Docker support #6 #17
Conversation
sergeytrasko
commented
Sep 26, 2017
•
sergeytrasko
commented
- Development mode
- Live reload
- Run tests in container
- Production image
- Debugging application run in container
|
Open questions:
|
Production image
|
For production image I had to use 'chown'. There is a related PR merged (moby/moby#34263), however it's not released yet (https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce-rc1) |
Dockerfile
Outdated
| @@ -0,0 +1,21 @@ | |||
| FROM gradle:4.1-jdk8 | |||
There was a problem hiding this comment.
Can we use gradle:4.1-jdk8-alpine instead ?
There was a problem hiding this comment.
Yes, we can. Adjusted.
Dockerfile
Outdated
| ENV HOME /home/gradle | ||
|
|
||
| RUN mkdir -p $HOME/app \ | ||
| && cd $HOME/app |
There was a problem hiding this comment.
The same is achieved with WORKDIR $HOME/app
Dockerfile
Outdated
|
|
||
| WORKDIR $HOME/app | ||
|
|
||
| USER root |
There was a problem hiding this comment.
docker engine runs containers as root by default, is this required?
There was a problem hiding this comment.
'gradle' image creates own 'gradle' user and sets it as current user. Therefore switch back to 'root' to do all pre-cooking is required.
Added comment to Dockerfile.dev
Dockerfile
Outdated
| @@ -0,0 +1,21 @@ | |||
| FROM gradle:4.1-jdk8 | |||
|
|
|||
| ENV HOME /home/gradle | |||
There was a problem hiding this comment.
If this is supposed to be a root directory for our application I would use something like /opt/app instead, /home/gradle is a bit misleading because it's not just gradle which is copied there
Dockerfile
Outdated
|
|
||
| EXPOSE 8080 | ||
|
|
||
| CMD ["gradle", "bootRun"] |
There was a problem hiding this comment.
Is gradle really required to run our application? To minimize the image size and reduce the amount of processes running in a container I would suggest that we compile that app first, create an executable jar, then start over from a blank base JDK image and copy only the jar there. This is quite easily achieved with https://docs.docker.com/engine/userguide/eng-image/multistage-build/
Dockerfile.dev
Outdated
| COPY .env . | ||
| COPY settings.gradle . | ||
|
|
||
| CMD ["gradle", "bootRun"] |
There was a problem hiding this comment.
Consider using ENTRYPOINT instead of CMD to use the same Dockerfile for dev and test, see https://github.com/ctco-dev/nodejs-graphql-template/blob/issue-11-docker/Dockerfile.dev
| @@ -26,6 +26,7 @@ apply from: 'dotenv.gradle' | |||
|
|
|||
| bootRun() { | |||
| environment << dotenv | |||
| jvmArgs = ['-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005'] | |||
There was a problem hiding this comment.
Can we extract this to Dockerfile or docker-compose ?
There was a problem hiding this comment.
As discussed, there is a option to run the application using gradle from CLI and attach remote debugger from IDE.
Agree, that it is not very realistic case, but let's keep door open unless we have better solution
Part of PR feedback addressed
Part of PR feedback addressed - production build
Dockerfile
Outdated
| # Create new user to run application on behalf of | ||
| RUN addgroup -S -g 1001 app \ | ||
| && adduser -D -S -G app -u 1001 -s /bin/ash app \ | ||
| && chown -R app:app /opt/app |
There was a problem hiding this comment.
Please align arguments vertically for better readability
Formatting
Formatting
Dockerfile
Outdated
| RUN mkdir -p /opt/app | ||
| WORKDIR /opt/app | ||
|
|
||
| COPY .env . |
There was a problem hiding this comment.
I don't think that we should copy .env for prod build
There was a problem hiding this comment.
Right... Copy-paste issue
Dockerfile
Outdated
| RUN gradle clean build | ||
|
|
||
|
|
||
| # Run the application in a smil container |
There was a problem hiding this comment.
Fixed. Was not sure if to use 'small' or 'slim'...
There was a problem hiding this comment.
slim is better, my bad for suggesting small, I though you meant to write small and made a typo, slim conveys the required property of a final image better!
Dockerfile.dev
Outdated
| COPY settings.gradle . | ||
|
|
||
| # Run the build on behalf of non-root 'boot' user | ||
| USER boot |
There was a problem hiding this comment.
Do we really care which user runs the app in the dev container?
There was a problem hiding this comment.
Generally, no. Removed additional user creation
Dockerfile.dev
Outdated
| USER boot | ||
|
|
||
| # Release gradle caches if any | ||
| RUN find /opt/.gradle -type f -name "*.lock" | while read f; do rm $f; done |
There was a problem hiding this comment.
Is that generally necessary ?
There was a problem hiding this comment.
Depends... Our docker-compose.yml mounts volumes from local file system, including gradle caches to speed-up startup of the contenerized application. In case another gradle daemon is already running then application inside container will fail to start
| @@ -0,0 +1,25 @@ | |||
| FROM gradle:4.1-jdk8-alpine | |||
There was a problem hiding this comment.
Let's think how we could sync build image specification with production Dockerfile
There was a problem hiding this comment.
No idea yet, a head scratcher for me as well!
There was a problem hiding this comment.
Ideal case would be to have some kind of includes (see moby/moby#735), however it is not supported by Docker (and not clear if it will be supported).
Other solutions were using e.g. C pre-processors or similar tools to manipulate text files that also seems to be more a workaround.
For sure another alternative is KISS - the less moving parts we have in Dockerfile the less things to keep in sync.
There was a problem hiding this comment.
I agree, it’s not that big of a deal, code reviews should help keeping things in sync between the two Dockerfiles
PR feedback - don't use .env from prod - don't create a separet user for dev
Dockerfile.dev
Outdated
| COPY settings.gradle . | ||
|
|
||
| # Release gradle caches if any | ||
| RUN find /opt/.gradle -type f -name "*.lock" | while read f; do rm $f; done |
There was a problem hiding this comment.
I suggest that we keep Dockerfile as simple as humanly possible and add this one in to the documentation instead. In a troubleshooting section or something.
There was a problem hiding this comment.
@sergeytrasko please follow up on this and we can merge this one to trunk I believe
There was a problem hiding this comment.
Will do today evening
There was a problem hiding this comment.
This is not required any more (as we are not mounting local FS gradle caches any more)
- Don't mount gradle caches from local FS - Pre-fetch gradle dependencies before copying sources to cache them
