Docker moves very fast, with an edge channel released every month and a stable release every 3 months. Patrick will talk about how Docker introduced Docker EE and a certification program for containers and plugins with Docker CE and EE 17.03 (from March), the announcements from DockerCon (April), and the many new features planned for Docker CE 17.05 in May.
This talk will be about what's new in Docker and what's next on the roadmap
6. A commercial product,
built on
a development platform,
built on
infrastructure,
built on
standards.
Docker is building a stack to program the Internet
23. Build smaller images with
multi-stage builds
First stage: complete
build environment
Second stage:
minimal runtime
environment
One Dockerfile, one build
24. FROM big-buildbase
…
…
FROM tiny-runbase
…
COPY --from=0
/artifact /run/app
…
One Dockerfile,
one build
Stage 0: large build
environment
Stage 1: minimal run
environment
Copy artifacts from one stage
to the next
Only copy what you need!
Build smaller images with
multi-stage builds
25. MAC AWS
“I wish it was easier to
take my app from desktop
to cloud”
Example #2
47. Docker is a platform made of components
Raft Store
Node
Identity
Secrets
Routing
Mesh
Overlay
Networking
Swarm Orchestration
Engine
Application Services
56. Only works with
containers
- Smaller attack
surface
- Immutable
infrastructure
- Sandboxed system
services
- Specialized patches
and configuration
Incubator for
security innovations
- Wireguard,
Landlock, KSPP
- MirageOS type
safe system
daemons
Community-first
security process
- Linux is too big
for any one
company to
secure it
- Participate in
existing Linux
security efforts
1. LinuxKit: a SECURE Linux subsystem
57. - Minimal size, minimal boot time
- All system services are containers
- Everything can be removed or
replaced
2. LinuxKit: a LEAN Linux subsystem
58. - Desktop, server, IoT, mainframe
- Intel & ARM
- Bare metal & virtualized
3. LinuxKit: a PORTABLE Linux subsystem
71. It’s time to take our ecosystem to the next level…
By collaborating on components AND COMMON ASSEMBLIES.
73. – Library of 80+ components
– Package your own
components as containers
– Reference assemblies
deployed on millions of nodes
– Create your own assemblies
or start from an existing one
A framework to assemble
specialized container
systems without
reinventing the wheel.
74. Docker uses Moby for its
open-source
– Thousands of contributors,
hundreds of patches/week
– Component development
– Specialized assembly
development
– Integration tests
– Architecture design
– Integration with other projects
– Experimentation and bleeding
edge features
75. Docker uses Moby for its
open-source...
and so can you!
– Community-run
– Open governance inspired by
the Fedora project
– Plays well with existing
projects - no donation
necessary!
77. What it means for you
Moby helps you
innovate without tying
you to Docker
System BuildersDocker Users
Docker will better leverage
the ecosystem to innovate
faster for you
90. What is it?
90
• Launched at LinuxCon, Berlin in October, 2016.
• Toolkit for building declarative, self-managing
distributed applications
• Active management with active controllers
• scaling groups, rolling updates
• monitoring / health checks
• connecting nodes to L4 / ingress
• Declarative infrastructure
96. Support more platforms
96
• Compute:
• Bare-metal: HP OneView, MAAS, RackHD
• Public cloud: AWS, GCP
• MacOS X (HyperKit); Docker containers
• Coming soon: Azure, IBM, Digital Ocean,
Packet, libvirt
• Other resource types
• AWS - vpc, subnets, gateways, etc.
97. Improve usability
97
• Templates
• Complex scripts and configuration in any format;
no more escape quotes in JSON
• Fetch templates from remote repositories
• Playbooks
• CLI - flags, prompts — config driven and
dynamic
• Share “playbooks” from remote repositories
98. Improve core system
98
• High Availability — Swarm Mode or etcd
• New Plugin types — Metadata and Events
• Metadata: cluster-wide sysfs and reflection
• Events - publish / subscribe
• Remote client access:
infrakit -H host:port to remote cluster
100. Use Cases
100
• Support container orchestration
• bootstrapping + day N management
• API for cluster autoscaling
• k8s, Docker Swarm Mode
• Bare-metal + GPU provisioning
• IoT — LinuxKit integration / custom kernel
deployment
101. Improve usability
101
• Finalize API / Schema for 1.0
• Make it easy to consume
• Simplify setup - fewer daemons and binaries
• Embeddable / vendor API
• Sensible CLI for stable / experimental features
• Make it easy to extend / contribute
• metadata / instance plugins
• playbooks / reusable templates
• community CI / compatibility testing
• Documentation
102. Improve core system
102
• Provisioning of diverse resource types
• networks / proxies / load balancers
• GPU
• Stability / performance of core controllers
• Asynchronous messaging - mqtt, natsd, amqp
• Monitoring + Health check SPI
103. Support more platforms
103
• Direct libvirt / KVM / CUDA
• Better bare-metal / hardware ops integration
• Kernel image build pipeline — LinuxKit
Build, test, and deploy clusters from infrastructure
definitions to kernel images
Docker has its roots in dev productivitystill lot of work to dosolve it by listening to devs, solving all their pbs one by onelet’s talk about dev problems.
