DockerCon EU 2015: Day 1 General Session
12 likes38,746 views
DockerCon highlights include the evolution of Docker from stateless to stateful applications and the broadening of its platform compatibility, now supporting Windows Server and more tools. Various themes emphasize the importance of community contributions, real-world Docker adoption, and the focus on quality and security in development. Solomon Hykes and Ben Golub outline their commitment to innovation and user experience in the rapidly changing landscape of container technology.
DockerCon EU 2015: Day 1 General Session
- 1. Welcome to DockerCon! Ben Golub CEO, Docker Inc. @golubbe
- 2. The power of tools “Give me a lever and a place to stand, and I will move the world!” - Archimedes
- 3. The power of tools “Our mission is to build tools of mass innovation.” - Solomon Hykes
- 4. The Power of Tools in the Hands of Makers
- 5. The Power of Tools in the Hands of Makers Cosmology@Home lets you volunteer your spare computer time (like when your screen saver is on) to help search for the model which best describes our Universe and to find the range of models that agree with available cosmological and particle physics data.
- 6. Theme 1: It’s all about the makers!
- 7. What do you make with Docker? I build Adidas MENA Ecommerce platform I Dockerize Genomics My VPN connection is in a container I Dockerized my team! I deploy under custom OS in mobile I Dockerize Norwegian banking
- 8. Thank you to those who make Docker
- 9. Namespaces (IBM) Cgroups (Google) LXC tools The Linux Kernel Git SELinux (Red Hat) Solaris Zones BSD Jails +++We know we’re standin g on your shoulders Thank you to the giants
- 11. Thank you to the amazing global meetup community 215 Groups 63 Countries
- 12. Thank you to the awesome Docker Inc team
- 13. Thank you to our amazing sponsors
- 14. Partners, Tools and Applications Dev Tools Official Repositories Operating Systems Big Data Service Discovery Build / Continuous Integration Configuration Management Consulting &Training Management Storage Clustering & Scheduling Networking Infrastructure & Service Providers Security Monitoring & Logging
- 15. State of the Project
- 16. …and the bazaarThe cathedral… Sagrada Familia Construction started: 1882 Est. completion date: 2026 La Boqueria Open Air Market Operating successfully since 1217 "Sagfampassion" by Wjh31 - Own work - http://lifeinmegapixels.com. Licensed under CC BY 3.0 via Commons - https://commons.wikimedia.org/wiki/File:Sagfampassion.jpg#/media/File:Sagfa mpassion.jpg "La Boqueria" by Dungodung - Own work. Licensed under Public Domain via Commons - https://commons.wikimedia.org/wiki/File:La_Boqueria.JPG#/media/File:La_Boqueria.JPG
- 17. DockerCon EU 2015: 2 Years 8 Months A Year has passed, and our baby whale has grown! Our little whale is growing up DockerCon EU 2014: 20 Months
- 18. Some growth statistics Dockerized applications Docker related projects on GitHub Docker Hub pulls per second Docker Hub pulls per day More contributors to Docker open source 240K 655.6M 157%60M Docker Hub pulls since Jan 2015 1.3B
- 19. Docker Jobs 0 10000 20000 30000 40000 50000 60000 70000 Jan-14 Jan-15 PercentageGrowth Docker Job Trends
- 20. Functionality What has changed in the project? DCEU 14 • Docker Engine • Docker Registry DCEU 15 • Engine • Registry • Swarm • Networking • Toolbox • Notary • Compose • Machine • More to come today! Applications DCEU 14 • Primarily Stateless DCEU 15 • Stateless • Stateful • More to come today! Platforms DCEU 14 • All major 64 bit Linux Oss DCEU 15 • All major 64 bit Linux OS • Windows Server (TP4) • 32 bit • More to come today! Commercial Solutions DCEU 14 • Support • Hosted Registry DCEU 15 • Support • Hosted Registry • CS Engines • DTR, Tutum • More to come tomorrow! Governance DCEU 14 • Advisory Board DCEU 15 • Advisory Board • Runtime and format donated to foundation (OCI), with 30+ members • More to come today! Users DCEU 14 • Primarily test/dev • some prod DCEU 15 • Docker used widely in Production
- 21. Open Container Initiative 22 Availble on Github OCI Roadmap Github stars 2,223 Member companies 35+ Github forks Docker, Google, RedHat, CoreOS, Huawei, independents Maintainers 253 Contributors 130
