SlideShare a Scribd company logo

What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi

M
Mike Goelzer

Docker 1.12 introduces several new features for managing containerized applications at scale including Docker Swarm mode for native clustering and orchestration. Key features include services that allow defining and updating distributed applications, a built-in routing mesh for load balancing between nodes, and security improvements like cryptographic node identities and TLS encryption by default. The document also discusses plugins, health checks, and distributed application bundles for declaring stacks of services.

Software
1 of 40
Downloaded 133 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
What’s New in Docker 1.12 Mike Goelzer (Spoiler alert: a lot!)
$ docker swarm init
$ docker swarm init $ docker swarm join <IP of manager>:2377
$ docker swarm init $ docker swarm join <IP of manager>:2377
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest mynet
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
≠ $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
$ docker service scale frontend=6 mynet
$ docker service scale frontend=10 mynet
$ docker service create --mode=global --name prometheus prom/prometheus mynet
docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp --constraint com.example.storage="ssd" frontend_image:latest docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp --constraint com.example.storage="ssd" frontend_image:latest $ docker service scale frontend=10 docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
Services
Services are grouped into stacks
Distributed Application Bundle (.dab) declares a stack
Swarm mode orchestration is optional ● You don’t have to use it ● 1.12 is fully backwards compatible ● Will not break existing deployments and scripts
Routing Mesh • Operator reserves a swarm- wide ingress port (80) for myapp • Every node listens on 80 • Container-aware routing mesh can transparently reroute traffic from Worker3 to a node that is running container • Built in load balancing into the Engine • DNS-based service discovery :80 :80 :80 :80 frontend frontend $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest frontend
Routing Mesh: Published Ports • Operator reserves a swarm- wide ingress port (80) for myapp • Every node listens on 80 • Container-aware routing mesh can transparently reroute traffic from Worker3 to a node that is running container • Built in load balancing into the Engine • DNS-based service discovery :80 :80 :80 :80 frontend frontend $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest frontend
Security out of the box ● Cryptographic Node Identity ○ Workload segregation (think PCI) ● There is no “insecure mode”: ○ TLS mutual auth ○ TLS encryption ○ Certificate rotation
HEALTHCHECK --interval=5m --timeout=3s --retries 3 CMD curl -f http://localhost/ || exit 1 Checks every 5 minutes that web server can return index page within 3 seconds. Three consecutive failures puts container in an unhealthy state. Container Health Check in Dockerfile
docker plugin install tiborvass/no-remove docker plugin enable no-remove docker plugin disable no-remove New Plugin Subcommands
$ docker plugin install tiborvass/no-remove Plugin "mikegoelzer/myplugin:latest" requested the following privileges: - Networking: host - Mounting host path: /data Do you grant the above permissions? [y/N] Plugin Permissions Model
Orchestration Deep Dive Andrea Luzzardi DockerCon 2016
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
Manager Worker
Manager Worker ● Each Node has a role ● Roles are dynamic ● Programmable Topology
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
● Strongly consistent: Holds desired state ● Simple to operate ● Blazing fast (in-memory reads, domain specific indexing, ...) ● Secure
● Eventually consistent: Routing mesh, load balancing rules, ... ● High volume, p2p network between workers ● Secure: Symmetric encryption with key rotation in Raft
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
Secure by default with end to end encryption • Cryptographic node identity • Automatic encryption and mutual auth (TLS) • Automatic cert rotation • External CA integration Certificate Authority TLS Certificate Authority TLS Certificate Authority TLS TLS TLSTLS
Learn more about 1.12 Monday 5:20 pm @ Ballroom 6E • Docker Security Deep Dive Tuesday 3:55 pm @ Ballroom 6E • Docker for Ops: Networking Deep Dive, Considerations and Troubleshooting
Mike Goelzer mgoelzer@docker.com / @mgoelzer Andrea Luzzardi al@docker.com / @aluzzardi Questions?
Thank You Mike Goelzer mgoelzer@docker.com / @mgoelzer Andrea Luzzardi al@docker.com / @aluzzardi

More Related Content

PPTX
Docker Security workshop slides
Docker, Inc.
 
PDF
Docker for Ops - Scott Coulton, Puppet
Docker, Inc.
 
PPTX
Docker Networking : 0 to 60mph slides
Docker, Inc.
 
PDF
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
Docker, Inc.
 
PPTX
Docker Meetup 08 03-2016
Docker
 
PDF
Docker for Developers - Part 1 by David Gageot
Docker, Inc.
 
PDF
Getting Deep on Orchestration: APIs, Actors, and Abstractions in a Distribute...
Docker, Inc.
 
PPTX
Dockerizing Windows Server Applications by Ender Barillas and Taylor Brown
Docker, Inc.
 
Docker Security workshop slides
Docker, Inc.
 
Docker for Ops - Scott Coulton, Puppet
Docker, Inc.
 
