Kathleen Juell, Digital Ocean -
Containers are an essential part of today's microservice ecosystem, as they allow developers and operators to maintain standards of reliability and reproducibility in fast-paced deployment scenarios. And while there are best practices that extend across stacks in containerized environments, there are also things that make each stack distinct, starting with the application image itself.
This talk will dive into some of these particularities, both at the image and service level, while also covering general best practices for building and running Node applications with database backends using Docker and Compose.
16. Dockerfile
CODE EDITOR
FROM node:12-alpine
RUN apk add --update --no-cache
curl
git
vim
RUN mkdir -p /home/node/app/node_modules && chown
-R node:node /home/node/app
USER node
WORKDIR /home/node/app
1. Build the base
2. Install
container-level
dependencies
3. Set working
directory & user
17. Dockerfile
CODE EDITOR
FROM node:12-alpine
RUN apk add --update --no-cache
curl
git
vim
RUN mkdir -p /home/node/app/node_modules && chown
-R node:node /home/node/app
USER node
WORKDIR /home/node/app
COPY package*.json ./
COPY --chown=node:node . .
RUN npm install
1. Build the base
2. Install
container-level
dependencies
3. Set working
directory & user
4. Copy code, set
permissions, and
install project
dependencies
18. Dockerfile
CODE EDITOR
FROM node:12-alpine
RUN apk add --update --no-cache
curl
git
vim
RUN mkdir -p /home/node/app/node_modules && chown
-R node:node /home/node/app
USER node
WORKDIR /home/node/app
COPY package*.json ./
COPY --chown=node:node . .
RUN npm install
EXPOSE 8080
CMD [ “node”, “app.js” ]
1. Build the base
2. Install
container-level
dependencies
3. Set working
directory & user
4. Copy code, set
permissions, and
install project
dependencies
5. Expose ports and
invoke commands
24. ● Service: A running container
● Service definition: Information
about how the container will run
25. ● Service: A running container
● Service definition: Information about how
the container will run
● 12FA principles to consider: 1. Store config
in the environment & separate it from code;
2. Treat backing services as attached
resources
26. Where to look & what to do?
● Where are your database credentials defined?
● Anything else that talks to an attached service?
52. Compose
File
TODO
CODE EDITOR
certbot:
image: certbot/certbot
container_name: certbot
volumes:
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
- app_code:/var/www/html
depends_on:
- webserver
command: certonly --webroot --webroot-path=/var/www/html
--email sammy@example.com --agree-tos --no-eff-email --staging -d
example.com -d www.example.com
1. Application
images: Pull from
registry
2. Use Named
Volumes: Prefer
them over bind
mounts for app code
3. Add a web server
53. Compose
File
TODO
CODE EDITOR
webserver:
image: nginx:1.17-alpine
container_name: webserver
ports:
- "80:80"
volumes:
- app_code:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
depends_on:
- nodejs
1. Application
images: Pull from
registry
2. Use Named
Volumes: Prefer
them over bind
mounts for app code
3. Add a web server
54. Compose
File
TODO
CODE EDITOR
webserver:
image: nginx:1.17-alpine
container_name: webserver
ports:
- "80:80"
volumes:
- app_code:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
depends_on:
- nodejs
1. Application
images: Pull from
registry
2. Use Named
Volumes: Prefer
them over bind
mounts for app code
3. Add a web server
4. Docker for certs:
How To Secure a
Containerized Node
Application with Let's
Encrypt
55. How to Build and Run Node Applications With
Docker and Compose
- Kathleen Juell, Developer @ DigitalOcean, @katjuell