{{announcement.body}}
{{announcement.title}}

Create Fast and Easy Docker Images With Jib

DZone 's Guide to

Create Fast and Easy Docker Images With Jib

In this article, create Docker images with Jib.

· Cloud Zone ·
Free Resource

In this post, we are going to take a look at Jib, a tool from Google in order to create Docker images in an easy and fast way. No need to create a Docker file, no need to install a Docker daemon, Jib just runs out-of-the-box.

1. Introduction

Up until now, we have been using the dockerfile-maven-plugin from Spotify in order to build and push our Docker images. This requires us to write a Docker file, according to best practices, to install a Docker daemon and to add the plugin to our build process. Jib will provide us a more easy way to create our Docker images. We only need to add and configure the Maven plugin and that is about it. Of course, we only believe this when we have tried it ourselves, and that is exactly what we are going to do.

We will create a simple Spring Boot application, containerize it with Jib Maven plugin and push it to Docker Hub. Next, we will pull the image and run the Docker container. The sources are available at GitHub.

We are using:

  • Ubuntu 18.04
  • Spring Boot 2.2.1
  • Java 11
  • Jib Maven Plugin 1.8.0
  • An account at Docker Hub

More information about Jib can be found at the Google Cloud Platform Blog and at GitHub.

You might also want to read: Publish Docker Images on a Private Nexus Repository Using Jib Maven Plugin

2. Create the Application

First, we will create a simple Spring Boot application. We add the Spring Actuator and Spring Web MVC dependencies to our pom. Spring Actuator will provide us the means to add health checks.

XML


Our application consists out of a Rest controller which returns a hello message and the address of the machine.

Java


Run the application locally:

Shell


After successful startup, we invoke the URL http://localhost:8080/hello which returns us the following message:

Shell


3. Setup Jib and Docker Hub

In this section, we will add the Jib Maven plugin and ensure that we have a successful connection to Docker Hub Registry. It has been quite a struggle to get this working properly, mainly due to a lack of documentation. The official Jib documentation is quite vague about secure authentication methods. Most of the examples consist of adding plain text credentials to the pom or to the Maven settings file. But that is not what we want. We want a secure way of connecting to Docker Hub by means of a Docker Credential Helper.

In order to test the connection, we add the Jib Maven plugin to our pom and configure it in order to retrieve a base image and to push this image to Docker Hub.

XML


The from tag contains our base image, just like the FROM statement in a Docker file. The to tag contains the image we want to push. The ${docker.image.prefix} is set to mydeveloperplanet (our Docker Hub account), you will need to change this to your own account. The ${project.artifactId} contains the version 1.0-SNAPSHOT. In order to make use of a Credential Helper, we set the tag credHelper to pass.

Before starting, we need to set up a GPG key if you do not already have one, see also the Ubuntu help pages.

Shell


For ease of use, you can add the generated key to your profile as an environment variable. Add the following line to your .profile where you replace Your_GPG_Key with your key.

Shell


Source your .profile in order to make the environment variable available.

Shell


You can also choose to send your key to the Ubuntu keyserver, but it is not necessary in order to execute the next steps.

Shell


Install pass and initialize a password store with your GPG key.

Shell


Next thing to do, is to download and unpack the Docker Credential Helper and make the file executable.

Shell


The Docker Credential Helper needs to be configured correctly and this is where documentation falls short.

Create a config.json file with the following content. In the documentation it is stated to add the contents { "credStore": "pass" }, but with this configuration, Jib will not be able to connect to the Docker Hub Registry. We found the following issue where the use of credStore is not supported anymore for the Google Cloud Registry.

JSON


Initialize the Docker Credential Helper. Enter the password pass is initialized when being asked for a password.

Shell


Check whether the password is correctly set:

Shell


Login with your Docker credentials. A warning is raised saying that your password is stored unencrypted in the file config.json. We could not figure out why this warning is being raised, because the credentials are stored encrypted in the config.json file.

Shell


From now on, it is possible to execute docker login without the need for entering your credentials.

Shell


You can logout again with docker logout:

Shell


Ensure that you are logged in again and run the Maven Jib build command:

Shell


The image is successfully built and pushed to Docker Hub. Two warnings are raised during the build:

Base image 'openjdk:11.0.5-jre' does not use a specific image digest - build may not be reproducible
This can be easily be solved by replacing openjdk:11.0.5-jre with the sha256 key for the base image openjdk@sha256:b3e19d27caa8249aad6f90c6e987943d03e915bbf3a66bc1b7f994a4fed668f6

The credential helper (docker-credential-pass) has nothing for server URL: https://index.docker.io/v1
This is a strange warning because the credentials for this URL are resolved and used for pushing the image.

4. Configure Jib for Our Application

Now that we have configured the authentication in a secure way, we can continue with configuring the Jib Maven plugin for our application. We add a tag to our image and specifiy the main class.

XML


Do not add the tag format with value OCI to your container configuration. Docker Hub does not support yet OCI completely and an error message will be shown ‘An error occurred while loading the tags. Try reloading the page’.

Build the image again and pull the Docker image:

Shell


Run the image and map it to port 8080:

Shell


List the Docker containers:

Shell


We only need to retrieve the IP address of our Docker container:

JSON


The URL of our application can now be invoked with http://172.17.0.2:8080/hello.

This returns us the welcome message:

Shell


We have one more issue to solve: our application runs as root in the Docker container. This is not something we want because of security. First, we will check which users are available in the Docker container:

Shell


The Docker container contains a user nobody, which is the one we can use for running our application. Add the user tag to the pom:

XML


Build the image, pull it and run it. Verify with docker inspect whether nobody is used as user.

JSON


In our pom, we also added Spring Actuator. There is no option to add a Docker healthcheck via Jib. This must be resolved with liveness probe and readiness probe in the Kubernetes configuration, see also this issue.

5. Conclusion

We experimented with Jib Maven plugin in order to create our Docker images. Configuring the credentials for Docker Hub Registry was a real struggle, but once this was set up, the plugin was really easy to use. Besides that, no Docker daemon is needed and you do not need to write a separate Docker file. Last but not least, it is really fast. We will definitely be using this plugin in the near future.

Further Reading

Docker Images and Containers

Containerize Spring Boot Apps Using Docker and Jib

Topics:
devops ,docker ,java ,maven ,cloud ,tutorial ,jib

Published at DZone with permission of Gunter Rotsaert , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}