Pro Yearly is on sale from $80 to $50! »

Make Dockerfile Great Again

Make Dockerfile Great Again

Lightning talk from Container Camp 2016 in London. Introducing the concept of dockerfile preprocessors as a way of scaling Dockerfile complexity.

98234c645fe8c935edc0fec0186d28b8?s=128

Gareth Rushgrove

September 09, 2016
Tweet

Transcript

  1. (without introducing more risk) Make Dockerfile Great Again Puppet Gareth

    Rushgrove Introducing Dockerfile Preprocessors
  2. (without introducing more risk) @garethr

  3. (without introducing more risk) Gareth Rushgrove

  4. (without introducing more risk) Introduction What and why should I

    care
  5. (without introducing more risk) Gareth Rushgrove DockerCon 2016 talk

  6. (without introducing more risk) Gareth Rushgrove Docker can build images

    automatically by reading the instructions from a Dockerfile From the official docs at https://docs.docker.com/engine/reference/builder/
  7. (without introducing more risk) Gareth Rushgrove A Dockerfile is a

    text document that contains all the commands a user could call on the command line to assemble an image. From the official docs at https://docs.docker.com/engine/reference/builder/
  8. (without introducing more risk) Gareth Rushgrove Commands you know MAINTAINER

    <name> RUN <command> CMD ["executable","param1","param2"] EXPOSE <port> [<port>...] ADD <src>... <dest> ENV <key> <value> WORKDIR /path/to/workdir USER daemon VOLUME ["/data"] ENTRYPOINT ["executable", "param1", “param2"] COPY <src>... <dest>
  9. (without introducing more risk) Gareth Rushgrove Commands you don’t ONBUILD

    [INSTRUCTION] STOPSIGNAL signal ARG <name>[=<default value>] LABEL <key>=<value> <key>=<value> <key>=<value> … HEALTHCHECK [OPTIONS] CMD command SHELL ["executable", "parameters"]
  10. (without introducing more risk) Gareth Rushgrove Dockerfile is simple! FROM

    scratch COPY hello / CMD ["/hello"]
  11. (without introducing more risk) Gareth Rushgrove Dockerfile is complex! RUN

    apt-get update && \ apt-get install -y wget=1.17.1-1ubuntu1 && \ wget https://apt.example.com/release-"$UBUNTU_CODENAME". dpkg -i release-"$UBUNTU_CODENAME".deb && \ rm release-"$UBUNTU_CODENAME".deb && \ apt-get update && \ apt-get install --no-install-recommends -y package=0.1.2 apt-get clean && \ rm -rf /var/lib/apt/lists/*
  12. (without introducing more risk) Gareth Rushgrove Dockerfile is a great

    80% solution, but how can we better manage and maintain lots of them?
  13. (without introducing more risk) Preprocessing Adding domain specific extensions

  14. (without introducing more risk) Gareth Rushgrove Dynamic label injection

  15. (without introducing more risk) Gareth Rushgrove Custom operations FROM alpine:3.4

    MAINTAINER Gareth Rushgrove "gareth@puppet.com" DATETIME_LABEL VCS_LABEL
  16. (without introducing more risk) Gareth Rushgrove Stdin is my friend

    $ cat Dockerfile | dockerfilepp-labels
  17. (without introducing more risk) Gareth Rushgrove Now a valid Dockerfile

    FROM alpine:3.4 MAINTAINER Gareth Rushgrove "gareth@puppet.com" LABEL com.example.datetime="2016-09-06T10:53:35+01:00" LABEL com.example.vcs-ref="da3a8068c237137b3b468445b482cc307
  18. (without introducing more risk) Gareth Rushgrove Application example

  19. (without introducing more risk) Gareth Rushgrove Encapsulate complexity, making sharing

    more than just copy-and-paste
  20. (without introducing more risk) Gareth Rushgrove Custom operations FROM ubuntu:16.04

    MAINTAINER Gareth Rushgrove "gareth@puppet.com" ENV PUPPET_AGENT_VERSION="1.6.2" \ R10K_VERSION="2.2.2" \ UBUNTU_CODENAME="xenial" PUPPET_INSTALL PUPPET_COPY_PUPPETFILE PUPPET_COPY_MANIFESTS manifests PUPPET_RUN manifests/nginx.pp
  21. (without introducing more risk) Gareth Rushgrove Composition $ cat Dockerfile

    \ | dockerfilepp-labels \ | dockerfilepp-puppet
  22. (without introducing more risk) Gareth Rushgrove FROM ubuntu:16.04 MAINTAINER Gareth

    Rushgrove "gareth@puppet.com" ENV PUPPET_AGENT_VERSION="1.6.2" \ R10K_VERSION="2.2.2" \ UBUNTU_CODENAME="xenial" RUN apt-get update && \ apt-get install -y wget=1.17.1-1ubuntu1 && \ wget https://apt.puppetlabs.com/puppetlabs-release-pc1-" dpkg -i puppetlabs-release-pc1-"$UBUNTU_CODENAME".deb && rm puppetlabs-release-pc1-"$UBUNTU_CODENAME".deb && \ apt-get update && \ apt-get install --no-install-recommends -y puppet-agent= apt-get clean && \ rm -rf /var/lib/apt/lists/* RUN /opt/puppetlabs/puppet/bin/gem install r10k:"$R10K_VERSI Complexity in one place
  23. (without introducing more risk) DEMO

  24. (without introducing more risk) Conclusions I’m sold, what next?

  25. - Feedback on the idea - Build your own preprocessors

    - Hack on the dockerfilepp library Gareth Rushgrove
  26. (without introducing more risk) Gareth Rushgrove dockerfilepp Go library

  27. (without introducing more risk) Gareth Rushgrove MAKE DOCKERFILE GREAT AGAIN!

    PREPROCESSORS
  28. (without introducing more risk) Thanks Any questions?