This is the second part of the interview with Daniel van Gils about Steam, the employer branding agency. The first part explained Steams’ infrastructure set up, why and how they use containers in production, the campaigns they work on and the security aspects.
In this part Daniel is talking about Steam specific campaign called #crimediggers, a recruitment campaign for attracting digital forensics experts for the dutch national police cyber/digital forensics department.
He illustrated the step by step process of moving the containerized application from development to production.
Can you give us an overview of the Docker project that you have set up in production?
.#crimediggers is an online serious game (experience) and contains a very rich narrative using a lot of data (images, evidence as downloads like pdfs, network scans and etc.) to explore, tinker with and combine to find solutions to the challenges which are part of the experience.
We broke up the whole thing in a couple of services because we are moving slowly away from a more monolithic rails approach. Our first steps into the microservice bandwagon.
Our architecture consists of five services; static content, api, cms, hidden tor service and a mysql database. We developed the experience from an api first approach.
Can you describe step by step the process of moving from development to production?
At Steam, we developed a couple of bootstrap repositories to get a development environment setup and run under 1 minute. Yes, 1 minute! Create a new project, use the bootstrap repo and run a docker-compose up and off we go. The whole bootstrap thing consists of all the knowledge we have about modern software craftsmanship and focus on different software and business challenge we face in our agency. Those bootstrap repos. contains knowledge from smart UX/UI sass mixins, angular boilerplates, respect the s...t out of an api to a fully integration of cucumber driving browserstack to do some end-to-end browser testing.
Well... After that 1 minute, we can write clean and testable code. The new project has everything in place for BDD (behaviour driven development). Depending on the nature of the project we run different tests and deploy on a ‘static’ hosting environment provided by our clients or we ‘full service’ the campaign and use Cloud 66 to unleash true continuous integration and delivering. This is what we used for #crimediggers case.
What were the main obstacles that you faced during this process and how did you resolve it?
The main obstacle we faced was the integration tests. We want to make sure that our frontend is in sync with our API. We couldn’t test the frontend without the API. So we made clever use of different Dockerfiles combined with “test” services using docker-composed to run the RSpec against the API and our Cucumber features against the build output of middleman. Middleman is a static site generator using modern tech like Coffeescript, SASS & Slim.
What is the maintenance process once the Dockerize application runs in production.
We spend a lot of time getting our workflow pipeline as solid as we can. And with all the health checks in place, monitoring (we use new relic for monitoring our API) and the zero downtime deployment, we sleep really well at night and the next morning we don’t fear features requests. When we are working on the project and all the tests are green (using a CI server) we simply give Cloud 66 a high five using a webhook and our new version is built using Cloud 66 buildgrid and after warming up it’s instantly deployed without zero downtime.
Major changes are first deployment on a staging environment for sign off purposes. But all the minor changes are going straight to production after the tests are green.
Again, it was awesome to find out in detail how Steam and Daniel are using containers in production. This is one of the most interesting and unique case studies for Docker. If you missed, read Part I of this interview. Where Daniel explains the architecture Steams’ infrastructure, why and how they use containers in production and how they dealt with the security issues.