Conversation
sergeytrasko
commented
Sep 26, 2017
•
edited
edited
- Development mode
- Live reload
- Run tests in container
- Production image
- Debugging application run in container
Open questions:
|
Production image
For production image I had to use 'chown'. There is a related PR merged (moby/moby#34263), however it's not released yet (https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce-rc1) |
Dockerfile
Outdated
@@ -0,0 +1,21 @@ | |||
FROM gradle:4.1-jdk8 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use gradle:4.1-jdk8-alpine
instead ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we can. Adjusted.
Dockerfile
Outdated
ENV HOME /home/gradle | ||
|
||
RUN mkdir -p $HOME/app \ | ||
&& cd $HOME/app |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The same is achieved with WORKDIR $HOME/app
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, fixed
Dockerfile
Outdated
|
||
WORKDIR $HOME/app | ||
|
||
USER root |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
docker engine runs containers as root
by default, is this required?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'gradle' image creates own 'gradle' user and sets it as current user. Therefore switch back to 'root' to do all pre-cooking is required.
Added comment to Dockerfile.dev
Dockerfile
Outdated
@@ -0,0 +1,21 @@ | |||
FROM gradle:4.1-jdk8 | |||
|
|||
ENV HOME /home/gradle |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this is supposed to be a root directory for our application I would use something like /opt/app
instead, /home/gradle
is a bit misleading because it's not just gradle
which is copied there
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adjusted
Dockerfile
Outdated
|
||
EXPOSE 8080 | ||
|
||
CMD ["gradle", "bootRun"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is gradle
really required to run our application? To minimize the image size and reduce the amount of processes running in a container I would suggest that we compile that app first, create an executable jar, then start over from a blank base JDK image and copy only the jar there. This is quite easily achieved with https://docs.docker.com/engine/userguide/eng-image/multistage-build/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adjusted
Dockerfile.dev
Outdated
COPY .env . | ||
COPY settings.gradle . | ||
|
||
CMD ["gradle", "bootRun"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider using ENTRYPOINT instead of CMD to use the same Dockerfile for dev and test, see https://github.com/ctco-dev/nodejs-graphql-template/blob/issue-11-docker/Dockerfile.dev
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, adjusted
@@ -26,6 +26,7 @@ apply from: 'dotenv.gradle' | |||
|
|||
bootRun() { | |||
environment << dotenv | |||
jvmArgs = ['-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we extract this to Dockerfile or docker-compose ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As discussed, there is a option to run the application using gradle from CLI and attach remote debugger from IDE.
Agree, that it is not very realistic case, but let's keep door open unless we have better solution
Part of PR feedback addressed
Part of PR feedback addressed - production build
Dockerfile
Outdated
# Create new user to run application on behalf of | ||
RUN addgroup -S -g 1001 app \ | ||
&& adduser -D -S -G app -u 1001 -s /bin/ash app \ | ||
&& chown -R app:app /opt/app |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please align arguments vertically for better readability
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
Formatting
Formatting
Dockerfile
Outdated
RUN mkdir -p /opt/app | ||
WORKDIR /opt/app | ||
|
||
COPY .env . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think that we should copy .env
for prod build
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right... Copy-paste issue
Dockerfile
Outdated
RUN gradle clean build | ||
|
||
|
||
# Run the application in a smil container |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo smil -> small
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. Was not sure if to use 'small' or 'slim'...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
slim
is better, my bad for suggesting small
, I though you meant to write small
and made a typo, slim
conveys the required property of a final image better!
Dockerfile.dev
Outdated
COPY settings.gradle . | ||
|
||
# Run the build on behalf of non-root 'boot' user | ||
USER boot |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really care which user runs the app in the dev container?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally, no. Removed additional user creation
Dockerfile.dev
Outdated
USER boot | ||
|
||
# Release gradle caches if any | ||
RUN find /opt/.gradle -type f -name "*.lock" | while read f; do rm $f; done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is that generally necessary ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Depends... Our docker-compose.yml mounts volumes from local file system, including gradle caches to speed-up startup of the contenerized application. In case another gradle daemon is already running then application inside container will fail to start
@@ -0,0 +1,25 @@ | |||
FROM gradle:4.1-jdk8-alpine |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's think how we could sync build image specification with production Dockerfile
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any ideas on this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No idea yet, a head scratcher for me as well!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideal case would be to have some kind of includes (see moby/moby#735), however it is not supported by Docker (and not clear if it will be supported).
Other solutions were using e.g. C pre-processors or similar tools to manipulate text files that also seems to be more a workaround.
For sure another alternative is KISS - the less moving parts we have in Dockerfile the less things to keep in sync.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, it’s not that big of a deal, code reviews should help keeping things in sync between the two Dockerfiles
PR feedback - don't use .env from prod - don't create a separet user for dev
Dockerfile.dev
Outdated
COPY settings.gradle . | ||
|
||
# Release gradle caches if any | ||
RUN find /opt/.gradle -type f -name "*.lock" | while read f; do rm $f; done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest that we keep Dockerfile
as simple as humanly possible and add this one in to the documentation instead. In a troubleshooting
section or something.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sergeytrasko please follow up on this and we can merge this one to trunk I believe
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will do today evening
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not required any more (as we are not mounting local FS gradle caches any more)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok thx
- Don't mount gradle caches from local FS - Pre-fetch gradle dependencies before copying sources to cache them