- 22. Functionality What has changed in the project? DCEU 14 • Docker Engine • Docker Registry DCEU 15 • Engine • Registry • Swarm • Networking • Toolbox • Notary • Compose • Machine • More to come today! Applications DCEU 14 • Primarily Stateless DCEU 15 • Stateless • Stateful • More to come today! Platforms DCEU 14 • All major 64 bit Linux Oss DCEU 15 • All major 64 bit Linux OS • Windows Server (TP4) • 32 bit • More to come today! Commercial Solutions DCEU 14 • Support • Hosted Registry DCEU 15 • Support • Hosted Registry • CS Engines • DTR, Tutum • More to come tomorrow! Governance DCEU 14 • Advisory Board DCEU 15 • Advisory Board • Runtime and format donated to foundation (OCI), with 30+ members • More to come today! Users DCEU 14 • Primarily test/dev • some prod DCEU 15 • Docker used widely in Production
- 23. Theme 2: Docker in Production
- 24. Real World Usage of Docker Real Docker adoption is up 5x in one year Docker users using Swarm & Compose Users triple the # containers they use within 5 months Docker users already running in production 5x 85% 3x 40% Sources: O’Reilly, Coatue, Datadog
- 25. Thank You To All Of Our Users! Add 3DS
- 26. Docker in Production Real Community, Robust Ecosystem Secure & Extensible Portable Great for devs and ops Real users Solutions and Roadmap End to end Security Orchestration Networking Workflows for build, shipping, deploying/managing
- 27. Theme 3: End to End Matters
- 28. Apps Have Fundamentally Changed 29 Loosely Coupled Services Many Small Servers ~2000 Today Monolithic Big Servers Slow changing Rapidly updated
- 29. Lessons learned: 1 2 3 Developers do not adopt locked down platforms End to end matters: - Devs care about deployment - Ops cares about provenance Build management, orchestration, & more in a way that enables portability 30
- 30. Docker End to End Solutions BUILD SHIP RUN Registry Service Cloud or Private Infrastructure Plugins: Network, Volume, Clustering Management UIDocker Toolbox 31
- 32. Dockercon day 1 General session Solomon Hykes Founder & CTO, Docker
- 33. Photo Caption (Drag&drop a new photo onto photo to change) 3 Our mission is to build tools of mass innovation
- 34. Photo Caption (Drag&drop a new photo onto photo to change) Billions of creative people Incredible technology 4
- 35. Photo Caption (Drag&drop a new photo onto photo to change) Mass innovation 5
- 36. Photo Caption (Drag&drop a new photo onto photo to change) 6 What is the biggest innovation multiplier today?
- 37. Photo Caption (Drag&drop a new photo onto photo to change) 7 PROGRAMMING What is the biggest innovation multiplier today?
- 38. The Internet is pretty cool…
- 39. The Internet is pretty cool… and getting lots of upgrades! Servers, phones, TVs, cars, sensors, drones, homes, watches, maps, payment systems, scientific equipment, virtual worlds, data banks, crypto- currencies...
- 41. App App App App App App App App App App App Eager developer The Internet Software walled gardens
- 42. Photo Caption (Drag&drop a new photo onto photo to change) App App App App App App App App App App App We’re building a software layer to make the Internet programmable
- 43. Photo Caption (Drag&drop a new photo onto photo to change) The Docker Stack
- 44. Photo Caption (Drag&drop a new photo onto photo to change) Standards
- 45. Photo Caption (Drag&drop a new photo onto photo to change) Infrastructure
- 46. Photo Caption (Drag&drop a new photo onto photo to change) Dev tools
- 47. Photo Caption (Drag&drop a new photo onto photo to change) Solutions
- 48. Photo Caption (Drag&drop a new photo onto photo to change) Solutions Dev tools Infrastructure Standards The Docker Stack
- 50. Shipping a feature is just 1% of the work. It should work every time, for every user.
- 51. - Security and Reliability matter. - If it’s not usable, it’s worthless. - Things fail. Handle it gracefully. Quality means…
- 52. Quality is a journey, not a destination. Either you are focused on quality, or you’re not.
- 53. We will always put quality first.
- 54. Quality tools for developers What have we been up to?
- 55. Usability
- 56. Docker Compose supports all new Swarm/engine features - Magical service discovery - Use a micro-service architecture without rewriting your code - Build persistent services with volume management - All integrated into a seamless developer experience
- 57. Many small usability improvements. Details matter! - Fixing Virtualbox integration issues, one by one. - UI glitches, low priority bugs - Unusual configurations and usage patterns - Better error messages No silver bullet, just lots of unglamorous hard work.
- 58. Docker Developer Toolbox now has full Mac/Windows feature parity. Installer, Quickstart terminal, Compose, Machine, Kitematic
- 60. Security
- 61. Usable security
- 62. “How to make developers care about security?” Wrong question.
- 63. Unusable security is not security.
- 64. “How to give developers usable security?”
- 65. Docker Content Trust Secure and usable content distribution for developers.
- 66. Built on industry-leading research TUF and Notary enable Survivable Key Compromise, Proof of Origin, Protection against untrusted transports.
- 67. Can we make developers even more secure?
- 68. Hardware crypto support for Docker Content Trust and Proudly introduce
- 69. Docker Content Trust + hardware crypto = Survive almost any key compromise.
- 71. What did we just see?
- 72. What did we just see?
- 73. What did we just see?
- 74. With the right tools, every developer can become an ultra-secure software publisher.
- 75. Let’s prove it!
- 76. 3 easy steps
- 78. Quality tools for ops What have we been up to?
- 81. Isolation of Linux containers: it’s complicated - pid namespace - mnt namespace - net namespace - uts namespace - ipc namespace - user namespace (new) - pivot_root - uid/gid drop - cap drop - all cgroups - selinux - apparmor - seccomp
- 82. Isolation supported by Docker Engine 0.1 in March 2013 - pid namespace - mnt namespace - net namespace - uts namespace - ipc namespace user namespace (new) - pivot_root - uid/gid drop cap drop all cgroups selinux apparmor seccomp
- 83. Isolation supported in Swarm/Engine 1.9 - pid namespace - mnt namespace - net namespace - uts namespace - ipc namespace user namespace (new) - pivot_root - uid/gid drop - cap drop - all cgroups - selinux - apparmor seccomp
- 84. Isolation supported in Swarm/Engine experimental - pid namespace - mnt namespace - net namespace - uts namespace - ipc namespace user namespace (new) - pivot_root - uid/gid drop - cap drop - all cgroups - selinux - apparmor seccomp
- 85. http://docker.com/experimental Help us test the bleeding edge!
- 86. “Am I running vulnerable containers?”
- 87. Introducing Project Nautilus Built-in container security analysis in Docker Hub
- 88. Quietly went live on official repos two months ago, helped secure 74 millions pulls. self-service coming soon.
- 89. Nautilus uses Deep Content Analysis
- 90. Nautilus matches all container content against its own vulnerability database. It is not limited to the vulnerability database of Linux distributions.
- 91. Benefit 1: Detect vulnerabilities regardless of Linux distribution.
- 92. Benefit 2: We have caught several vulnerabilities in Linux distributions and collaborated to fix them.
- 93. Benefit 3: Face it: developers have their favorite package manager. Probably not the one shipped with the distro. But it’s OK! Nautilus will catch vulnerabilities anyway.
- 94. “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety” - Benjamin Franklin.
- 95. You don’t need to lock yourself into a Linux distribution to secure your containers.
- 96. SWARM 1.0 Ready for production
- 97. Swarm 1.0: ready for production - Connect any containers across your entire cluster - Create secure overlay networks out of the box - Swap in your favorite backend implementation - DNS service discovery supports unmodified applications Built-in multi-host networking
- 98. Swarm 1.0: ready for production - New volume management commands and API - Attach any volume to any container, dynamically - Swap in your favorite backend implementation Built-in persistent storage
- 99. Swarm 1.0: ready for production “But does it scale?”
- 101. - We scaled Swarm to 50k containers and 1k nodes - Had to stop because of EC2 limit - Swarm keeps scheduling without breaking a sweat - Expect bigger numbers soon - Yes, software can be both scalable and usable What did we just see?
- 102. In summary...
- 103. Quality tools for developers - Many usability improvements - Full Mac/Windows feature parity - Trusted content distribution for developers - Support for hardware crypto Quality tools for ops - More isolation features in Swarm/engine - Swarm 1.0 is ready for production - Swarm can run persistent services - Swarm works a very large scale
- 106. Happy Hacking!