Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#250: Jib maven plugin added to make the containerization easier. #317

Closed
wants to merge 25 commits into from
Closed

#250: Jib maven plugin added to make the containerization easier. #317

wants to merge 25 commits into from

Conversation

sujith-mn
Copy link
Member

@sujith-mn sujith-mn commented Dec 3, 2020

Implements issue #250

@sujith-mn sujith-mn requested a review from hohwille December 3, 2020 08:23
Copy link
Member

@hohwille hohwille left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

github review has some UX problem: I did this review already but was interrupted and never submitted the final result. As it seems until then all my review comments remain invisble for others. Sorry, we are short on time and I wasted some more...

Comment on lines 330 to 360
<profile>
<id>docker</id>
<build>
<plugins>
<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<version>2.6.0</version>
<configuration>
<from>
<image>adoptopenjdk/openjdk11:jre-11.0.4_11-alpine</image>
</from>
<to>
<image>${project.name}/java:${project.version}</image>
</to>
<container>
<mainClass>com.devonfw.application.mtsj.SpringBootApp</mainClass>
<ports>
<port>8081</port>
</ports>
<format>OCI</format>
</container>
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>dockerBuild</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldnt we put this into the server module?
This is the only place where it makes sense to build a container from...

Copy link
Member Author

@sujith-mn sujith-mn Dec 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Configured the server pom and tested, there is no image created and no error also.
With the parent pom, there are three images getting created for api, core and server. configured api and server pom to skip image creation.
Image created successfully with core and able to run the container..

Copy link
Member

@hohwille hohwille Dec 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually neither api nor core should build the docker image but only server. The docker image must not only build but it also should work (run the application). This can only work for the bootified artifact what is only available in server.
I can not support this right now but I guess we have some missunderstanding or lack of maven detailed insights knowledge here. Maybe we move this to the next release, even though it is almost complete...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The image is tested and the application worked. Forgot to mention it in the previous comment. Anyway let's have a detail study and plan for next release.

@hohwille hohwille linked an issue Dec 10, 2020 that may be closed by this pull request
@hohwille hohwille changed the title Jib maven plugin added to make the containerization easier. #250: Jib maven plugin added to make the containerization easier. Dec 10, 2020
@hohwille hohwille changed the base branch from develop to master January 7, 2021 15:56
Copy link
Member

@hohwille hohwille left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sujith-mn Could you please catch up again on this PR? It also needs to be merged with master.
If you want, you can also reach out and have a call with me to discuss...

<artifactId>jib-maven-plugin</artifactId>
<configuration>
<!-- we don't want jib to execute on this module -->
<skip>true</skip>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is what I wrote in my review comment. It is not so good to add it to then parent pom and then having the need to disable (skip) it in all other modules. Please therefore move the plugin only to the server module that provides the deliverable of the entire app by design.

Copy link
Member Author

@sujith-mn sujith-mn Feb 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JIB plugin configured in server/pom.xml

  • Devon mvn clean package – builds the image successfully.
  • docker run --publish 8081:8081 not running, no error message also.

Copy link
Member Author

@sujith-mn sujith-mn Feb 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternatively tried different way to build:

  • mvn compile jib:build – build is failing, jib plugin is not found. the plugin is configured in the server-pom.

Comment on lines 290 to 296
<licenseMerge>Apache Software License, Version 2.0|The Apache Software License, Version 2.0|Apache
2.0|Apache License, Version 2.0</licenseMerge>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is great that you now format all the code.
Sorry, to still bother you...
But is our XML formatter in devonfw IDE missconfigured? Auto-wrapping in XML can cause damage. Are we sure this change will not break anything as maybe then Apache 2.0 will not match anymore (as a newline is now expected).

<image>${project.name}/java:${project.version}</image>
</to>
<container>
<mainClass>com.devonfw.application.mtsj.SpringBootApp</mainClass>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is wrong as this is the Classname of the My-Thai-Star application. However, this is the template to create a new application for a project that will reside in a different package. See spring-boot plugin where the same is already configured. For all these things you should consider using variables to avoid redundancies.

<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<version>2.6.0</version>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should always use variables for such versions. This is the only way for us to make devon java migrate being able to properly update such things.

<version>2.6.0</version>
<configuration>
<from>
<image>adoptopenjdk/openjdk11:jre-11.0.4_11-alpine</image>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is IMHO also like a dependency with a version. We need to keep this up-to-date and have our eyes on it to close CVEs in the future. Please also use a variable in toplevel pom of the archetype.

<container>
<mainClass>com.devonfw.application.mtsj.SpringBootApp</mainClass>
<ports>
<port>8081</port>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also use a variable here. We wont need to change this in devon java migrate in the future but if you use a variable this allows to tweak it easily on the commandline (mvn package -Dapp.container.port=8088) giving more flexibility if needed.

<ports>
<port>8081</port>
</ports>
<format>OCI</format>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume there are not many other reasonable options here so we can leave this "hardcoded".

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JIB uses exploded deployment to build docker, packaged deployment is not yet support with WAR creation. Thus configuring in the server module may not work as expected.
The other option is to keep the exploded classes from the server module to tomcat container (eg: tomcat:8.5-jre8-alpine).

As Jorge suggested, the regular deployment to external servlet container is discouraged by devon4j. With this configuration we may loose several features of spring boot.

So planning to keep the current JIB configuration.

Copy link
Member

@hohwille hohwille left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sujith-mn Thanks for the rework. Looking quite good now 👍
Remaining questions:

  • how could one provide JVM parameters for the container?
  • how could one provide a customized application.properties for the container?

@maybeec and @maihacke any concerns or feedback (jib bs. spring-boot approach)?

