Docker Plugin¶
Docker images describe how to set up a container for running an application, including what files are present, and what program to run.
https://docs.docker.com/introduction/understanding-docker/ provides an introduction to Docker.
https://docs.docker.com/reference/builder/ describes the
Dockerfile
: a file which describes how to set up the image.
sbt-native-packager focuses on creating a Docker image which can “just run” the application built by SBT.
Note
The docker plugin depends on the Universal Plugin.
Requirements¶
You need the version 1.10 or higher of the docker console client installed. SBT Native Packager doesn’t use the REST API, but instead uses the CLI directly.
It is currently not possible to provide authentication
for Docker repositories from within the build. The docker
binary used by the build should already have been configured
with the appropriate authentication details. See https://docs.docker.com/engine/reference/commandline/login/ how to login
to a Docker registry with username and password.
Build¶
sbt docker:publishLocal
Required Settings¶
enablePlugins(DockerPlugin)
Spotify java based docker client¶
You can also use the java-based spotify Docker client. Add this to your build.sbt
enablePlugins(DockerSpotifyClientPlugin)
and this to your plugins.sbt
libraryDependencies += "com.spotify" % "docker-client" % "8.9.0"
The Docker-spotify client is a provided dependency. You have to explicitly add it on your own. It brings a lot of dependencies that could slow your build times. This is the reason the dependency is marked as provided.
Configuration¶
Settings and Tasks inherited from parent plugins can be scoped with Docker
.
mappings in Docker := mappings.value
Settings¶
Informational Settings¶
packageName in Docker
- The name of the package for Docker (if different from general name). This will only affect the image name.
version in Docker
- The version of the package for Docker (if different from general version). Often takes the form
x.y.z
.maintainer in Docker
- The maintainer of the package, recommended by the Dockerfile format.
Environment Settings¶
dockerBaseImage
- The image to use as a base for running the application. It should include binaries on the path for
chown
,mkdir
, have a discoverablejava
binary, and include the user configured bydaemonUser
(daemon
, by default).daemonUser in Docker
- The user to use when executing the application. Files below the install path also have their ownership set to this user.
dockerExposedPorts
- A list of TCP ports to expose from the Docker image.
dockerExposedUdpPorts
- A list of UDP ports to expose from the Docker image.
dockerExposedVolumes
- A list of data volumes to make available in the Docker image.
dockerLabels
- A map of labels that will be applied to the Docker image.
dockerEnvVars
- A map of environment variables that will be applied to the Docker image.
dockerEntrypoint
- Overrides the default entrypoint for docker-specific service discovery tasks before running the application. Defaults to the bash executable script, available at
bin/<script name>
in the currentWORKDIR
of/opt/docker
.dockerPermissionStrategy
The strategy that decides how file permissions are set for the working directory inside the Docker image
DockerPermissionStrategy.MultiStage
(default) uses multi-stage Docker build to call chmod ahead of time.DockerPermissionStrategy.None
does not attempt to change the file permissions, and use the host machine’s file mode bits.DockerPermissionStrategy.Run
callsRUN
in the Dockerfile. This has regression on the resulting Docker image file size.DockerPermissionStrategy.CopyChown
callsCOPY --chown
in the Dockerfile. Provided as a backward compatibility.dockerChmodType
The file permissions for the files copied into Docker image when
MultiStage
orRun
strategy is used.
DockerChmodType.UserGroupReadExecute
(default): chmod u=rX,g=rXDockerChmodType.UserGroupRead
: chmod u=r,g=rDockerChmodType.UserGroupWriteExecute
: chmod u=rwX,g=rwXDockerChmodType.SyncGroupToUser
: chmod g=uDockerChmodType.UserGroupPlusExecute
: chmod u+x,g+x (This is fordockerAdditionalPermissions
)DockerChmodType.Custom
: Custom argument provided by the user.dockerAdditionalPermissions
- Additional permissions typically used to give
chmod +x
rights for the executable files. By default generated Bash scripts are givenDockerChmodType.UserGroupPlusExecute
.dockerVersion
- The docker server version. Used to leverage new docker features while maintaining backwards compatibility.
dockerApiVersion
- The docker server API version. Used to leverage new docker features while maintaining backwards compatibility.
dockerGroupLayers
- The function mapping files into separate layers to increase docker cache hits. Lower index means the file would be a part of an earlier layer. The main idea behind this is to COPY dependencies *.jar’s first as they should change rarely. In separate command COPY the application *.jar’s that should change more often. Defaults to detect whether the file name starts with
ThisBuild / organization
. To disable layers map all files to no layer usingdockerGroupLayers in Docker := PartialFunction.empty
.