Docker has its roots in dev productivitystill lot of work to dosolve it by listening to devs, solving all their pbs one by onelet’s talk about dev problems.
containerize the build environment
second stage extract only the artifact you need in production
to produce smaller images in production
containerize the build environment
second stage extract only the artifact you need in production
to produce smaller images in production
diagram with 2 editions, missing link
DockerID
From Desktop to Cloud
managing connectivity to remote swarms, credentials, endpoints
rom single dev on one machine
collab other devs
collab with different swarms
access control
collab with Ops
DockerID
From Desktop to Cloud
managing connectivity to remote swarms, credentials, endpoints
rom single dev on one machine
collab other devs
collab with different swarms
access control
collab with Ops
Docker has its roots in dev productivitystill lot of work to dosolve it by listening to devs, solving all their pbs one by onelet’s talk about dev problems.
Docker has its roots in dev productivitystill lot of work to dosolve it by listening to devs, solving all their pbs one by onelet’s talk about dev problems.
Docker has its roots in dev productivitystill lot of work to dosolve it by listening to devs, solving all their pbs one by onelet’s talk about dev problems.
our job is to give you the best tools to take your app to prod securely
3 rules we follow
usability, portability, scalability
usable security so that devs don't bypass it
scale, automation
Docker suite of tools for security in production
tools deliver security that is
usable
scalable
portable
not getting in the way of operators
help developers make applications be more secure
has to be easy and portable so that developers will use it.
Security never ends, continuous process
We made a lot of progress this year
4 features I want to talk about
our job is to give you the best tools to take your app to prod securely
3 rules we follow
usability, portability, scalability
usable security so that devs don't bypass it
scale, automation
Docker suite of tools for security in production
tools deliver security that is
usable
scalable
portable
not getting in the way of operators
help developers make applications be more secure
has to be easy and portable so that developers will use it.
Security never ends, continuous process
We made a lot of progress this year
4 features I want to talk about
our job is to give you the best tools to take your app to prod securely
3 rules we follow
usability, portability, scalability
usable security so that devs don't bypass it
scale, automation
Docker suite of tools for security in production
tools deliver security that is
usable
scalable
portable
not getting in the way of operators
help developers make applications be more secure
has to be easy and portable so that developers will use it.
Security never ends, continuous process
We made a lot of progress this year
4 features I want to talk about
our job is to give you the best tools to take your app to prod securely
3 rules we follow
usability, portability, scalability
usable security so that devs don't bypass it
scale, automation
Docker suite of tools for security in production
tools deliver security that is
usable
scalable
portable
not getting in the way of operators
help developers make applications be more secure
has to be easy and portable so that developers will use it.
Security never ends, continuous process
We made a lot of progress this year
4 features I want to talk about
our job is to give you the best tools to take your app to prod securely
3 rules we follow
usability, portability, scalability
usable security so that devs don't bypass it
scale, automation
Docker suite of tools for security in production
tools deliver security that is
usable
scalable
portable
not getting in the way of operators
help developers make applications be more secure
has to be easy and portable so that developers will use it.
Security never ends, continuous process
We made a lot of progress this year
4 features I want to talk about
Diogo
Diogo
Diogo
Diogo
Diogo
Diogo
our job is to give you the best tools to take your app to prod securely
3 rules we follow
usability, portability, scalability
usable security so that devs don't bypass it
scale, automation
Docker suite of tools for security in production
tools deliver security that is
usable
scalable
portable
not getting in the way of operators
help developers make applications be more secure
has to be easy and portable so that developers will use it.
