dockercon 2015 recap
TRANSCRIPT
Dockercon RecapEvan Hazlett@ehazlett
Dockercon: Announcements
• Docker in Production
• Security
• Networking and Plugins
• RunC
• Docker Release 1.7
• OpenContainer Project
Docker in Production
• Tremendous Community & Partner Ecosystem
• Extensible and Pluggable
• Roadmap• Security• Orchestration• Networking and Storage• Deployment and Management Workflows
Security
• Least Privilege Microservices• Service Profiles: access to only resources needed (API, etc)• Process Monitoring• Fine-grained Access Control
• Namespaces• Cgroups• Linux Security Modules (AppArmor, SELinux)
• Per container ulimit• User namespaces (remap root coming in 1.8)• Seccomp: syscall filtering (coming)
Security (cont.)
• DockerBench: Security Benchmark Tool• https://github.com/docker/docker-bench-security
• Notary: Secure Content Distribution• https://github.com/docker/notary
Networking and Plugins
Networking
• Multi-host networking out of the box
• Builtin Micro Segmentation• Create Virtual Networks of any Topology• Enforce Security Policies• Probes and Firewalls• Built on industry standards• Standardized Service Discovery• API (coming)
Plugins
• Initial Extension Points
• Network
• Volume
• Scheduler
• Service Discovery
• ...more to come
RunC
RunC
• Universal Container Runtime• Docker’s Container Management; nothing else• Lightweight• Battle Tested and Production Ready• Supports selinux, apparmor, cgroups, seccomp,
namespaces• User namespaces• Live Migration• Microsoft contributing Windows support• Arm support coming• https://runc.io
Docker Release 1.7
Docker Engine 1.7
• Experimental Binary• Built and distributed nightly• Bleeding edge features
• Initial Experimental Features• New networking• Network Plugins• Volume Plugins
Docker Engine 1.7 (cont.)
• Network Stack• libnetwork: new API for container networking• https://github.com/docker/libnetwork
• Disable userland proxy• Huge performance for port publishing
• ZFS driver• Build Quota: docker build --cpu-quota• Build Branch: docker build https://github.com/user/repo#branch
Docker Machine 0.3
• Generic Driver
• Provision any host with SSH
• Exoscale Driver
• Specify custom Engine and Swarm options
• Swarm Provisioning out of experimental
• Specify custom Engine and Swarm Versions
Docker Swarm 0.3
• Multi-tenancy• Leader Election and Replication (experimental); requires external service
discovery• Node Removal
• Mesos Integration
• Improved Builtin Scheduler
• Better Docker Remote API Parity• docker load• docker build• docker save
Docker Compose 1.3.0
• Performance and stability
• More config option support for Engine
• New feature (experimental): Smart Recreate
• Only recreate containers whose configuration has changed
• docker-compose up -x-smart-recreate
• Will become default
OpenContainer Project
OpenContainer Project
• OCF: universal intermediary format for OS containers
• Docker dontated RunC to Open Container Project• RunC is the OCF reference implementation
• Founding Members:
Thank You!
● Notary: https://github.com/docker/notary● DockerBench: http://dockerbench.com● Engine: https://github.com/docker/docker● Machine: https://github.com/docker/machine● Swarm: https://github.com/docker/swarm● Compose: https://github.com/docker/compose● RunC: https://github.com/opencontainers/runc● Network: https://github.com/docker/libnetwork● OpenContainer Project: http://opencontainers.org
Thank you!Evan Hazlett
@ehazlett