- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- 5 network automation startups to watch
- 4 Security Controls Keeping Up with the Evolution of IT Environments
- ICO Warns of Festive Mobile Phone Privacy Snafu
- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
How Kinsta Improved the End-to-End Development Experience by Dockerizing Every Step of the Production Cycle | Docker
Guest author Amin Choroomi is an experienced software developer at Kinsta. Passionate about Docker and Kubernetes, he specializes in application development and DevOps practices. His expertise lies in leveraging these transformative technologies to streamline deployment processes and enhance software scalability.
One of the biggest challenges of developing and maintaining cloud-native applications at the enterprise level is having a consistent experience through the entire development lifecycle. This process is even harder for remote companies with distributed teams working on different platforms, with different setups, and asynchronous communication.
At Kinsta, we have projects of all sizes for application hosting, database hosting, and managed WordPress hosting. We need to provide a consistent, reliable, and scalable solution that allows:
- Developers and quality assurance teams, regardless of their operating systems, to create a straightforward and minimal setup for developing and testing features.
- DevOps, SysOps, and Infrastructure teams to configure and maintain staging and production environments.
Overcoming the challenge of developing cloud-native applications on a distributed team
At Kinsta, we rely heavily on Docker for this consistent experience at every step, from development to production. In this article, we’ll walk you through:
- How to leverage Docker Desktop to increase developers’ productivity.
- How we build Docker images and push them to Google Container Registry via CI pipelines with CircleCI and GitHub Actions.
- How we use CD pipelines to promote incremental changes to production using Docker images, Google Kubernetes Engine, and Cloud Deploy.
- How the QA team seamlessly uses prebuilt Docker images in different environments.
Using Docker Desktop to improve the developer experience
Running an application locally requires developers to meticulously prepare the environment, install all the dependencies, set up servers and services, and make sure they are properly configured. When you run multiple applications, this approach can be cumbersome, especially when it comes to complex projects with multiple dependencies. And, when you introduce multiple contributors with multiple operating systems, chaos is installed. To prevent this, we use Docker.
With Docker, you can declare the environment configurations, install the dependencies, and build images with everything where it should be. Anyone, anywhere, with any OS can use the same images and have exactly the same experience as anyone else.
Declare your configuration with Docker Compose
To get started, you need to create a Docker Compose file, docker-compose.yml
. This is a declarative configuration file written in YAML format that tells Docker your application’s desired state. Docker uses this information to set up the environment for your application.
Docker Compose files come in handy when you have more than one container running and there are dependencies between containers.
To create your docker-compose.yml
file:
- Start by choosing an
image
as the base for our application. Search on Docker Hub to find a Docker image that already contains your app’s dependencies. Make sure to use a specific image tag to avoid errors. Using thelatest
tag can cause unforeseen errors in your application. You can use multiple base images for multiple dependencies — for example, one for PostgreSQL and one for Redis. - Use
volumes
to persist data on your host if you need to. Persisting data on the host machine helps you avoid losing data if Docker containers are deleted or if you have to recreate them. - Use
networks
to isolate your setup to avoid network conflicts with the host and other containers. It also helps your containers to find and communicate with each other easily.
Bringing it all together, we have a docker-compose.yml
that looks like this:
```yaml
version: '3.8'
services:
db:
image: postgres:14.7-alpine3.17
hostname: mk_db
restart: on-failure
ports:
- ${DB_PORT:-5432}:5432
volumes:
- db_data:/var/lib/postgresql/data
environment:
POSTGRES_USER: ${DB_USER:-user}
POSTGRES_PASSWORD: ${DB_PASSWORD:-password}
POSTGRES_DB: ${DB_NAME:-main}
networks:
- mk_network
redis:
image: redis:6.2.11-alpine3.17
hostname: mk_redis
restart: on-failure
ports:
- ${REDIS_PORT:-6379}:6379
networks:
- mk_network
volumes:
db_data:
networks:
mk_network:
name: mk_network
```
Containerize the application
Build a Docker image for your application
To begin, we need to build a Docker image using a Dockerfile
, and then call that from docker-compose.yml
.
Follow these five steps to create your Dockerfile
file:
1. Start by choosing an image as a base. Use the smallest base image that works for the app. Usually, alpine images are minimal with nearly zero extra packages installed. You can start with an alpine image and build on top of that:
```docker
FROM node:18.15.0-alpine3.17
```
2. Sometimes you need to use a specific CPU architecture to avoid conflicts. For example, suppose that you use an arm64-based
processor but you need to build an amd64
image. You can do that by specifying the -- platform
in Dockerfile
:
```docker
FROM --platform=amd64 node:18.15.0-alpine3.17
```
3. Define the application directory and install the dependencies and copy the output to your root directory:
```docker
WORKDIR /opt/app
COPY package.json yarn.lock ./
RUN yarn install
COPY . .