Publishing Settings¶
dockerRepository
- The repository to which the image is pushed when the
docker:publish
task is run. This should be of the form[repository.host[:repository.port]]
(assumes use of theindex.docker.io
repository) or[repository.host[:repository.port]][/username]
(discouraged, but available for backwards compatibilty.).dockerUsername
- The username or organization to which the image is pushed when the
docker:publish
task is run. This should be of the form[username]
or[organization]
.dockerUpdateLatest
- The flag to automatic update the latest tag when the
docker:publish
task is run. Default value isFALSE
. In order to use this setting, the minimum docker console version required is 1.10. See https://github.com/sbt/sbt-native-packager/issues/871 for a detailed explanation.dockerAlias
- The alias to be used for tagging the resulting image of the Docker build. The type of the setting key is
DockerAlias
. Defaults to[dockerRepository/][dockerUsername/][packageName]:[version]
.dockerAliases
- The list of aliases to be used for tagging the resulting image of the Docker build. The type of the setting key is
Seq[DockerAlias]
. Alias values are in format of[dockerRepository/][dockerUsername/][packageName]:[tag]
where tags are list of including your project version andlatest
tag(ifdockerUpdateLatest
is enabled). To append additional aliases to this list, you can add them by extendingdockerAlias
.dockerAliases ++= Seq(dockerAlias.value.withTag(Option("stable")), dockerAlias.value.withRegistryHost(Option("registry.internal.yourdomain.com")))
dockerBuildOptions
- Overrides the default Docker build options. Defaults to
Seq("--force-rm", "-t", "[dockerAlias]")
. This default is expanded ifdockerUpdateLatest
is set to true.dockerExecCommand
- Overrides the default Docker exec command. Defaults to
Seq("docker")
dockerBuildCommand
- Overrides the default Docker build command. The reason for this is that many systems restrict docker execution to root, and while the accepted guidance is to alias the docker command
alias docker='/usr/bin/docker'
, neither Java nor Scala support passing aliases to sub-processes, and most build systems run builds using a non-login, non-interactive shell, which also have limited support for aliases, which means that the only viable option is to usesudo docker
directly. Defaults toSeq("[dockerExecCommand]", "build", "[dockerBuildOptions]", ".")
.dockerRmiCommand
- Overrides the default Docker rmi command. This may be used if force flags or other options need to be passed to the command
docker rmi
. Defaults toSeq("[dockerExecCommand]", "rmi")
and will be directly appended with the image name and tag.dockerAutoremoveMultiStageIntermediateImages
- If intermediate images should be automatically removed when
MultiStage
strategy is used. Intermediate images usually aren’t needed after packaging is finished and therefore defaults totrue
. All intermediate images are labeledsnp-multi-stage=intermediate
. If set tofalse
and you want to remove all intermediate images at a later point, you can therefore do that by filtering for this label:docker image prune -f --filter label=snp-multi-stage=intermediate
Tasks¶
The Docker plugin provides the following commands:
docker:stage
- Generates a directory with the Dockerfile and environment prepared for creating a Docker image.
docker:publishLocal
- Builds an image using the local Docker server.
docker:publish
- Builds an image using the local Docker server, and pushes it to the configured remote repository.
docker:clean
- Removes the built image from the local Docker server.
Customize¶
There are some predefined settings which you can easily customize. These settings are explained in some detail in the next sections. If you want to describe your Dockerfile completely yourself, you can provide your own docker commands as described in Custom Dockerfile.
Docker Image Name and Version¶
packageName in Docker := packageName.value
version in Docker := version.value
Docker Base Image¶
dockerBaseImage := "openjdk"
Docker Repository¶
dockerRepository := Some("dockeruser")
Docker Image Customization¶
dockerExposedPorts := Seq(9000, 9443)
dockerExposedVolumes := Seq("/opt/docker/logs")
In order to work properly with USER daemon the exposed volumes are first created (if they do not exist) and then chowned.
Install Location¶
The path to which the application is written can be changed with the location setting.
The files from mappings in Docker
are extracted underneath this directory.
defaultLinuxInstallLocation in Docker := "/opt/docker"
Daemon User¶
By default, sbt Native Packager will create a daemon user named demiourgos728
whose UID is set to 1001
, and and emit USER 1001
since running as non-root is considered the best practice.
The following can be used to emit USER daemon
instead:
daemonUserUid in Docker := None
daemonUser in Docker := "daemon"
File Permission¶
By default, the working directory inside the Docker image is given read-only file permissions set using multi-stage Docker build, which requires Docker 17.5 or later (watch out if you’re using older Minikube).
If you want to make the working directory writable by the running process, here’s the setting:
import com.typesafe.sbt.packager.docker.DockerChmodType
dockerChmodType := DockerChmodType.UserGroupWriteExecute
By default, the shell scripts generated by SBT Native Packager are given chmod +x
rights. Here’s the setting to do so for other files:
import com.typesafe.sbt.packager.docker.DockerChmodType
dockerAdditionalPermissions += (DockerChmodType.UserGroupPlusExecute, "/opt/docker/bin/hello")
If you don’t want SBT Native Packager to change the file permissions at all here’s a strategy you can choose:
import com.typesafe.sbt.packager.docker.DockerPermissionStrategy
dockerPermissionStrategy := DockerPermissionStrategy.None
This will inherit the file mode bits set in your machine. Given that Kubernetes implementations like OpenShift will use an arbitrary user,
remember to set both the user bits and group bits when running chmod
yourself.
Custom Dockerfile¶
All settings before are used to create a single sequence of docker commands. You have the option to write all of them on your own, filter or change existing commands or simply add some.
First of all you should take a look what you docker commands look like. In your sbt console type
> show dockerCommands
[info] List(Cmd(FROM,openjdk:8), Cmd(LABEL,MAINTAINER=Your Name <y.n@yourcompany.com>), ...)
Remove Commands¶
SBT Native Packager adds commands you may not need. For example, the chowning of a exposed volume:
import com.typesafe.sbt.packager.docker._
// we want to filter the chown command for '/data'
dockerExposedVolumes += "/data"
// use filterNot to return all items that do NOT meet the criteria
dockerCommands := dockerCommands.value.filterNot {
// ExecCmd is a case class, and args is a varargs variable, so you need to bind it with @
case ExecCmd("RUN", args @ _*) => args.contains("chown") && args.contains("/data")
// don't filter the rest; don't filter out anything that doesn't match a pattern
case cmd => false
}
Add Commands¶
Since dockerCommands
is just a Sequence
, adding commands is straightforward:
import com.typesafe.sbt.packager.docker._
// use += to add an item to a Sequence
dockerCommands += Cmd("USER", (daemonUser in Docker).value)
// use ++= to merge a sequence with an existing sequence
dockerCommands ++= Seq(
// setting the run script executable
ExecCmd("RUN",
"chmod", "u+x",
s"${(defaultLinuxInstallLocation in Docker).value}/bin/${executableScriptName.value}"),
// setting a daemon user
Cmd("USER", "daemon")
)
Write from Scratch¶
You can simply wipe out all docker commands with
dockerCommands := Seq()
Now let’s start adding some Docker commands.
import com.typesafe.sbt.packager.docker._
dockerCommands := Seq(
Cmd("FROM", "openjdk:8"),
Cmd("LABEL", s"""MAINTAINER="${maintainer.value}""""),
ExecCmd("CMD", "echo", "Hello, World from Docker")
)
Busybox/Ash Support¶
Busybox is a popular minimal Docker base image that uses ash, a much
more limited shell than bash. By default, the Java archetype (Java Application Archetype) generates two files for shell
support: a bash
file, and a Windows .bat
file. If you build a Docker image for Busybox using the defaults, the
generated bash launch script will likely not work.
To handle this, you can use AshScriptPlugin, an ash-compatible archetype that is derived from the Java Application Archetype archetype. . Enable this by including:
enablePlugins(AshScriptPlugin)
With this plugin enabled an ash-compatible launch script will be generated in your Docker image.
Just like for Java Application Archetype, you have the option of overriding the default script by supplying
your own src/templates/ash-template
file. When overriding the file don’t forget to include
${{template_declares}}
somewhere to populate $app_classpath $app_mainclass
from your sbt project.
You’ll likely need these to launch your program.