While Docker has enabled an unprecedented velocity of software production, it is all too easy to spin out of control. A promotion-based model is required to control and track the flow of Docker images as much as it is required for a traditional software development lifecycle. New tools often introduce new paradigms. We will examine the patterns and the anti-patterns for Docker image management, and what impact the new tools have on the battle-proven paradigms of the software development lifecycle.
This talk takes it from the point that everybody already understand the need in the CI/CD pipeline and some of the basic techniques are taken for granted. It’s much more about tools, processes and automation.
13. The Promotion Pyramid
Development builds
Dev Integration tests
Integr. tests
Staging
Pre-Prod
Prod
Frequency of builds
Build/Deploytime
Numberofbinaries
14. Pipeline: Quality Gates and
Visibility
Source: Agile ALM, Michael Hüttermann, Manning Publications Co.
29. What’s up with the gates?!
- QA shouldn’t test dev images
30. What’s up with the gates?!
- QA shouldn’t test dev images
- non-QA’ed images shouldn't be staged
31. What’s up with the gates?!
- QA shouldn’t test dev images
- non-QA’ed images shouldn't be staged
- non-QA’ed, non-staged or dev images
shouldn’t end up in production!
35. Wait a second, how can I
have more than one
repository per host now?!
36. How can we support this?
https://host:8081/artifactory/docker-dev/busybox
https://host:8081/artifactory/docker-staging/busybox
https://host:8081/artifactory/docker-qa/busybox
https://host:8081/artifactory/docker-prod/busybox
37. “One registry per host is
ought to be enough for
anybody.”
https://www.reddit.com/r/theydidthemath/comments/1x37rx/
request_how_much_alcohol_is_needed_to_get_a_whale
39. Virtual hosts/ports to the
rescue
https://host:8081/artifactory/docker-dev/busybox
Context name
Virtual repository name
Tag name
https://host:port/v2/busybox
40. server {
listen 5001;
server_name 192.168.99.100;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-dev/$1/$2;
…
}
}
41. But then you realize…
Wait a second, now I need
to pull, retag and push for
every step?!
44. What We’ll DO?
- Minimize number of repositories docker interacts
with
45. What We’ll DO?
- Minimize number of repositories docker interacts
with
- deploy to virtual (backed by dev repository)
46. What We’ll DO?
- Minimize number of repositories docker interacts
with
- deploy to virtual (backed by dev repository)
- promote within artifactory
47. What We’ll DO?
- Minimize number of repositories docker interacts
with
- deploy to virtual (backed by dev repository)
- promote within artifactory
- Resolve from virtual (production-ready images)
70. End users have Docker
installed
Don’t want to run/install docker-
compose
Or any other installer
Docker compose and docker client can
introduce incompatibilities
71. The Solution
- Create An “Installer” Image
- Provide variables for:
- Where to pull from
- Docker Daemon to use
- Have it run docker compose
- Install onto Client’s Docker!
73. Installer’s run.sh
Just run docker-compose with the right
command
start, stop, up, down, restart…
Check calling script version
compatibility!
74. app.sh (user
script)
Set the repo to pull from
Set up script and
application versions
Determine the docker daemon
for docker-compose to use
Run the installer image
75. The installer pattern
Docker pulls
and runs the
installer
image
app.sh
Executes
run.sh
installer image
Runs docker-
compose
run.sh
Pulls down
and installs
micro-
services
Docker daemon Docker registry
docker-compose
76. HIGH QUALITY
(software and information) SPEED LOW COST
(automation)
Fast releases > Modular > Automation
Conclusions: Release Fast or
Die!
Take the developer build all the way to prod – don’t rebuild at at state
Domain means ownership
gradle-build is triggered by source changes
Docker-framework triggered by changes to dependencies (notifications on Bintray) and Xray
Docker-app is triggered by either gradle-build or Docker-framework (if gradle-build is sufficiently fast, possibly just gradle-build)
Framework-test is downstream of Docker-framework
Docker-app-test is downstream of Docker-app
Full automation!
Triggers are different and are always testing the latest stable on the other side