Completed
Zero to production-ready: a best-practices process for Docker packaging Itamar Turner-Trauring
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Zero to Production-Ready - A Best-Practices Process for Docker Packaging
Automatically move to the next video in the Classroom when playback concludes
- 1 Zero to production-ready: a best-practices process for Docker packaging Itamar Turner-Trauring
- 2 complicated: Processes! • Packaging interacts with multiple organizational processes: Software development
- 3 Today: learn a packaging process 1. You have limited time at work, can get interrupted at any moment 2. Many best practices. Which should you do first 3. You need an iterative Dockerizing processi Mo…
- 4 A six steps packaging process 1. Get something working 2. Security
- 5 Example: Listen on 0.0.0.0 . Problem: If you listen on 127.0.0.1, that's localhost inside the container . No one else can talk to a different computer container's localhost. • Solution listen on 0.0.…
- 6 Security . Before you can deploy anything publicly, it needs to be secure . So we do that next
- 7 Example: Update system packages
- 8 Interlude: Packaging requires ongoing processes . Example best practices so far are done once. during initial packaging • Packaging isn't just about configuration files though • You also need ongoing…
- 9 Example: Security updates . Docker images are immutable artifacts, security updates require new image . Need ongoing process to: 1. Learn about security updates to dependencies 2. Update dependencies…
- 10 Integrating with your development process . Packaging interacts with how your team
- 11 Example: Run security scanners . trivy can scan both Python dependencies and system packages for known security issues • bandit will find potential vulnerabilities in your code.eg SQL injection or us…
- 12 Example: Tag based on branch . You want to build image for feature branch 123-more-cowbell automatically • You want production not to be impacted.
- 13 Operational correctness and debuggability .Youve started automatically building and probably deploying • It's running in production! . Want it to run well in production • More likely to see errors, l…
- 14 Example: Make images identifiable Tags are not embedded in the image so can't be used to identify an image • Identity can be embedded using labels.
- 15 Reproducibility . This week, your major dependencies probably won't change dramatically . Over six months, some of them will. • Over two years, most of them will. So next, you want reproducible build…
- 16 Reproducibility as a process . Latest dependencies on every rebuild: No reproducibility • Thus: pin (freeze) your application dependencies (pip-tools/poetrypipenu). • If you don't update: obsolete de…
- 17 Example: Choose a stable base image . You'll want a Linux os which does security updates while still guaranteeing backwards compatibility for example Ubuntu LTS, Debian Stable, or Red Hat Enterprise …
- 18 5. Example: Pin Python dependencies pip-tools can turn this requirements. In
- 19 Faster builds and smaller images . Your images are now packaged correctly, so now you can focus on optimizations. . Your time is expensive, you don't want to wait for builds • Smaller images can spee…
- 20 Example: Don't use Alpine Linux Alpine Linux can't use most precompiled wheels from PyPI. • As a result, you need to compile (almost) everything • Examples install pandas and matplotlib. python: 3.8-…
- 21 Example: Disable pip's caching . By default pip keeps copies of the downloaded package, in case you reinstall later, . This wastes space, increasing image size, and you won't need it
- 22 Recap of steps 1. Get something working 2. Security
- 23 Packaging isn't just about artifacts . Dockerizing requires artifacts: Dockerfile. builds scripts, etc. . But packaging also interacts with and requires processes! Interacts with development processe…