Dockercon RecapEvan Hazlett@ehazlett

Dockercon: Announcements

• Docker in Production

• Security

• Networking and Plugins

• RunC

• Docker Release 1.7

• OpenContainer Project

Docker in Production

• Tremendous Community & Partner Ecosystem

• Extensible and Pluggable

• Roadmap• Security• Orchestration• Networking and Storage• Deployment and Management Workflows

Security

• Least Privilege Microservices• Service Profiles: access to only resources needed (API, etc)• Process Monitoring• Fine-grained Access Control

• Namespaces• Cgroups• Linux Security Modules (AppArmor, SELinux)

• Per container ulimit• User namespaces (remap root coming in 1.8)• Seccomp: syscall filtering (coming)

Security (cont.)

• DockerBench: Security Benchmark Tool• https://github.com/docker/docker-bench-security

• Notary: Secure Content Distribution• https://github.com/docker/notary

Networking and Plugins

Networking

• Multi-host networking out of the box

• Builtin Micro Segmentation• Create Virtual Networks of any Topology• Enforce Security Policies• Probes and Firewalls• Built on industry standards• Standardized Service Discovery• API (coming)

Plugins

• Initial Extension Points

• Network

• Volume

• Scheduler

• Service Discovery

• ...more to come

RunC

RunC

• Universal Container Runtime• Docker’s Container Management; nothing else• Lightweight• Battle Tested and Production Ready• Supports selinux, apparmor, cgroups, seccomp,

namespaces• User namespaces• Live Migration• Microsoft contributing Windows support• Arm support coming• https://runc.io

Docker Release 1.7

Docker Engine 1.7

• Experimental Binary• Built and distributed nightly• Bleeding edge features

• Initial Experimental Features• New networking• Network Plugins• Volume Plugins

Docker Engine 1.7 (cont.)

• Network Stack• libnetwork: new API for container networking• https://github.com/docker/libnetwork

• Disable userland proxy• Huge performance for port publishing

• ZFS driver• Build Quota: docker build --cpu-quota• Build Branch: docker build https://github.com/user/repo#branch

Docker Machine 0.3

• Generic Driver

• Provision any host with SSH

• Exoscale Driver

• Specify custom Engine and Swarm options

• Swarm Provisioning out of experimental

• Specify custom Engine and Swarm Versions

Docker Swarm 0.3

• Multi-tenancy• Leader Election and Replication (experimental); requires external service

discovery• Node Removal

• Mesos Integration

• Improved Builtin Scheduler

• Better Docker Remote API Parity• docker load• docker build• docker save

Docker Compose 1.3.0

• Performance and stability

• More config option support for Engine

• New feature (experimental): Smart Recreate

• Only recreate containers whose configuration has changed

• docker-compose up -x-smart-recreate

• Will become default

OpenContainer Project

OpenContainer Project

• OCF: universal intermediary format for OS containers

• Docker dontated RunC to Open Container Project• RunC is the OCF reference implementation

• Founding Members:

Thank You!

● Notary: https://github.com/docker/notary● DockerBench: http://dockerbench.com● Engine: https://github.com/docker/docker● Machine: https://github.com/docker/machine● Swarm: https://github.com/docker/swarm● Compose: https://github.com/docker/compose● RunC: https://github.com/opencontainers/runc● Network: https://github.com/docker/libnetwork● OpenContainer Project: http://opencontainers.org

Thank you!Evan Hazlett

@ehazlett