olly.dtcntr.net/openjdk 1803 2f91c65915d9 2 weeks ago 5.2GB docker 18.09.0 629e0258a222 2 weeks ago 5.11GB microsoft/aspnet 4.7.2-wind..cbdbd42e5a14 7 weeks ago 5.46GB windows/servercore 1803 1a4a9d0fd8af 7 weeks ago 4.93GB C:>docker ps CONTAINER ID IMAGE COMMAND STATUS NAMES a7911d0ff315 docker:18.09.0 "cmd" Up 9 seconds priceless_franklin Containerized Build Agents: Mounted Pipe (Windows)
  • 15. Docker in Docker docker run dind, --privileged The container can do almost everything the host can do :( Mounted socket or pipe -v /var/run/docker.sock:/var/run/docker.sock -v .pipedocker_engine:.pipedocker_engine The container controls your Docker host. Any security applied to the socket has just been bypassed. :( Containerized Build Agents: Is this Secure?
  • 16. Docker in Docker docker run dind, --privileged Rootless Docker? (Coming soon! Docker CE / EE 19.03!) Rootless building daemon? (Buildkit, Img, Kaniko) Mounted socket or pipe -v /var/run/docker.sock:/var/run/docker.sock -v .pipedocker_engine:.pipedocker_engine Dedicated build host? Dedicated build cluster? Containerized Build Agents: Is this Secure?
  • 19. Build once, use everywhere Treat your Dockerfile as a shared artifact that can before different types of testing during all phases in your development process ● local testing during development ● standalone unit tests ● browser and integration tests ● promotion to staging or QA environments
  • 20. Maintain flexibility in each environment ● Dev and test environments can be very different ○ Reuse the Dockerfile (or a shared base image, if that makes sense) ○ Create a specific docker-compose.yml file with your testing environment ○ Long(er)-running dev environment can coexist alongside ephemeral test environments
  • 21. In practice: integration testing patterns docker-compose.yml docker-compose.test.yml version: '3' services: vote: build: ../vote/ ports: ["80"] depends_on: - redis - db networks: - front-tier - back-tier result: ... worker: ... redis: ... db: ... version: '3' services: test: build: ./tests/ depends_on: - vote - result - worker vote: ... result: ... worker: ... redis: ... db: ... Create new one-off application environment Create service to run integration tests
  • 22. Configurations can be reused with many tools OSS Jenkins Jenkins X Hosted SaaS Circle CI CodeShip Travis CI Azure DevOps Supported on-prem CloudBees CloudBees Jenkins Distribution Circle CI Bamboo TeamCity GitLab and plenty more!
  • 23. Parallel Testing with Docker ● Theory: employ task parallelism to split work across parallel computers (containers) ○ Think of your container as just one process, and split testing loads across processes ○ Improve performance on-demand by adding more containers ○ Manage environments simply with Docker ecosystem tools
  • 24. Parallel Testing with Docker ● In practice: most CI tools do this for you i.e. declarative pipelines in Jenkinsfile, CodeShip steps, GitLab ● Use cases ○ Test against a matrix of versions ○ Cross-compile on Linux and Windows ○ Run integration tests against different browsers ● Caution: parallelism is great for testing, but not deploying.
  • 25. Example: Windows & Linux Builds in Jenkins pipeline { agent none stages { stage("build and deploy on Windows and Linux") { parallel { stage("windows") { agent { label "windows" } stages { stage("build") {} stage("deploy") {} } } stage("linux") { agent { label "linux" } stages { stage("build") {} stage("deploy") {} } } } } } }
  • 26. Example: Selenium Grid Selenium Hub Firefox Ubuntu Chrome MacOS Safari iOS Safari MacOS Chrome Windows
  • 28. Security question Q. I’ve downloaded all of these container images, how do I know what's inside? What happens if there is an out of date package in there? How do I know which vulnerabilities are exposed? A. It's fine. They came from the DockerHub and the Dockerfile looks ok…
  • 29. The Old World Host Operating System, Kernel… Devs Ops App1 App 2 App3 Java Python .Net
  • 30. The New World Host Operating System, Kernel…. Devs Ops Who’s giving this TLC? App1 App 2 App3 Java Python .Net
