Continuous Integration and Delivery with Docker

This is a guest blog by Jaroslav Holub, republished by permission. The article originally posted on the CloudBees Codeship website .

Continuous delivery is all about reducing risk and delivering value faster by producing reliable software in short iterations. As Martin Fowler says , you actually do continuous delivery if:

• Your software is deployable throughout its lifecycle.

• Your team prioritizes keeping the software deployable over working on new features.

• Anybody can get fast, automated feedback on the production readiness of their systems any time somebody makes a change to them.

• You can perform push-button deployments of any version of the software to any environment on demand.

Containerization of software allows us to further improve on this process. The biggest improvements are in speed and in the level of abstraction used as a cornerstone for further innovations in this field.

In this post, I’ll show you how to set up a continuous delivery pipeline using Docker. We’ll see how using this tool for Linux containers as part of the continuous delivery pipeline lets us nicely encapsulate the build process of a service. It also lets us deploy any revision with a few simple steps.

I’ll mainly use the term continuous delivery in this article, because it stands for the full circle of steps leading to our ultimate goal. However, continuous integration is the most substantial part of continuous delivery.

Let’s take a Hello World web server written in Go as an example service. You can find all the code used in this example on Github here .

The continuous integration setup consists of:

• running unit tests

• building the Docker image that we use to build our service

• running the build container and compiling our service

• building the Docker image that we run and deploy

• pushing the final image to a Docker registry

Running tests in this example is as trivial as it should be:

go test

The core of a single service integration is making the end artifact — Docker image in our case.

Because I’ve deliberately chosen the compiled language Go in this example, we need to build an executable file as part of our integration process. We’ll eventually place the executable file inside this Docker image.

Now one might think that we would build our web server executable file using build tools installed on the host dedicated to continuous integration and then somehow copy the binary to the Docker image. But this is a no-no in the containerized world. Let’s do it all in containers. That way, we won’t rely on any build tools installed on hosts and it’ll make the whole setup easily reproducible and encapsulated.

Building an executable file can be part of a single Docker image build process together with runtime environment setup. Or we can separate the two. Having everything in a single build process, we would end up with extra content (build process leftovers) in our Docker image filesystem, even if we clean it afterwards in separate RUN commands within the Dockerfile.

Some people use tricks to create, manipulate and remove unwanted stuff in a single RUN command. Although it’s sometimes handy, I can’t generally recommend it; in my opinion this adds to Dockerfile complexity. Of course, there are situations where you might want to retain your sources and all in the end artifact.

The approach I recommend, however, is to create separate “build” and “distribution” Dockerfiles. Use Dockerfile.build to do the heavy lifting during building the software and use Dockerfile.dist to create the distributable Docker image, as light and clean as possible.

The following is Dockerfile.build. As you can see, once we run the build file, we create the container from a golang image, compile our example service and output the binary.

<span style="font-family:Courier New,Courier,monospace;">&#x3C;pre>FROM golang:1.4 </span> 

RUN mkdir -p /tmp/build
ADD hello-world.go /tmp/build/
WORKDIR /tmp/build
RUN go build hello-world.go
CMD tar -czf - hello-world</pre>

In Dockerfile.dist , we only use this binary and run it on runtime:

<span style="font-family:Courier New,Courier,monospace;">&#x3C;pre>FROM debian:jessie </span> 

<span style="font-family:Courier New,Courier,monospace;">RUN mkdir /app </span> 
<span style="font-family:Courier New,Courier,monospace;">ADD build.tar.gz /app/ </span> 
<span style="font-family:Courier New,Courier,monospace;">ENTRYPOINT /app/hello-world&#x3C;/pre></span> 

Our build.sh script — the essential part of our continuous integration pipeline — then looks like this:

<span style="font-family:Courier New,Courier,monospace;"><em>&#x3C;pre># !/bin/sh</em> 
docker build -t hello-world-build -f Dockerfile.build .
docker run hello-world-build > build.tar.gz
docker build -t hello-world -f Dockerfile.dist .&#x3C;/pre></span> 

As you can see, these three simple Docker commands get us a clean, small Hello-World Docker image that’s ready to be deployed and run on demand. Once both images used in the FROM clauses are pulled and cached locally, our build process will be a matter of milliseconds or at most a few seconds, with a very small resources footprint.

Once our build process artifact is created, we want to push it to Docker Registry, where it will be available for deployments.

Please note that tagging images properly is very important. Docker ecosystems suffer from the usage of “latest” tag. If you use a unique tag for every new image, then all your image versions will be easily accessible for deployment in the future.

We can choose whether we want to use our own Docker Registry or rely on Docker Hub . On Docker Hub, you can store public or private repositories of images. It’s also the first place people would look for your images (if you want anyone to look for them).

Your own Docker Registry on the other hand gives you full control over your images storage, performance, and security. More advanced setups might combine both approaches.

This way you can tag the new image with an appropriate tag and push it to a public hub (replace your_username andyour_tag with actual values):

<em><span style="font-family:Courier New,Courier,monospace;">&#x3C;pre># !/bin/sh </span> </em> 
<span style="font-family:Courier New,Courier,monospace;">docker tag hello-world:latest your_username/hello-world:your_tag </span> 
<span style="font-family:Courier New,Courier,monospace;">docker push your_username/hello-world:your_tag&#x3C;/pre></span> 

Once we have our Docker images building pipeline working and images nicely stashed in a repository, we definitely want to get our service deployed.

How you deploy your applications depends on your infrastructure or cloud provider. A few cloud providers support Docker images in their APIs these days (e.g., Amazon EC2 Container Service , Digital Ocean, or Giant Swarm) . You can further leverage the power of containerized applications with resource abstraction tools like Apache Mesos (read more about running containers on Mesos ) or Google Kubernetes that let you deploy and manage containers in their own ways.

In case of our Hello World example, deploying remotely means running the following command remotely on a target machine with Docker installed on it:

<span style="font-family:Courier New,Courier,monospace;"><em>&#x3C;pre># !/bin/sh </em> 
docker stop hello-production
docker run --rm -p 8000:80 --name hello-production hello-world&#x3C;/pre></span> 

Using containerized software does not inherently mean one is implementing microservices. However, containers enable this architectural pattern because they encourage developers to split their monoliths based on separation of concerns.

Microservices also promote communication between containerized components over a plain network using standardized and easily replaceable tubes. To learn more about microservices and why they might be a good architectural pattern for your software project, I recommendBuilding Microservices by Sam Newman.

A continuous delivery pipeline with containerized software also allows you to set up a new kind of testing environment; subsets of (micro)services are deployed in small clusters that represent the system under test running with some parts intentionally disabled or disconnected.

Creation of such a matrix of deployments and programming against it has little to no additional costs in terms of a continuous integration time. It does have a dramatic impact on the stability and resilience of software in production. Such a testing system allows teams to get ready to deal with any kind of Chaos Monkey.

PS: If you liked this article you can also download the Continuous Integration and Continuous Delivery with Docker ebook. If you are interested in Docker support from CloudBees Codeship, please click here .

Building Docker containers for Go applications

What to think about with DevOps technician training

Read about CI/CD for Kubernetes cloud native apps

Learn more about go test.