dockercon eu 2015 - the latest on docker engine
TRANSCRIPT
![Page 1: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/1.jpg)
The latest in Docker Engine
Jessie FrazelleSoftware Engineer, Docker
Arnaud PorterieSenior Engineering Manager, Docker
![Page 2: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/2.jpg)
The pastWhat happened since last DockerCon?
![Page 3: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/3.jpg)
Engine recent history
3
Activity since last DockerCon
2,162 pull requests
… from 438 contributors… we closed 420 😕 (sorry!)
… we merged 1,615 😇 (80%)
![Page 4: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/4.jpg)
(+) 311,780 lines of code added
(-) 163,350 lines of code removed
Engine recent history
4
Activity since last DockerCon
![Page 5: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/5.jpg)
Engine recent history
5
Releases since last DockerCon
2015-06-16 - Docker Engine 1.7ZFS supportExperimental pluginsExperimental multihost networking
2015-06-22 - Open Container InitiativeRuntime (libcontainer) donated to the Linux Foundation
2015-08-11 - Docker Engine 1.8Docker Content TrustDocker daemon subcommandMany, many, many bugfixes
![Page 6: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/6.jpg)
The presentDocker Engine 1.9.0
![Page 7: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/7.jpg)
Docker Engine 1.9.0
7
Builder improvements
Build time argumentsNew ARG Dockerfile instructionBuiltin support for HTTP_PROXY at build
Custom stop signalNew STOPSIGNAL Dockerfile instructionConfigure which signal should terminate the entrypoint
![Page 8: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/8.jpg)
Docker Engine 1.9.0
8
Networking
Multihost networking is out of experimentalOut of the box overlay networking
New docker network commandManage networks as a top-level object
Extensibility through pluginsAlready 6 implementations done or under development
![Page 9: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/9.jpg)
Docker Engine 1.9.0
9
Volume management
New docker volume commandManage volumes as a top-level object
Extensibility through pluginsAlready several implementations (e.g., Flocker)See github.com/calavera/dkvolume for Go bootstrapping
![Page 10: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/10.jpg)
Docker Engine 1.9.0
10
Experimental: user namespaces
GID/UID remapRoot in the container != root on the hostKey feature for multi-tenancy
Doesn’t come without drawbacks!Storage dir is scoped by gid/uidNo more --net=container or --net=host
![Page 11: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/11.jpg)
The futureWhat’s next for Docker Engine?
![Page 12: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/12.jpg)
What’s next?
12
Distribution rework
MotivationsEase maintenanceFix long running structural issues
New manifest formatEnable multi-architecture images (“fat manifests”)
Few user visible changesLayers != imageImages identified by sha256sum(manifest)
![Page 13: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/13.jpg)
What’s next?
13
More platforms
Official ARM supportCurrently being worked on (thanks Hypriot!)
Windows Server 2016Tech preview 3 was released in August 2015
IBM Power Systems, IBM z Systems, Solaris, …
![Page 14: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/14.jpg)
What’s next?
14
Security
Default Docker Content TrustReleased in 1.8.0, currently opt-in
SeccompSyscall filtering
Stable user namespacesHelp us by testing in experimental
API authorization / authenticationCurrent working on a proposal from Twistlock
![Page 15: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/15.jpg)
What’s next?
15
Split, split, split!
Ongoing effort to decouple pieces of the Engine
MotivationsEase maintenanceGet more dedication to subsystems (e.g., builder)Options! (e.g., remove/wrap pieces, drop privileges, …)
Split runtimeRunC, standalone containers supervision
Split builderAllow to build client-side
![Page 16: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/16.jpg)
What’s next?
16
Converge, converge, converge!
Studying convergence of Swarm and Engine
MotivationsLot of technical overlapEngine as a degenerated single-node cluster
First hints in 1.9.0Engine node discovery (--cluster-advertise)
![Page 17: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/17.jpg)
DemoContainers are not lightweight VMs
![Page 18: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/18.jpg)
Demo
18
Linux namespaces
Network
Mount
PID
IPC
User
UTS
![Page 19: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/19.jpg)
Demo
19
Linux namespaces
Mount
PID
IPC
User
UTS
Mount
PID
IPC
User
UTS
App Wireshark
Host
Net
Net
���������������
![Page 20: DockerCon EU 2015 - The Latest on Docker Engine](https://reader033.vdocuments.site/reader033/viewer/2022050614/58f1e8491a28ab5c2b8b458f/html5/thumbnails/20.jpg)
Demo
20
Linux namespaces
Mount
PID
IPC
User
UTS
Wireshark
Net
Mount
PID
IPC
User
UTS N
et
App
Mount
PID
IPC
User
UTS
VNC
Net
���������������
�������������