  • 31. Maybe we can check the Dockerfile? # Pull base image FROM oracle/serverjre:8 # Maintainer LABEL MAINTAINER=”bruno.borges@oracle.com” ENV ORACLE_HOME=/u01/oracle USER_MEM_ARGS="-Djava.security.egd=file:/ dev/./urandom" PATH=$PATH:/usr/java/default/bin:/u01/ora cle/oracle_common/common/bin RUN mkdir -p /u01 && ... Oracle Weblogic 12.1.3 Image FROM oraclelinux:7-slim LABEL MAINTAINER=”bruno.borges@oracle.com” ENV JAVA_PKG=server-jre-8u*-linux-x64.tar. gz JAVA_HOME=/usr/java/default ... oracle/serverjre:8 FROM scratch LABEL MAINTAINER=”ol-ovm-info_ww@oracle.com” ADD oraclelinux-7-slim-rootfs.tar.xz / oraclelinux:7-slim
  • 32. Maybe we can check the Dockerfile? # Pull base image FROM oracle/serverjre:8 # Maintainer LABEL MAINTAINER=”bruno.borges@oracle.com” ENV ORACLE_HOME=/u01/oracle USER_MEM_ARGS="-Djava.security.egd=file:/ dev/./urandom" PATH=$PATH:/usr/java/default/bin:/u01/ora cle/oracle_common/common/bin RUN mkdir -p /u01 && ... FROM scratch LABEL MAINTAINER=”ol-ovm-info_ww@oracle.com” ADD oraclelinux-7-slim-rootfs.tar.xz / FROM oraclelinux:7-slim LABEL MAINTAINER=”bruno.borges@oracle.com” ENV JAVA_PKG=server-jre-8u*-linux-x64.tar. gz JAVA_HOME=/usr/java/default ... Oracle Weblogic 12.1.3 Image oracle/serverjre:8 oraclelinux:7-slim
  • 34. How do I control what runs in my cluster?? Enforcing “Corporate Standards” or Best Practises to all of the container images within your environment: ○ Everyone builds from “myco/base:1” or “myco/base:2” ○ Container Images shouldn’t run as root by default You can add stages in to your Pipeline to make this happen! ○ Linting Dockerfiles (fromlatest, hadolint + many more) ○ Policy Engines (Anchore Engine, used within SysDig)
  • 35. How do I control what runs in my cluster?? Enforcing that the “production” images are the only images that can run on my cluster. $ kubectl apply -f exampleapp.yaml Error from server (Forbidden): error when creating "exampleapp.yaml": pods "nginx" is forbidden: one or more container images do not meet the required signing policy: [nginx: image did not meet required signing policy] $ docker run nginx:latest docker: Error response from daemon: image did not meet required signing policy.
  • 36. Automating your Pipeline with a Private Registry Automated Image Promotion dev/example qa/example Developer Pushes an Image to DTR Promotion Policy verifies that the image has no vulnerabilities. Webhooks at every step
  • 38. The Software Supply Chain New Code Lands in SCM Jenkins - Builds new Image from SCM Image Uploaded to Registry If Image has no vulnerabilities. Move to testing. Jenkins Pipeline runs QA on the Image. Security Team, sign off on image. Moves to Production. New Image lands in Production Jenkins Pipeline Creates the Deployment from Templates App Successfully Deployed to Docker EE Cluster. Continuous Integration Continuous Deployment
  • 39. Out-of-the-Box Features Modern orchestration systems come pre-baked with many deployment features. The work is already done for you! This means that your pipeline needs to monitor for status updates, but not implement the functionality.
  • 40. Deployment Strategies Rolling Update Update containers one-by-one (or in groups), so that the application has no downtime. It’s possible for two versions of the software to be deployed at the same time.
  • 45. In practice: Rolling Updates and Auto-Rollbacks Swarm and Kubernetes handle this for you -- no need to custom build service: build: myapp/myservice image: ${REGISTRY-127.0.0.1:5000}/myservice:${TAG-latest} deploy: replicas: 7 update_config: delay: 5s failure_action: rollback max_failure_ratio: .5 monitor: 5s parallelism: 1 docker stack
  • 46. In practice: Rolling Updates and Auto-Rollbacks ... strategy: type: RollingUpdate #this is the default rollingUpdate: maxSurge: 1 maxUnavailable: 1 Swarm and Kubernetes handle this for you -- no need to custom build kubernetes deployment
  • 48. The Software Supply Chain New Code Lands in SCM Jenkins - Builds new Image from SCM Image Uploaded to Registry If Image has no vulnerabilities. Move to testing. Jenkins Pipeline runs QA on the Image. Security Team, sign off on image. Moves to Production. New Image lands in Production Jenkins Pipeline Creates the Deployment from Templates App Successfully Deployed to Docker EE Cluster. Continuous Integration Continuous Deployment
  • 50. Rate & Share Rate this session in the DockerCon App Follow Laura @rhein_wein Follow Olly @ollypom Tweet #DockerCon