@maybeec
Copy link
Member

maybeec commented Mar 5, 2021

In my opinion, both questions which you raised Jörg could even be ignored.
You can easily inject / configure JVM properties by environment variables when starting the container.
Same for application.properties, which can be easily in JSON format injected or simply be mounted into the container by any cloud facilitator.

@maihacke
Copy link
Member

maihacke commented Mar 5, 2021

In my opinion, both questions which you raised Jörg could even be ignored in my opinion.
You can easily inject / configure JVM properties by environment variables when starting the container.
Same for application.properties, which can be easily in JSON format injected or simply be mounted into the container by any cloud facilitator.

I think @maybeec is right, this a general problem which is solvable by spring-boot configs mechanism (overwrite with env params, use spring-cloud-config, ...). We should explain this in the devonfw docs and give hints what to use.
I'm a bit surprised why we specify the port in the build script. Is this the internal port of the app or some exposed port of the container?

@sujith-mn
Copy link
Member Author

In my opinion, both questions which you raised Jörg could even be ignored in my opinion.
You can easily inject / configure JVM properties by environment variables when starting the container.
Same for application.properties, which can be easily in JSON format injected or simply be mounted into the container by any cloud facilitator.

I think @maybeec is right, this a general problem which is solvable by spring-boot configs mechanism (overwrite with env params, use spring-cloud-config, ...). We should explain this in the devonfw docs and give hints what to use.
I'm a bit surprised why we specify the port in the build script. Is this the internal port of the app or some exposed port of the container?

This is internal port of the app, that can be mapped while running the container.

@hohwille
Copy link
Member

hohwille commented Mar 5, 2021

In my opinion, both questions which you raised Jörg could even be ignored.
You can easily inject / configure JVM properties by environment variables when starting the container.
Same for application.properties, which can be easily in JSON format injected or simply be mounted into the container by any cloud facilitator.

Fine. So we could add some hints on this to the documentation and are done.
For spring-boot I am convinced this will work. However, it is IMHO an anti-pattern to provide secrets as env variables. How would I safely pass passwords (encrypted) to spring-boot app?
What would be the variable honored by JIB for JVM options? JAVA_OPTS or something else?

Further we had this discussion about spring-boot-maven-plugin vs. jib.
I had been convinced for jib because I was told that it does not require a local docker to build the container. However, as now clarified this is wrong. So are there any further arguments on this choice or is the decision already done for jib and against spring-boot-maven-plugin?

@hohwille
Copy link
Member

hohwille commented Mar 5, 2021

I had been convinced for jib because I was told that it does not require a local docker to build the container. However, as now clarified this is wrong.

https://spring.io/blog/2018/11/08/spring-boot-in-a-container#jib-maven-and-gradle-plugins

So it is possible. So what are our missunderstandings then @sujith-mn ? We could have the container build active by default then...

@maybeec
Copy link
Member

maybeec commented Mar 6, 2021

@hohwille not sure what you mean. I cannot read from the link what you stated in the comment. It's written there as well.... You can bould without docker being installed

@sujith-mn
Copy link
Member Author

sujith-mn commented Mar 8, 2021

Spring boot maven plugin requires docker demon.

https://docs.spring.io/spring-boot/docs/current/maven-plugin/reference/htmlsingle/#build-image

@hohwille
Copy link
Member

hohwille commented Mar 8, 2021

@hohwille not sure what you mean. I cannot read from the link what you stated in the comment. It's written there as well.... You can bould without docker being installed

@sujith-mn told that the build is not working without docker being installed and hence the activation by default has been removed:

This should be clarified:

  • Either the build works without docker being installed and the activation should be enabled by default
  • Or we should clarify why JIB is claimed to support this but in reality it is not working

@sujith-mn
Copy link
Member Author

sujith-mn commented Mar 8, 2021

The JIB docker build can be done in 3 ways.

1. Build the image and run locally
Docker daemon required to be running locally.

mvn compile jib:build

2. Build the image and upload to the registery
Docker daemon is not required in this case. But the registery url and credentials should be configured in settings.xml or pom.xml

mvn compile jib:dockerBuild

3. Build the image as tarball
Docker daemon is not required.
This saves the image to target/app-image.tar

mvn compile jib:buildTar

https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin

@hohwille
Copy link
Member

hohwille commented Mar 8, 2021

If 2. can build the image without docker, why can't it be build without deploying to a docker registry?
What would otherwise be the benefit of this feature of portability to build without local docker installation?
I am still confused.

@maybeec
Copy link
Member

maybeec commented Mar 8, 2021

What you are addressing is simply buildTar (#3).
#2 is simply a comfort function to directly build and deploy your docker image.

@sujith-mn
Copy link
Member Author

buildTar can build the tar ball and it can pushed to repository manually.
Image can be loaded to docker daemon using :

docker load --input target/jib-image.tar

@hohwille
Copy link
Member

hohwille commented Mar 9, 2021

Already above I linked this:
https://docs.spring.io/spring-boot/docs/current/maven-plugin/reference/htmlsingle/#build-image
Citation:

Probably the most interesting thing is that you don’t need docker to run it - it builds the image using the same standard output as you get from docker build but doesn’t use docker unless you ask it to - so it works in environments where docker is not installed (not uncommon in build servers).

So is this a lie or not? Cant be so hard to clarify if this this true or not.

@hohwille
Copy link
Member

hohwille commented Mar 11, 2021

Conclusion:

  • we have the container profile and in there we have the features for containerization with JIB
  • jib:buildTar runs in compile phase.
  • jib:dockerBuild should be in a separate execution in install phase.
  • documentation guide should be updated accordingly
  • as a separate story a katacoda tutorial shall be added

This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Use Jib as maven plugin to simplify the docker image building
4 participants