```
4. Call the Dockerfile
from docker-compose.yml
:
```yaml
services:
...redis
...db
app:
build:
context: .
dockerfile: Dockerfile
platforms:
- "linux/amd64"
command: yarn dev
restart: on-failure
ports:
- ${PORT:-4000}:${PORT:-4000}
networks:
- mk_network
depends_on:
- redis
- db
```
5. Implement auto-reload so that when you change something in the source code, you can preview your changes immediately without having to rebuild the application manually. To do that, build the image first, then run it in a separate service:
```yaml
services:
... redis
... db
build-docker:
image: myapp
build:
context: .
dockerfile: Dockerfile
app:
image: myapp
platforms:
- "linux/amd64"
command: yarn dev
restart: on-failure
ports:
- ${PORT:-4000}:${PORT:-4000}
volumes:
- .:/opt/app
- node_modules:/opt/app/node_modules
networks:
- mk_network
depends_on:
- redis
- db
- build-docker
volumes:
node_modules:
```
Pro tip: Note that node_modules
is also mounted explicitly to avoid platform-specific issues with packages. This means that, instead of using the node_modules
on the host, the Docker container uses its own but maps it on the host in a separate volume.
Incrementally build the production images with continuous integration
The majority of our apps and services use CI/CD for deployment, and Docker plays an important role in the process. Every change in the main branch immediately triggers a build pipeline through either GitHub Actions or CircleCI. The general workflow is simple: It installs the dependencies, runs the tests, builds the Docker image, and pushes it to Google Container Registry (or Artifact Registry). In this article, we’ll describe the build step.
Building the Docker images
We use multi-stage builds for security and performance reasons.
Stage 1: Builder
In this stage, we copy the entire code base with all source and configuration, install all dependencies, including dev dependencies, and build the app. It creates a dist/
folder and copies the built version of the code there. This image is way too large, however, with a huge set of footprints to be used for production. Also, as we use private NPM registries, we use our private NPM_TOKEN
in this stage as well. So, we definitely don’t want this stage to be exposed to the outside world. The only thing we need from this stage is the dist/
folder.
Stage 2: Production
Most people use this stage for runtime because it is close to what we need to run the app. However, we still need to install production dependencies, and that means we leave footprints and need the NPM_TOKEN
. So, this stage is still not ready to be exposed. Here, you should also note the yarn cache clean
on line 19. That tiny command cuts our image size by up to 60 percent.
Stage 3: Runtime
The last stage needs to be as slim as possible with minimal footprints. So, we just copy the fully baked app from production and move on. We put all those yarn and NPM_TOKEN
stuff behind and only run the app.
This is the final Dockerfile.production
:
```docker
# Stage 1: build the source code
FROM node:18.15.0-alpine3.17 as builder
WORKDIR /opt/app
COPY package.json yarn.lock ./
RUN yarn install
COPY . .
RUN yarn build
# Stage 2: copy the built version and build the production dependencies FROM node:18.15.0-alpine3.17 as production
WORKDIR /opt/app
COPY package.json yarn.lock ./
RUN yarn install --production && yarn cache clean
COPY --from=builder /opt/app/dist/ ./dist/
# Stage 3: copy the production ready app to runtime
FROM node:18.15.0-alpine3.17 as runtime
WORKDIR /opt/app
COPY --from=production /opt/app/ .
CMD ["yarn", "start"]
```
Note that, for all the stages, we start copying package.json
and yarn.lock
files first, installing the dependencies, and then copying the rest of the code base. The reason for this is that Docker builds each command as a layer on top of the previous one, and each build could use the previous layers if available and only build the new layers for performance purposes.
Let’s say you have changed something in src/services/service1.ts
without touching the packages. That means the first four layers of the builder stage are untouched and could be reused. This approach makes the build process incredibly faster.
Pushing the app to Google Container Registry through CircleCI pipelines
There are several ways to build a Docker image in CircleCI pipelines. In our case, we chose to use circleci/gcp-gcr orbs
:
Minimum configuration is needed to build and push our app, thanks to Docker.
```yaml
executors:
docker-executor:
docker:
- image: cimg/base:2023.03
orbs:
gcp-gcr: circleci/[email protected]
jobs:
...
deploy:
description: Build & push image to Google Artifact Registry
executor: docker-executor
steps:
...
- gcp-gcr/build-image:
image: my-app
dockerfile: Dockerfile.production
tag: ${CIRCLE_SHA1:0:7},latest
- gcp-gcr/push-image:
image: my-app
tag: ${CIRCLE_SHA1:0:7},latest
```
Pushing the app to Google Container Registry through GitHub Actions
As an alternative to CircleCI, we can use GitHub Actions to deploy the application continuously.
We set up gcloud
and build and push the Docker image to gcr.io
:
```yaml
jobs:
setup-build:
name: Setup, Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/[email protected]
- name: Get Image Tag
run: |
echo "TAG=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- uses: google-github-actions/[email protected]
with:
service_account_key: ${{ secrets.GCP_SA_KEY }}
project_id: ${{ secrets.GCP_PROJECT_ID }}
- run: |-
gcloud --quiet auth configure-docker
- name: Build
run: |-
docker build
--tag "gcr.io/${{ secrets.GCP_PROJECT_ID }}/my-app:$TAG"
--tag "gcr.io/${{ secrets.GCP_PROJECT_ID }}/my-app:latest"
.
- name: Push
run: |-
docker push "gcr.io/${{ secrets.GCP_PROJECT_ID }}/my-app:$TAG"
docker push "gcr.io/${{ secrets.GCP_PROJECT_ID }}/my-app:latest"
```
With every small change pushed to the main branch, we build and push a new Docker image to the registry.
Deploying changes to Google Kubernetes Engine using Google Delivery Pipelines
Having ready-to-use Docker images for each and every change also makes it easier to deploy to production or roll back in case something goes wrong. We use Google Kubernetes Engine to manage and serve our apps, and we use Google Cloud Deploy and Delivery Pipelines for our continuous deployment process.
When the Docker image is built after each small change (with the CI pipeline shown previously), we take one step further and deploy the change to our dev cluster using gcloud
. Let’s look at that step in CircleCI pipeline:
```yaml
- run:
name: Create new release
command: gcloud deploy releases create release-${CIRCLE_SHA1:0:7} --delivery-pipeline my-del-pipeline --region $REGION --annotations commitId=$CIRCLE_SHA1 --images my-app=gcr.io/${PROJECT_ID}/my-app:${CIRCLE_SHA1:0:7}
```
This step triggers a release process to roll out the changes in our dev Kubernetes cluster. After testing and getting the approvals, we promote the change to staging and then production. This action is all possible because we have a slim isolated Docker image for each change that has almost everything it needs. We only need to tell the deployment which tag to use.
How the Quality Assurance team benefits from this process
The QA team needs mostly a pre-production cloud version of the apps to be tested. However, sometimes they need to run a prebuilt app locally (with all the dependencies) to test a certain feature. In these cases, they don’t want or need to go through all the pain of cloning the entire project, installing npm packages, building the app, facing developer errors, and going over the entire development process to get the app up and running.
Now that everything is already available as a Docker image on Google Container Registry, all the QA team needs is a service in Docker compose file:
```yaml
services:
...redis
...db
app:
image: gcr.io/${PROJECT_ID}/my-app:latest
restart: on-failure
ports:
- ${PORT:-4000}:${PORT:-4000}
environment:
- NODE_ENV=production
- REDIS_URL=redis://redis:6379
- DATABASE_URL=postgresql://${DB_USER:-user}:${DB_PASSWORD:-password}@db:5432/main
networks:
- mk_network
depends_on:
- redis
- db
```
With this service, the team can spin up the application on their local machines using Docker containers by running:
```shell
docker compose up
```
With this service, the team can spin up the application on their local machines using Docker containers by running:
```shell
docker compose up
```
This is a huge step toward simplifying testing processes. Even if QA decides to test a specific tag of the app, they can easily change the image tag on line 6 and re-run the Docker compose command. Even if they decide to compare different versions of the app simultaneously, they can easily achieve that with a few tweaks. The biggest benefit is to keep our QA team away from developer challenges.
Advantages of using Docker
- Almost zero footprints for dependencies: If you ever decide to upgrade the version of Redis or PostgreSQL, you can just change one line and re-run the app. There’s no need to change anything on your system. Additionally, if you have two apps that both need Redis (maybe even with different versions) you can have both running in their own isolated environment, without any conflicts with each other.
- Multiple instances of the app: There are many cases where we need to run the same app with a different command, such as initializing the DB, running tests, watching DB changes, or listening to messages. In each of these cases, because we already have the built image ready, we just add another service to the Docker compose file with a different command, and we’re done.
- Easier testing environment: More often than not, you just need to run the app. You don’t need the code, the packages, or any local database connections. You only want to make sure the app works properly, or need a running instance as a backend service while you’re working on your own project. That could also be the case for QA, Pull Request reviewers, or even UX folks who want to make sure their design has been implemented properly. Our Docker setup makes it easy for all of them to take things going without having to deal with too many technical issues.