dockercon eu 2015: the latest in docker engine
TRANSCRIPT
The latest in Docker Engine
Jessie FrazelleSoftware Engineer, Docker
Arnaud PorterieSenior Engineering Manager, Docker
The pastWhat happened since last DockerCon?
Engine recent history
3
Activity since last DockerCon
2,162 pull requests
… from 438 contributors… we closed 420 😕 (sorry!)… we merged 1,615 😇 (80%)
(+) 311,780 lines of code added
(-) 163,350 lines of code removed
Engine recent history
4
Activity since last DockerCon
Engine recent history
5
Releases since last DockerCon
2015-06-16 - Docker Engine 1.7 ZFS support Experimental pluginsExperimental multihost networking
2015-06-22 - Open Container InitiativeRuntime (libcontainer) donated to the Linux Foundation
2015-08-11 - Docker Engine 1.8Docker Content Trust Docker daemon subcommandMany, many, many bugfixes
The presentDocker Engine 1.9.0
Docker Engine 1.9.0
7
Builder improvements
Build time argumentsNew ARG Dockerfile instructionBuiltin support for HTTP_PROXY at build
Custom stop signalNew STOPSIGNAL Dockerfile instructionConfigure which signal should terminate the entrypoint
Docker Engine 1.9.0
8
Networking
Multihost networking is out of experimental Out of the box overlay networking
New docker network commandManage networks as a top-level object
Extensibility through pluginsAlready 6 implementations done or under development
Docker Engine 1.9.0
9
Volume management
New docker volume commandManage volumes as a top-level object
Extensibility through pluginsAlready several implementations (e.g., Flocker)See github.com/calavera/dkvolume for Go bootstrapping
Docker Engine 1.9.0
10
Experimental: user namespaces
GID/UID remapRoot in the container != root on the hostKey feature for multi-tenancy
Doesn’t come without drawbacks! Storage dir is scoped by gid/uid No more --net=container or --net=host
The futureWhat’s next for Docker Engine?
What’s next?
12
Distribution rework
MotivationsEase maintenanceFix long running structural issues
New manifest formatEnable multi-architecture images (“fat manifests”)
Few user visible changesLayers != image Images identified by sha256sum(manifest)
What’s next?
13
More platforms
Official ARM supportCurrently being worked on (thanks Hypriot!)
Windows Server 2016Tech preview 3 was released in August 2015
IBM Power Systems, IBM z Systems, Solaris, …
What’s next?
14
Security
Default Docker Content Trust Released in 1.8.0, currently opt-in
SeccompSyscall filtering
Stable user namespacesHelp us by testing in experimental
API authorization / authenticationCurrent working on a proposal from Twistlock
What’s next?
15
Split, split, split!
Ongoing effort to decouple pieces of the Engine
MotivationsEase maintenanceGet more dedication to subsystems (e.g., builder)Options! (e.g., remove/wrap pieces, drop privileges, …)
Split runtime RunC, standalone containers supervision
Split builderAllow to build client-side
What’s next?
16
Converge, converge, converge!
Studying convergence of Swarm and Engine
MotivationsLot of technical overlapEngine as a degenerated single-node cluster
First hints in 1.9.0Engine node discovery (--cluster-advertise)
DemoContainers are not lightweight VMs
Demo
18
Linux namespaces
Network
Mount
PID
IPC
User
UTS
Demo
19
Linux namespaces
Mount
PID
IPC
User
UTS
Mount
PID
IPC
User
UTS
App Wireshark
Host
Net
Net
/tmp
/.X1
1-un
ix/
Demo
20
Linux namespaces
Mount
PID
IPC
User
UTS
Wireshark
Net
Mount
PID
IPC
User
UTS
Net
App
Mount
PID
IPC
User
UTS
VNC
Net
/tmp/.X11-unix/
listen *:5901
22
Agenda
The futureWhat’s next?
The demo!
The pastNumbers Last releases
The presentDocker 1.9.0