問題描述
誰應該編寫 dockerfile、SRE 或開發人員? (Who should write the dockerfile, SRE or developer?)
我們正在內部完成一個流程,並對其他團隊在做什麼感到好奇。誰應該“擁有” dockerfile、devs 還是 SRE?我可以看到兩者的優缺點 ‑ 如果開發人員編寫它們,那麼 SRE 必須更新它們,如果 SRE 編寫它們,開發人員必須向他們傳達所需的更改。
從我的角度來看(基本上是項目經理) ),我希望我們的開發人員能夠進行部署並且我們的 QA 能夠盡快進行測試,並且我想要一個支持這一點的流程。
參考解法
方法 1:
It's debatable. It depends on case to case basis.
On a high level, two skills are required to write a Dockerfile, first what goes inside a Dockerfile, and second how best one can write a Dockerfile.
Key points to note:
- Dockerfile should be as light as possible (as images are created in layers, the image should not contain any unnecessary impediments from the above layers).
- Most importantly image must be secure. Security is a bigger aspect, which is often overlooked.
To answer who should write Dockerfile, from what I have seen most of the time it's the developer as they have more insight about the application moreover nowadays devs are expected to have Docker knowledge. However, for security and other nitty‑gritty of Docker, the involvement of SRE is some time required.
The second part of the question is related to CI. Dockerfile hardly changes in relation to features. In case of Dockerfile change, a review of SRE is recommended as CI may fail if all the pipeline stages of image baking process are not satisfied.
To summarize, a collaboration between dev and SRE is required if the application is complex. Dev and SRE have a different perspective to the same thing, and hence input from both are required when they are defined. In case of simple, anyone can do, it doesn't matter.
(by Patrick Kinne、Abhishek)