3

I'm deploying an nginx instance. The dockerfile as well as the nginx configuration data and web app live in my git repository. It seems to make sense to me that this is all one git repository: the application and how to deploy it. In Dockerfile I want to say (this is simplified a bit, but the point is that I can't)

COPY web-app /serving
COPY docker/site-conf /etc/nginx/sites-enabled/

where I have this directory structure:

my-git-root
    web-app
       ...
    docker
        Dockerfile
        build.sh
        site-conf

The problem, at least in part, is that docker's context is my-git-root/docker/ .

In the spirit of immutable services, I would like the container to have a snapshot of the git repository rather than apt-get install'ing git in the container and pulling the data. But I don't see how to make this work unless I separate out docker stuff to a separate git repository, then git clone the web app on each build -- I'd rather not let anyone even be tempted to git pull in a live container.

Suggestions on a more sane workflow?

Improve this question

1 Answer 1

Reset to default
3

"In the spirit of immutable services, ... pulling the data"

If you are doing this in your dockerfile then this happens at container creation time and not runtime. Therefore each version of your container will have a specific version of the data. If you deploy your containers with tags that match the release tags of your web-app repo it will be fairly clear which version of the webapp you are running in each container.

"apt-get install'ing git"

You can use github's http interface to download a tarball of the webapp at a specific tag or commit hash and hence not be pulling in latest and possibly broken webapp.

In Dockerfile I want to say...

If you move the dockerfile to the root of the git repo you can use the copy command as you have shown as the whole code becomes part of the docker context. This is a common practice in docker repos.

"Suggestions on a more sane workflow.."

I would suggest having a generic nginx container in its own git repo that does NOT copy web-app/serving at build time. Mounting the web-app as a volume from the host machine running your code. Then you can use any method (external to docker) to get your current code state onto the server. Your docker container can be independent of the state of the code at any given time. This will help when you need to make a fix to your nginx setting without having to hunt down what code was in the container.

Sometimes you would not have access to host fs i.e. if you are running on Amazon Elastic beanstalk. In that case I would suggest having the same generic container for nginx container I mentioned above. Then have a dockerfile in the root of your web-app project which uses with myNginx:version6 and just copies the web-app folder in the correct place. This container can be deployed with myApp:SomeVersion. This way you are pulling in a well known Nginx container with any deployment related concerns and the myApp container which is versioned with your code.

There is a discussion about these approaches here in which Solomon Hykes addresses this issue.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

yes to "move the dockerfile to the root of the git repo"; -1 on "Mounting the web-app as a volume". That's not "in the spirit of immutable services".

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.