While Docker has enabled an unprecedented velocity of software production, it is all too easy to spin out of control. A promotion-based model is required to control and track the flow of Docker images as much as it is required for a traditional software development lifecycle. New tools often introduce new paradigms. We will examine the patterns and the antipatterns for Docker image management, and what impact the new tools have on the battle-proven paradigms of the software development lifecycle.
18. Let’s docker build in every env!
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES
19.
20. That’s why.
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
Latest version
Latest version
Latest version
Latest version
21. That’s why.
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:14.04
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
Better now?
22. That’s why.
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
And now?
23. That’s why.
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN apt-get install -y software-properties-common python
RUN apt-get install -y nodejs
RUN mkdir /var/www
ADD app.js /var/www/app.js
CMD ["/usr/bin/node", "/var/www/app.js"]
And now?What about those?
24. That’s why.
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN mvn clean install
CMD ”java –jar Main.class"
What about this?
25. That’s why.
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES
FROM ubuntu:4033353383af19ec179c01dda7f355a246c6adcafaf93c8f98
RUN download_random_sh*t_from_the_internet.sh
CMD ["/usr/bin/node", "/var/www/app.js"]
And how about this?
26. That’s why you don’t trust Docker
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES
34. What’s up with the gates?!
- QA shouldn’t test dev images
35. What’s up with the gates?!
- QA shouldn’t test dev images
- non-tested images shouldn't be
staged
36. What’s up with the gates?!
- QA shouldn’t test dev images
- non-tested images shouldn't be
staged
- non-staged, non-tested or dev
images shouldn’t end up in
production!!!
41. How can we support this?
https://host:8081/artifactory/docker-dev/busybox
https://host:8081/artifactory/docker-staging/busybox
https://host:8081/artifactory/docker-qa/busybox
https://host:8081/artifactory/docker-prod/busybox
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES
45. Virtual hosts/ports to the rescue
https://host:port/v2/busybox
Registry host Tag name
docker tag host:port/busybox
46. Virtual hosts/ports to the rescue
https://host:8081/artifactory/docker-dev/busybox
Virtual repository name Tag name
https://host:port/v2/busybox
Context name
Registry host Tag name
docker tag host:port/busybox
47. server {
listen 5001;
server_name 192.168.99.100;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-dev/$1/$2;
…
}
}
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES
48. But then you realize…
Wait a second, now I need
to pull, retag and push for
every step?!
49.
50.
51. Anatomy of a container
@JBARUCH #DOCKERDC HTTP://JFROG.COM/SHOWNOTES