A small example of how we still let dev-squads build their containers, and at the same time ops-team can prepare containers for production without actual build whole application without all necessary tools and dependencies.

To develop this way can clearly split the delivery process to different environments without rebuild containers, control configurations for each environment and automate all stages if CD process.

If Develop it even more then can implement auto-rotating secrets/certificates in production environment in automaticall basis.

Small example based on Nginx application, which returns index.html for any request.

Let assume that this is our application. All necessary steps performs from Dockerfile.dev. Basically there we copy configs and index.dev.html to index.html to detect container version.

To build use:

docker build -f Dockerfile.dev -t nginx:dev .

then we get local docker image tagged as nginx:dev

If run it:

docker run -p 80:80 nginx:dev

and open browser at http://localhost/ we can see DEVELOPMENT ENVIRONMENT caption on the screen - the content from index.dev.html file.

Could say that dev version of our application built successfully.

Go next?

Assume that our image ready for QA environment. On QA we need different databases with seeded data, most probably we need different certificates to interact with other systems in QA contour etc. In other words, we need to update some files and configuration parameters for application inside the container. Let's skip configurations as it should come from ENV and it easy to implement. But how to deal with files we need put inside the container? Actually it also pretty easy - check Dockerfile.qa.

docker build -f Dockerfile.qa -t nginx:qa .

docker run -p 80:80 nginx:qa

Open it in a browser and get QA caption on the screen.

We had to update the index.html file in the container but we didn't touch anything else. Not necessary to install all toolset and bunch of libraries to build application container as developers do. Only operation manipulations. Easy?

Do the same approach. But here at this stage we already have tested not only application together with configuration set, but also the approach. So if it comes from dev to QA with change only necessary configuration, then we could say that this configuration set work and updating automatically.

docker build -f Dockerfile.prod -t nginx:prod .

docker run -p 80:80 nginx:prod

and get 'production' caption on the page.

Developers doing their job, ops doing their job, everybody happy.