Security never ends, continuous process
We made a lot of progress this year
4 features I want to talk about
reason that Docker is so componentized because of open dev model we adopted
partnered with an ecosystem that grew around it
several phases
----
docker is a container platform
solve pb for our users
develop new components, or improve existing components
open dev model, 12 oss projects produce one comp of a container platform
any one project useless on its own
one story how we used this model to solve toughest tech pb way could not have without it
moby at docker to innovate faster
editions
case study of using moby
pb: going beyond linux
no need to bring you own linux os
originally Linux only
market we want to use docker everywhere
we don't have a favorite linux product
we want to use containers
our platform is not linux
mac, windows 10, azure, aws, gcp
portable container platform, need docker to work on our existing platform
one story how we used this model to solve toughest tech pb way could not have without it
moby at docker to innovate faster
editions
case study of using moby
pb: going beyond linux
no need to bring you own linux os
originally Linux only
market we want to use docker everywhere
we don't have a favorite linux product
we want to use containers
our platform is not linux
mac, windows 10, azure, aws, gcp
portable container platform, need docker to work on our existing platform
Docker has its roots in dev productivitystill lot of work to dosolve it by listening to devs, solving all their pbs one by onelet’s talk about dev problems.
Docker has its roots in dev productivitystill lot of work to dosolve it by listening to devs, solving all their pbs one by onelet’s talk about dev problems.
we partnerd with several companies and LF to create this component
ongoing efforts to port it to diff environments, map of different efforts
HPE
VMW
Mainframe
IoT ARM
Windows
Clouds….
everything uses containers, every major Linux based project has embraced containers
containers are how Linux will work going fwd
Based on containerd
System services running as containers
LinuxKit is the place to try out new Linux security ideas
Provably secure, but also
Option to be at the bleeding edge of security
secure edge channel, key feature of the project
Working with industry to make LinuxKit the most secure OS for everybody
Base for Linux functionality on any environment
ex: GE EdgeOS, exotic iot devices, cannot do that with an OS designed for Datacenter
Ways to make Linux secure, but locked into a specific environment
Take advantage of every aspect of infrastructure
Microsoft partnering with Docker to bring Linux to Windows
bleeding edge cloud developers
define components of the platform as containers
allows more advanced production models
multiple stages of collaboration
deploying at scale in specialized systems
last year editions, mac, windows, cloud
how do we deliver all editions of our platform and scale our engineering
single systemn company to multi system company
each is very specialized
whole point of docker is to deliver a standard experience using containers
steal an idea from auto industry
assemblies, different ways of assembling components
open common assemblies for iot, mainframe, cloud native, desktop
achieve scale through openness
propose ecosystem to share this model of growth
component and assembly level, everyone can bring their components and assemblies and innovate at both levels
introduced assemblies
allowed docker to scale internally
allowed us to ramp up to 12 editions of docker
complexity
duplication of effort, design
allowed docker to scale internally
allowed us to ramp up to 12 editions of docker
introduced an additional level of collaboration, assembly, cpatures what is common and that teams can use for their environments
looks like this, moby origin, assembly we use to create editions of docker
all of our assembly dev will take place in moby project
if want close derivative to docker platform, join dev of moby origin
want diofferent assembly, fork moby-origin
partners
Introducing a new project
where Docker does 100% of its oss work
all components
all assemblies
inviting users, partners the whole ecosystem to join this project and together take container ecosystem to the mainstream
seed this project with 12s of components, an assembly that is very stable and deployed in prod on 1000s nodes
the most important project we have introduced since 2014
not a foundation moby does not own projects
any project can come collab and retain ownership of their code
all components
all assemblies
inviting users, partners the whole ecosystem to join this project and together take container ecosystem to the mainstream
seed this project with 12s of components, an assembly that is very stable and deployed in prod on 1000s nodes
the most important project we have introduced since 2014
not a foundation moby does not own projects
any project can come collab and retain ownership of their code
all components
all assemblies
inviting users, partners the whole ecosystem to join this project and together take container ecosystem to the mainstream
seed this project with 12s of components, an assembly that is very stable and deployed in prod on 1000s nodes
the most important project we have introduced since 2014
not a foundation moby does not own projects
any project can come collab and retain ownership of their code
platform based on containers
Docker uses Moby to innovate in the open.
Each version of Docker will innovate faster
Moore innovation/more choice
all components
all assemblies
inviting users, partners the whole ecosystem to join this project and together take container ecosystem to the mainstream
seed this project with 12s of components, an assembly that is very stable and deployed in prod on 1000s nodes
the most important project we have introduced since 2014
not a foundation moby does not own projects
any project can come collab and retain ownership of their code
platform based on containers
platform based on containers
InfraKit can be used set up to run with leader election (e.g. integrated with Docker swarm mode) to achieve high availability. Multiple plugin sets are running as hot standby but only one is active (the leader).
Simple patterns
Compose them into a large configuration. Group is made up of Instance and Flavor