19 Months Later: An Incredible Platform and Ecosystem

Official Repos & 14K+ Dockerized Apps

Community 640+ Contributors 250+ Meetups on Docker 2.75M Downloads 6.7K Projects on GitHub

Support Enterprise Support Robust Documentation Implementation, Integration, Training Network of Partners

The Docker Platform ! Docker Engine

Docker Hub !Build, Ship, and Run

Partners

Content

Users

60+ People and a Turtle

Now up to 60+ people (and our pet turtle, Gordon)

…to Build, Ship, and Run

Build Ship

Run

Dev

QA

Source

Staging

Physical

Virtual

Cloud

Infrastructure Management

Infrastructure Management

DockerFile

Source Code Repository

TESTTEST

TESTTEST

TEST

GCE RAX IBM

Mac/Win Dev Machine

Boot2Docker

Doc

ker

Analytics DB

Prod Machine

Linux OS

Doc

ker

Doc

ker

++

Users Collab

Provenance Policy

Docker Hub

Registries

Public Curated Private

Docker Hub API

Third Party Tools

Prod Machine

Linux OS

Doc

ker

Doc

ker

Prod Machine

Linux OS

Doc

ker

Doc

ker

VM

Doc

ker

Doc

ker

VM

Doc

ker

Doc

ker

VM

Doc

ker

Doc

ker

QA Machine

Linux OS

Doc

ker

Doc

ker

Deploy servicesreliably & consistently

• If it works locally, it will work on the server

• With exactly the same behavior

• Regardless of versions

• Regardless of distros

• Regardless of dependencies

Better! Faster! Stronger!

Better! Faster! Stronger!

Hardware

VM (n)

Hardware

process (n)

process (n)

Hardware

VM (n)

Hardware

"contained"process (n)

"contained"process (n)process (n)

"contained"process (n)

Traditional Containerized

Traditional Host

syslogd nginx backup-agent sshd

Traditional Host

syslogd nginx backup-agent sshd

Dockerized Host

syslogd nginx backup-agent sshd

a security product?

• Docker Engine can be used as a security product.

• It provides a wrapper around processes

• Provides a path toward attestation of arbitrary processes (Trusted Compute)

• You can use VMs to wrap containers (and you can use containers inside of VMs)

Dockerized Host

syslogd nginx backup-agent sshd

golden image:

FROM ubuntu

RUN apt-get install \ rsyslog nginx amanda opensshd

Dockerized Host

syslogd nginx backup-agent sshd

syslog image:

FROM ubuntu

RUN apt-get install rsyslog

nginx image:

FROM fedora:f20

RUN yum install nginx

backup-agent image:

FROM ubuntu

RUN apt-get install amanda

sshd image:

FROM debian

RUN apt-get install opensshd

Do it!

‣ Build an image"

‣ Run it locally

‣ Push it to a registry (public or private)

‣ Run it (automatically!) in CI/CD and staging

‣ Run it in production

It’s an image builder.

Anatomy of achef-container run:

Docker ContainerInitiates Creates

Image

Linux

Chef

Chef

Runs

Configures

Chef

Runs

Configures

Build Creates

Stage 1 Stage 2

Do it!

‣ Build an image

‣ Run it locally

‣ Push it to a registry (public or private)

‣ Run it (automatically!) in CI/CD and staging

‣ Run it in production

“docker run -t -i \ —rm=true my-image“

Legend:-t = allocate tty -i = interactive —rm = remove ephemeral filesystem when exiting

“docker ps”

Do it!

‣ Build an image

‣ Run it locally

‣ Push it to a registry (public or private)"

‣ Run it (automatically!) in CI/CD and staging

‣ Run it in production

“docker push user/image”

Do it!

‣ Build an image

‣ Run it locally

‣ Push it to a registry (public or private)

‣ Run it (automatically!) in CI/CD and staging

‣ Run it in production

CI services…

and others…?

$ ID=$(docker build $app-dir) $ docker run —rm=true $ID $ echo $?

fig - local orchestration——fig.yml——web: build: . command: python app.py ports: - "5000:5000" volumes: - .:/code links: - redis  redis: image: orchardup/redis

$ ls Dockerfile fig.yml src$ docker run —privileged -v .:/opt/figapp \ ewindisch/figleaf $ echo $?

Legend:—privileged = run “uncontained”. A permissive “firewall”, if you will. -v = provide volume or bind-mount filesystem into container

Do it!

‣ Build an image

‣ Run it locally

‣ Push it to a registry (public or private)

‣ Run it (automatically!) in CI/CD and staging

‣ Run it in production

$ docker run -t -i \ —rm=false \ —restart=“on-failure[:5]” busybox

Legend:—restart=Restart policy on exit (no, on-failure[:max-retry], always)

Managing Docker at scale

Creating Containers is Easy

Managing them SUCKS

needs improvement

Management Ecosystem

Mesos

FlynnClockerClusterHQ

PaaS ecosystem

Configuration / Infrastructure Management

• Chef

• Puppet

• Salt

• Ansible

• CFEngine

• etc…

Container Inventory

• discoverd / sdutil • serf • skydock • others?

Docker Remote API

• By default the Docker daemon listens on unix:///var/run/docker.sock

• Can listen on a TCP socket with TLS 1.0+Plain-text also possible, but do not use it!(enabled by default with boot2docker)

• Used by various community tools:fig, vagrant, ansible, etc.

POST /containers/create HTTP/1.1 Content-Type: application/json !

{ "Hostname":"", "Domainname": "", "User":"", "Memory":0, "MemorySwap":0, "Env":null, “Cmd":[ "date" ], "Image":"base", “Volumes":{ "/tmp": {} }, "WorkingDir":"", "NetworkDisabled": false, "ExposedPorts":{ "22/tcp": {} }, "RestartPolicy": { "Name": "always" } }

HTTP/1.1 201 Created Content-Type: application/json !

{ "Id":"e90e34656806" "Warnings":[] }

Containers • List containers • Create a

container • Inspect a

container • List processes

running inside a container

• Get container logs

• Inspect changes on a container's filesystem

• Export a container

• Resize a container TTY

• Start a container

• Stop a container

• Restart a container

• Kill a container • Pause a

container

• Unpause a container

• Attach to a container

• Wait a container • Remove a

container • Copy files or

folders from a container

!

!

Images

• List Images

• Create an image

• Inspect an image

• Get the history of an image

• Push an image on the registry

• Tag an image into a repository

• Remove an image

• Search images

Misc • Build an image from Dockerfile

via stdin • Check auth configuration • Display system-wide

information • Show the docker version

information • Ping the docker server • Create a new image from a

container's changes

• Monitor Docker's events • Get a tarball containing all

images in a repository • Get a tarball containing all

images. • Load a tarball with a set of

images and tags into docker • Image tarball format • Exec Create • Exec Start • Exec Resize

Q & A

@ewindisch