|

How to Dockerize and Deploy Apps Using CI/CD

Bystoretag

Docker and CI/CD pipelines are a powerful combination for automating application delivery. Docker simplifies the packaging of applications, and CI/CD pipelines streamline the process of building, testing, and deploying those applications to different environments.

This guide walks you through the entire process of Dockerizing your app, integrating it with CI/CD pipelines, publishing Docker images to registries like Docker Hub, Google Container Registry (GCR), or AWS Elastic Container Registry (ECR), and deploying them to staging/production environments. We’ll also address security concerns such as managing secrets and signing Docker images.

Table of Contents

  1. Why Use Docker with CI/CD?
  2. Step 1: Building and Pushing Docker Images in a CI/CD Pipeline
  3. Step 2: Publishing Images to Docker Hub, GCR, or ECR
  4. Step 3: Deploying to Staging or Production
  5. Step 4: Ensuring Security (Secrets Management and Image Signing)
  6. Final Thoughts

Why Use Docker with CI/CD?

Docker enables developers to package their application, along with its dependencies, into standardized containers. When integrated with CI/CD pipelines, Docker delivers several benefits:

  1. Consistency Across Environments
    • A Docker container ensures that the app behaves the same in development, testing, staging, and production.
  2. Easy Scalability
    • Docker containers can be deployed and scaled with orchestration tools like Kubernetes.
  3. Streamlined Pipelines
    • CI/CD pipelines automate Docker builds, running tests inside containers, and pushing images to registries.
  4. Improved Collaboration
    • Teams can collaborate effectively with consistent Docker images used throughout the delivery pipeline.

Step 1: Building and Pushing Docker Images in a CI/CD Pipeline

CI/CD pipelines automate the process of building and pushing Docker images to a container registry.

Example App Code Structure

Assume we have a Node.js application with the following structure:

my-node-app/
  ├── Dockerfile
  ├── app.js
  ├── package.json
  └── package-lock.json

Sample Dockerfile:

# Use Node.js base image
FROM node:16

# Set working directory inside the container
WORKDIR /usr/src/app

# Copy package files and install dependencies
COPY package*.json ./
RUN npm install

# Copy application files
COPY . .

# Expose the port and run the app
EXPOSE 3000
CMD ["node", "app.js"]

Sample YAML Pipeline for Docker

Here’s a pipeline setup for GitHub Actions to build and push Docker images to Docker Hub:

name: CI/CD Pipeline - Docker

on:
  push:
    branches:
      - main

jobs:
  build-and-push:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    - name: Log in to Docker Hub
      uses: docker/login-action@v2
      with:
        username: ${{ secrets.DOCKER_USERNAME }}
        password: ${{ secrets.DOCKER_PASSWORD }}

    - name: Build Docker image
      run: docker build -t my-dockerhub-user/my-node-app:${{ github.sha }} .

    - name: Push Docker image
      run: docker push my-dockerhub-user/my-node-app:${{ github.sha }}

Key Points:

  • docker/login-action@v2 logs in to Docker Hub using credentials stored as GitHub secrets.
  • The image tag includes the Git SHA (${{ github.sha }}) for versioning.
  • docker build and docker push automate image creation and publishing.

Step 2: Publishing Images to Docker Hub, GCR, or ECR

Once the Docker image is built, it needs to be published to a container registry. Here’s how to handle different registries:

Publishing to Docker Hub

Add your Docker Hub credentials (username and password) to the CI/CD pipeline as secrets or environment variables.

Command to tag and push an image to Docker Hub:

docker tag my-node-app my-dockerhub-user/my-node-app:v1.0.0
docker push my-dockerhub-user/my-node-app:v1.0.0

Publishing to Google Container Registry (GCR)

  1. Authenticate with GCR: gcloud auth configure-docker
  2. Tag and Push the Image: docker tag my-node-app gcr.io/my-project-id/my-node-app:v1.0.0 docker push gcr.io/my-project-id/my-node-app:v1.0.0

Publishing to AWS Elastic Container Registry (ECR)

  1. Authenticate with ECR: aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com
  2. Tag and Push the Image: docker tag my-node-app <account-id>.dkr.ecr.<region>.amazonaws.com/my-node-app:v1.0.0 docker push <account-id>.dkr.ecr.<region>.amazonaws.com/my-node-app:v1.0.0

Tip: Use CI/CD tools to automate these steps with corresponding plugins or CLI integrations.

Step 3: Deploying to Staging or Production

After the Docker image is uploaded, it’s ready to be deployed to staging or production environments. The deployment approach depends on the orchestration tool being used.

Deploying to Kubernetes

Here’s a sample Kubernetes Deployment YAML using the Docker image:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-node-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-node-app
  template:
    metadata:
      labels:
        app: my-node-app
    spec:
      containers:
      - name: my-node-app
        image: my-dockerhub-user/my-node-app:v1.0.0
        ports:
        - containerPort: 3000

Apply this configuration:

kubectl apply -f deployment.yaml

Using CI/CD for Deployment

Integrate Kubernetes deployments into your CI/CD pipeline:

- name: Apply Kubernetes deployment
  run: kubectl apply -f deployment.yaml
  env:
    KUBECONFIG_DATA: ${{ secrets.KUBE_CONFIG }}

For other platforms like AWS ECS or Azure App Services, adapt the deployment steps appropriately.

Step 4: Ensuring Security (Secrets Management and Image Signing)

Security is critical in a CI/CD pipeline to protect sensitive information and ensure reliable deployments.

Secrets Management

  1. Use Secure Storage
    • Store credentials (like Docker Hub keys, AWS tokens) in CI/CD secret managers or environment variables.
  2. Secrets in GitHub Actions
    • Add secrets via Settings → Secrets → Actions.

Example Usage:

with:
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
  1. Kubernetes Secrets
    Store Docker registry credentials as Kubernetes secrets: kubectl create secret docker-registry regcred \ --docker-username=<username> \ --docker-password=<password>

Signing Docker Images

  1. Why Sign Images?
    Image signing verifies the integrity and authenticity of containers to prevent unauthorized modifications.
  2. Enable Image Signing (Using Cosign) cosign sign --key <key-file> my-dockerhub-user/my-node-app:v1.0.0
  3. Verify Signed Images cosign verify my-dockerhub-user/my-node-app:v1.0.0

Final Thoughts

Automating Docker image creation and deployment with CI/CD pipelines significantly enhances development workflows. By leveraging tools like Docker, Kubernetes, and CI/CD platforms, teams can deliver consistent, secure applications to production more efficiently.

Follow the outlined steps to Dockerize your app, set up automated pipelines, and deploy confidently. Don’t overlook security practices like managing secrets and signing images to protect your application throughout its lifecycle. Experiment with these CI/CD practices and refine your pipelines for seamless deployments!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *