Create Git Clone, ACR Push/Pull, Docker Run Pipeline Stages
Jenkins is the mostly and widely used pipelining tool for continuous deployments. Here I am planing to explain you that how to push an SpringBoot application build image to Azure Container registry and reused it inside your docker-compose file while you run your deployment. There are some basic steps to complete before the Jenkins pipeline part.
From your Azure Console, create container registry and get your login password from Settings -> Access keys (We are going to create Jenkins credential id using this)
You have a SpringBoot app with Dockerfile, docker-compose file and Jenkins file located in same directory structure
Here is the sample content of above files
In your Jenkins, if you are using Jenkins docker image you have to have below configurations
First execute below in your Jenkins host machine
sudo adduser jenkins sudo usermod -a -G docker jenkins
Here I map docker and docker-compose executable files from host machine to Jenkins docker container, so Jenkins can execute docker commands.
Jenkins – Create pipeline using existing Jenkinsfile
Log into your Jenkins and Select “New Item” -> Pipeline , put a suitable name for your build
You can add triggers later, for now , go to “Pipeline Section” and select “pipeline script from SCM”
Put your Git repo, if your repo is a private one add credentials by clicking Add button
Mention your branch, if you are using different branch than master, put that name
Script path is “Jenkinsfile”, its relative url to your project
Adding Azure Container registry credentials to Jenkins
Go to Credentials -> System -> Global credentials (unrestricted) -> Add Credentials
In your Pipeline script , put the same credential ID as above
Now you can execute “Build Now” command
Summery of the flow (pipeline)
Compile your java code using maven
Package it to jar
Optimize and jar (break fat jar)
Build docker image
Push the image to ACR with tag
Pull back the image
Remove all previous docker containers
Spin up all the containers (including dependencies) using docker-compose
CQRS is an Architectural pattern which solves complexity issues in larger projects. CQRS simplifies your service layer by dividing into main two blocks. Most people confusing about this pattern but it is simple.
What is a Command – Command is basically a CRUD without R , that means CUD, simple right? CUD – CREATE, UPDATE, DELETE. Commands are database transaction operations, for example you are going to change the state of your database by editing, inserting or deleting a record or set of records.
What is a Query – Query is R in CRUD, means RETRIEVE. Queries are fetching database records and they are not deal with transaction stuff.
Is this pattern something you should try?
Yes but “Use Responsibly”, This may increase the complexity of small projects but ideal if you need clean separation between commands and queries.
What technologies we should use for this
In Spring Ecosystem, ideally an ORM aka any JPA technology works for command implementation since they optimized to persist any complex objects. but I recommend Spring Data JPA Crud repository over plain Hibernate since Spring Data CRUD is well optimized and can do almost all the CRUD operations. If you have really complex DB architecture use Hibernate with Spring Data.
For Queries we can use MyBatis. Hibernate would attempt to load the entire object graph and you’d need to start tuning queries with LazyLoading tricks to keep it working on a large domain. This is important when running complex analytic queries that don’t even return entity objects. Hibernate only offers SqlQuery and bean Transformers in this case with huge default types like BigDecimal, while myBatis could easily map to a simple POJO non-entity (https://softwareengineering.stackexchange.com/questions/158109/what-are-the-advantages-of-mybatis-over-hibernate). If you want to just fetch information, use myBatis.
Technically, that’s how you gonna separate the two components, you can find simple implementation from below repository.
Micro-service architecture is the new revolution of the software industry and it has been popular topic since later 2015 and now it became the most suited architecture for bigger and complex systems. It is a nice and maintainable replacement to the traditional monolithic (aka all in one) system. As the name says it all, you have to develop and deploy services as small business components, not only in your application layer but also your db layer need to be componentized. Functionality and behaviour should unique to the individual service and dependencies need to be injected via service calls, not using tightly bound db relationships.
Here I am going to explain the basic components of the micro-service system and how to develop a basic functioning micro-service with proper security. In my sample application I have separated my system to few layers
Simple API (Micro-service; you can have multiple MSs)
Identity and Access Management
Later you can introduce more layers to the system, such as config service (Spring Cloud Config), log service (Sleuth), latency and fault tolerance (Hystrix), client side load balancing (Ribbon) etc, but as a first step I am going to prepare the ground layer for the basic start up system.
You can refer below GIT repository for code setup.
Keycloak is an open source Identity and Access Management solution developed by JBoss (on top of WildFly).Download and extract zip/tar file from here “https://www.keycloak.org/” and start up the server using
Netflix Eureka is a service registry and service discovery component. It will ease our work by registering each micro-service to centralized location and it provides easier way for inter process communication.
Build and run using maven, execute below command withing the project location.
We have created a user duminda inside keycloak (Admin console) with password 12345(or you can create your own). We are now able to get the token using below POST request. You can use Postman, SoapUI or CUrl for that.
Replace access_token with the JWT then you can access the API resource. Without Authorization token, ZUUL proxy will reject your request and it will not reach to the destination (Microservice1 or Microservice2) and return unauthorized response.
This architecture diagram shows how the system behaves top to bottom.
Note that this is a basic architecture. You can add more components to the architecture and add refresh token capability to the system as well.