CloudShell Academy LogoCloudShell Academy
Log InSign Up
AcademyContainment Breach: The Architect's ShipZone 7: Global Distribution

Lesson 2: The Release Manager (Deployment Strategies)

Building and pushing images is only half the story. In DevOps, you need a release strategy — a systematic way to ship new versions safely.

The CI/CD Pipeline with Docker

Code Push → Build Image → Test → Push to Registry → Deploy
   │            │           │          │                │
   git push   docker     run        docker push    docker pull
              build      tests                     + restart

Automated Image Building

In a CI/CD pipeline (GitHub Actions, GitLab CI), images are built automatically:

# .github/workflows/deploy.yml
name: Build & Deploy
on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Build image
        run: docker build -t cloudcorp/my-app:${{ github.sha }} .
      - name: Push to registry
        run: docker push cloudcorp/my-app:${{ github.sha }}

Deployment Patterns

1. Rolling Update

Replace containers one at a time. Zero downtime.

Time 0:  [v1] [v1] [v1]
Time 1:  [v2] [v1] [v1]   ← First container updated
Time 2:  [v2] [v2] [v1]   ← Second container updated
Time 3:  [v2] [v2] [v2]   ← All updated

2. Blue-Green Deployment

Run both versions simultaneously, then switch traffic.

Blue (current):   [v1] [v1] [v1]  ← Serving traffic
Green (new):      [v2] [v2] [v2]  ← Warming up

Switch:           Traffic → Green
                  Terminate Blue

3. Canary Deployment

Route a small percentage of traffic to the new version.

[v1] [v1] [v1] [v1] [v2]  ← 20% to v2
Monitor...
[v1] [v1] [v2] [v2] [v2]  ← 60% to v2
Monitor...
[v2] [v2] [v2] [v2] [v2]  ← 100% to v2

Rollback Strategy

Always be ready to rollback:

# Quick rollback — just run the previous version
docker stop my-app
docker run -d --name my-app cloudcorp/my-app:v1.2.0   # Previous known-good version

Exporting & Importing Images

For air-gapped environments (no internet):

# Export to a file
docker save -o my-app.tar my-app:v1

# Transfer the file (scp, USB, etc.)
scp my-app.tar user@production-server:/tmp/

# Import on the target machine
docker load -i /tmp/my-app.tar

Image Digests (Immutable References)

Tags can be moved (someone can push a different image as v1). Digests are immutable:

docker pull nginx@sha256:abc123def456...

This guarantees you get the exact same image every time.

booting...

Mission Objective

Practice release management:

  1. Multi-tag: Tag your image with both latest and 1.0.0.
  2. Get the digest: Run docker inspect --format='{{index .RepoDigests 0}}' nginx.
  3. Export: Save your image with docker save -o my-app.tar my-app:v1.

Mission Control

Tag an image with multiple tags

Expected Command

docker tag my-app:v1 cloudcorp/my-app:latest && docker tag my-app:v1 cloudcorp/my-app:1.0.0

View the image digest

Export an image to a tar file

Previous: The Warehouse: Docker HubNext: The Minimalist: Small Images