Put simply, Docker is the way we containerise our apps creating a consistent environment for applications to run in. The Docker container is like a barebones virtual machine with only the configuration required for the app to function. With Docker, we can deploy onto different systems & environments with minimal friction.
Although Docker configuration isn't usually a major part of a Quantexa implementation, having some basic understanding is beneficial. Starting from Quantexa Platform version 2.5, the best practice is to use the jib-gradle-plugin. In version 2.6, palantir.gradle.docker was removed from the platform. While jib doesn't rely on a Dockerfile, it still includes a docker-entrypoint.sh. As most Quantexa deployments aren't on the latest version, some fundamental knowledge remains useful.
Configuration:
Configuration is handled in the Dockerfile, and the docker-entrypoint.sh. Found in src/main/docker/ of all applications. The Dockerfile contains the commands to assemble the Image, and the docker-entrypoint.sh tells the container what to run to start the app.
Dockerfile
- Specifies the base image downloaded from a software repository manager (e.g. Nexus). Typically need to edit when upgrading to 2.6 to reflect a JRE 17 instance. The tooling assembling this image will need access to the software repository manager.
- Creates the user (typically called 'quantexa') and assigns the user ownership and execution permissions over the docker-entrypoint.sh.
- Copies the built Quantexa application jar folders into container.
- Copies the docker-entrypoint.sh file and will contain some permissions modifications.
- Sets the USER to 'quantexa'.
- Exposing only the ports that are required.
- Defines the Entrypoint command.
Some implementations copy TLS certificates stored in the repo into the container and specify file ownership, but it is generally considered best practice to mount keystore and truststore binaries as a secret.
docker-entrypoint.sh
The docker-entrypoint.sh is a bash script that runs when the container starts, with the commands required to start the application inside the container.
- Parsing additional commands that are passed in from the Helm Charts.
- Define the spring profiles required by the application. OTHER_SPRING_PROFILES_ACTIVE can be specified in the Helm Charts.
- Environment variables set in the Helm Chart which would typically change between environments.
- Contains the command that runs the application & an echo of this command at the start of the application logs. This line is similar to that found in
run-all.cmd.
Glossary of Terms:
- Image: A read-only binary file that contains the complete set of instructions to create a container, including the application code, libraries, dependencies, and runtime environments. It is built from a Dockerfile and can be versioned and shared.
- Container: A lightweight, standalone, and executable package of software that includes everything needed to run an application. It is a runtime instance of a Docker image, isolated from other containers and the host system.
- Dockerfile: A text file that contains a series of instructions on how to build a Docker image. Each instruction represents a layer in the image.
- Docker-entrypoint.sh: A script used as the entry point for the container, defining the command to run when the container starts.
- Base image: The initial image specified by the
FROM directive in a Dockerfile, serves as the foundation upon which subsequent instructions are applied to build the final image.
