HiveBrain v1.2.0
Get Started
← Back to all entries
patterndockerMinor

On Premise CI / CD recommendations for Docker images

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
dockerforimagespremiserecommendations

Problem

We have TFS building Docker images, and loading them into a Private Registry on one network, our Development Network. Everything works well, and we are generally happy with the CI process in that environment. We have an Air-gapped Integration Network that we need to export these Docker images to, and then have something that finds them, puts them into a registry there, and then restarts a Docker swarm.

I am looking for a solution that can:

  • Watch a folder for new files



  • When a new Docker Tar file is found, load it into Docker Registry.



  • Move the Docker image that was loaded to an "archive" folder



  • Restart Docker swarm to use new images in the Registry



It seems like step 2 might not be possible directly, I might need to load it into a local Docker instance, tag it, and then push it, but if so, that's fine.

Is this something I should Jenkins for? I could just write a script in Bash or Python, but I would like to use a proper CI tool, if I can.

Solution

Jenkins Option

If you're comfortable with Jenkins and want to use a CI tool, it is a decent option.

It has multiple plugins for watching for files arriving in a file system, and at the end of the day, you can even just wrap your bash scripts into it so you have a central GUI and recorded logs. So, you're not limited in any way by it.

Inotify Option

I personally might just have a CI tool like Jenkins or GitLab-CI deploy a bash script though. Then you could use inotify to properly watch a folder and execute your script exactly when things arrive. See: https://www.howtogeek.com/405468/how-to-perform-a-task-when-a-new-file-is-added-to-a-directory-in-linux/ for an example.

Why iNotify?

In many tools, I believe you generally have to "poll", which means run over and over just to see if you have anything to do. Inotify lets you genuinely "watch" and be pushed events only when things happen. This is cleaner and more efficient as you won't have hundreds or thousands of tasks running a day that literally do nothing.

Monitoring

Note: One plus side to the pure Jenkins approachis built in monitoring. Every job run that fails can easily email/alert you. You can pull this off with the iNotify script as well, but if you don't have the right tooling for monitoring/etc in your environment, you may favor the Jenkins approach.

Context

StackExchange DevOps Q#11202, answer score: 1

Revisions (0)

No revisions yet.