Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

FlexDeploy can be configured to automatically build and scan Docker images as part of your build workflow. In cases where you are running your container directly on a docker runtime you can automatically configure that here as well. 

Info
title

Getting Started

For a full walkthrough of setting up a FlexDeploy Container Project deploying to Kubernetes via Helm, check out this Getting Started guide.

...

Optionally, a path to Dockerfile can be provided. If it is empty, a default Dockerfile in a project source checkout folder is expected. If the checkout folder is empty, then a Dockerfile is expected in the root of the FD_TEMP_DIR. A Dockerfile must be present to build an image. This behavior changed slightly in 5.0.3 beta. Previously, the location was expected to be in FD_TEMP_DIR/FD_PROJECT_NAME.

...

Info

If you wish to change the location of the dockerBuildProjectImage step in your workflow, you can manually add the step anywhere you wish and FlexDeploy will no longer automatically add it at the end.

At the end of the build, the workflow execution will store a reference to the built Docker Image which is available on the Artifacts tab of the workflow execution screen.

...

The build instance must be a Docker host to use this feature, and the dockerBuildProjectImage operation of the FlexDeployDockerPlugin must be associated to the build instance. See Creating and Editing Instances for more information on how to add a plugin operation to an Instance.

Setting

Input Type

Description

Example

Image Name

Groovy

A Groovy Script that evaluates to the local image tag that should be built. This should include the full registry prefix, user repository, image name and tag.

docker.io can be omitted as a registry prefix as that is the default.

"joelwenzel/natours:"+ProjectVersion

"comp.azureio.registry/ourcompany/app:"+ProjectVersion

Registry Account

Selection

Specify a Registry Account (created in Topology->Integrations→Containers) you would like to push your image to. 

Note that this is optional and can be set in Topology Overview Properties as well.

DockerIO

Build Image

Boolean

Should FlexDeploy automatically add the buildProjectImage workflow step?

true

Push Image

Boolean

After building the image should it be pushed to the specified Registry?

true

Tag Latest

Boolean

Should the image also be tagged with 'latest'?

true

Image Scanning

FlexDeploy supports local image scanning out of the box with Anchore. The only requirement is docker being installed on your build server. The configuration here will always scan the locally built Docker image. If you want to analyze a remote image or publish results to an Anchore Engine application, you will need to modify your workflow with the appropriate Anchore Operations.

Setting

Input Type

Description

Example

Scan Image

Selection

  • No Scan - No scan will take place

  • Before Push - The built image will be scanned prior to pushing it to a registry

  • After Push - The built image will be scanned after pushing it to a registry. Note that if Push Image is false, then it will be scanned regardless.

BEFORE_PUSH

Fail When

Groovy

An optional Groovy script to determine if the scan should fail. See the Anchore Plugin for a list of variables and sample scripts.

If the script should evaluate to true (I.E. a failure) then the image building process will halt and the workflow execution will fail. 

STATUS == "fail"

Custom Policy Bundle

Plain Text

Anchore uses "policy bundles" to define analysis/scanning criteria. You can provide a custom bundle here defining your own scanning requirements. 

You can reference an absolute path on your docker build server or a relative location in your source control for the image.

anchore/customPolicy.json

Info

...

Windows Scanning

At this time, inline(local) image scanning is not supported on windows.

Info

...

Pre-deploy Scanning

The configuration shown here executes the scan during the BUILD workflow. Another option can be to execute the scan as a Pre-deploy Workflow. This has the added benefit of creating approval tasks from the scan results.

Container Settings/Deploy

...

Every setting here, apart from 'Run Container' is groovy script with ALL of the workflow execution properties available, though only a few of the commonly used are listed in the drop down.

Setting

Input Type

Description

Example

Run Container

Boolean

Should a container, using the built image and fields below, be started during the deploy workflow. Checking this as true will automatically add the 'deployProjectContainer' operation to your workflow as the first step.

true

Container Name

Groovy 

Groovy script to determine what the started container name should be. Be sure to enclose literal strings in quotes.

"myapp-"+FD_ENVIRONMENT_CODE.toLowerCase()

Volumes

Groovy

Optional Groovy script of volumes to expose to the container. Separate entries by a comma. 

hostPath:containerPath,hostPath:containerPath

"C:/data/myapp/"+FD_ENVIRONMENT_CODE.toLowerCase()+":/usr/src/app/data"

Ports

Groovy

Optional Groovy script of ports to expose. Separate entries by a comma. 

hostPort:containerPort,hostPort:containerPort

(FD_ENVIRONMENT_CODE == 'DEV' ? '80' : '89') + ":8099"

Additional Params

Groovy

Any additional parameters to the container, which will be added to the run command.

"--cidfile /test/file.cid -d -e MYVAR1"

Info

...

Empty Workflow

Note that because the deployProjectContainer is added to the workflow automatically, it is very well possible that your deploy workflow may be empty at design time. 

Info

...

Steps before deployProjectContainer

If you need to run steps prior to deploying the project container but still want to make use of the configuration above, simply add the deployProjectContainer operation anywhere in your workflow and FlexDeploy will forgo adding it automatically.

Container Status

FlexDeploy has the ability to retrieve the status of the container as well as view logs, start and stop. There are a couple of prerequisites in order to make use of this functionality.

  1. Your docker installation must have the Docker API enabled

    1. For configuring SSL see here.

  2. Create a DockerAPI account (Topology->Integrations->Container)

    1.  

      Image Modified
  3. Set the API Account on your Project under the Container Configuration tab

    1. Image Modified
  4. Finally, you must ensure the container was deployed via the deployProjectContainer operation, otherwise FlexDeploy will have no record of the container. This happens automatically by checking 'runContainer' in the Container Configuration tab.

...

With all of that complete you will have access to view and perform actions on the deployed project containers:

...

Container Monitoring

All of this information is available under Administration->Monitoring->Containers as well. On this page it will give you a snapshot of all containers running in that environment.

...