![\"\"](\"https:\/\/i0.wp.com\/bullyrooks.com\/wp-content\/uploads\/2021\/02\/1HUvygiErhuMtOg0u1VSt_g.png?w=960\")
<\/figure>\n\n\n\nSince these parts are easily upgraded and ownership is distributed, we can quickly encounter issues. But this is necessary because security is a priority for any application. Operations refers to the \u2018surface area\u2019 of security and in this application there is A LOT of surface area. There\u2019s the server that is deployed, the operating system that is running on that hardware, all of the libraries either installed with the operating system or afterward, the JDK as well as the application that was written. We need a solution that allows us to control the stack (for our functionality purposes) but also secure it (for our security needs).<\/p>\n\n\n\n
Containers<\/h4>\n\n\n\n
Docker is a solution that allows development teams to \u2018own the stack\u2019 but also provides a high level of security in that containers can be made inaccessible once they are deployed. Additionally, if we\u2019re using a microservice architecture we can easily replace one container with another (possibly on an entirely different stack) so we can have a combination of secure \u2018legacy\u2019 services that do their job and are not prioritized for updates as well as new services or upgraded services. We don\u2019t have to do sweeping OS or JDK (or other library) updates across our organization anymore because the containers lock out any vulnerabilities from being exposed. Additionally, if we get to a point where a service is so far out of date that it would take more time analyzing it and refactoring it than it would be to drop it and write it from scratch we can do that too\u2026 but we can do it on our timeline.<\/p>\n\n\n\n Additionally, each container (containing the entire stack that is needed to run the application) can be versioned and managed in an artifact repository similarly to maven.<\/p>\n\n\n\n These containers can be deployed in a container management system and the best way to secure them is to not allow access to them at all (via SSH, for example). If we\u2019re never going to be able to log into them, then the only way we\u2019re going to be able to deal with a container application that is failing is to spin up a new one and tear down the failing one. This means that our applications need to be stateless. They also need to expose all of their logs somehow (we\u2019ll get into that later). These may be major concerns for your application, so make sure that containerized applications fit your need.<\/p>\n\n\n\n This is just a really high level overview of containers and containerization. There is much better, more detailed documentation out there and you should really familiarize yourself with the tools you\u2019ll be using.<\/p>\n\n\n\n All of these features seem great and thankfully taking advantage of them is very easy.<\/p>\n\n\n\n Install the docker tool using the package manager appropriate for your operating system.<\/p>\n\n\n\n A dockerfile is going to specify the stack that is going to be created in the container. All we need is an OS and JDK so our dockerfile is very simple<\/p>\n\n\n\n Create a We can now use docker to build the image<\/p>\n\n\n\n We should see something like this in the logs:<\/p>\n\n\n\n and we can confirm with docker (the image was build to our local docker repo, just like a should return<\/p>\n\n\n\n<\/figure>\n\n\n\nContainerizing our Service<\/h3>\n\n\n\n
Install Docker<\/h4>\n\n\n\n
Create a Dockerfile<\/h4>\n\n\n\n
Dockerfile <\/code>in the root of your application.<\/p>\n\n\n\nFROM openjdk:11.0.6-jdk-slim-buster\nARG JAR_FILE<\/em>=target\/*.jar\nCOPY ${JAR_FILE<\/em>} app.jar\nENTRYPOINT [\"java\",\"-jar\",\"\/app.jar\"]<\/code><\/pre>\n\n\n\ndocker build -t medium\/medium-customer<\/code><\/pre>\n\n\n\nSuccessfully built 61c5fd6e8cc4\nSuccessfully tagged medium\/medium-customer:latest<\/code><\/pre>\n\n\n\nmvn install<\/code> would build a jar to our .m2 artifact repository)<\/p>\n\n\n\ndocker image list<\/code><\/pre>\n\n\n\nmedium\/medium-customer latest 7f9b379551d8 50 years ago 260MB<\/code><\/pre>\n\n\n\nBuild and Commit<\/h3>\n\n\n\n
git checkout -b docker\nmvn clean install\ngit add .\ngit commit -m \"dockerfile\"\ngit push --set-upstream origin jib\ngit checkout master\ngit merge jib\ngit push<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"