Docker Networking : 0 to 60mph slides
Docker, Inc.
 
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
Docker, Inc.
 
Docker Meetup 08 03-2016
Docker
 
Docker for Developers - Part 1 by David Gageot
Docker, Inc.
 
Getting Deep on Orchestration: APIs, Actors, and Abstractions in a Distribute...
Docker, Inc.
 
Dockerizing Windows Server Applications by Ender Barillas and Taylor Brown
Docker, Inc.
 

What's hot (20)

PPTX
Enabling Production Grade Containerized Applications through Policy Based Inf...
Docker, Inc.
 
PDF
Container orchestration from theory to practice
Docker, Inc.
 
PPTX
DockerCon EU 2015: Stop Being Lazy and Test Your Software!
Docker, Inc.
 
PDF
Docker Security Deep Dive by Ying Li and David Lawrence
Docker, Inc.
 
PDF
Docker for Developers - Part 2 by Borja Burgos and Fernando Mayo
Docker, Inc.
 
PDF
Docker for Devs - John Zaccone, IBM
Docker, Inc.
 
PDF
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
Docker, Inc.
 
PDF
DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...
Docker, Inc.
 
PDF
Docker Online Meetup: Infrakit update and Q&A
Docker, Inc.
 
PDF
Online Meetup: Why should container system / platform builders care about con...
Docker, Inc.
 
PPTX
Docker SF Meetup January 2016
Patrick Chanezon
 
PDF
Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
Docker, Inc.
 
PDF
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
Docker, Inc.
 
PPTX
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker, Inc.
 
PPTX
Programming the world with Docker
Patrick Chanezon
 
PDF
Orchestrating Linux Containers while tolerating failures
Docker, Inc.
 
PPTX
Docker Roadshow 2016
Docker, Inc.
 
PDF
DockerCon EU 2015: The Latest in Docker Engine
Docker, Inc.
 
PDF
DockerCon EU 2015: Trading Bitcoin with Docker
Docker, Inc.
 
PDF
Docker Multi-arch All The Things
Docker, Inc.
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Docker, Inc.
 
Container orchestration from theory to practice
Docker, Inc.
 
DockerCon EU 2015: Stop Being Lazy and Test Your Software!
Docker, Inc.
 
Docker Security Deep Dive by Ying Li and David Lawrence
Docker, Inc.
 
Docker for Developers - Part 2 by Borja Burgos and Fernando Mayo
Docker, Inc.
 
Docker for Devs - John Zaccone, IBM
Docker, Inc.
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
Docker, Inc.
 
DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...
Docker, Inc.
 
Docker Online Meetup: Infrakit update and Q&A
Docker, Inc.
 
Online Meetup: Why should container system / platform builders care about con...
Docker, Inc.
 
Docker SF Meetup January 2016
Patrick Chanezon
 
Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
Docker, Inc.
 
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
Docker, Inc.
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker, Inc.
 
Programming the world with Docker
Patrick Chanezon
 
Orchestrating Linux Containers while tolerating failures
Docker, Inc.
 
Docker Roadshow 2016
Docker, Inc.
 
DockerCon EU 2015: The Latest in Docker Engine
Docker, Inc.
 
DockerCon EU 2015: Trading Bitcoin with Docker
Docker, Inc.
 
Docker Multi-arch All The Things
Docker, Inc.
 
Ad

Viewers also liked (20)

PPTX
Thinking Inside the Container: A Continuous Delivery Story by Maxfield Stewart
Docker, Inc.
 
PDF
Containerd: Building a Container Supervisor by Michael Crosby
Docker, Inc.
 
PDF
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Docker, Inc.
 
PDF
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
PDF
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Docker, Inc.
 
PDF
Docker for Ops: Extending Docker with APIs, Drivers and Plugins by Arnaud Por...
Docker, Inc.
 
PDF
Docker, Docker Swarm mangement tool - Gorae
Rhio kim
 
PDF
Docker swarm
Alberto Guimarães Viana
 
PDF
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
Giovanni Toraldo
 
PDF
Docker swarm introduction
Evan Lin
 
PPTX
Load Balancing Apps in Docker Swarm with NGINX
NGINX, Inc.
 
PDF
Docker Swarm 0.2.0
Docker, Inc.
 
PPTX
Docker introduction
dotCloud
 
PDF
Docker 1.12 - Swarm Mode
Rafael Gomes
 
PPTX
Introduction to docker swarm
Walid Ashraf
 
PPT
An Introduction to Container Organization with Docker Swarm, Kubernetes, Meso...
Neo4j
 
PPTX
Docker Swarm Introduction
rajdeep
 
PDF
Docker Online Meetup #28: Production-Ready Docker Swarm
Docker, Inc.
 
PPTX
DockerCon 16 General Session Day 1
Docker, Inc.
 
PPTX
DockerCon 16 General Session Day 2
Docker, Inc.
 
Thinking Inside the Container: A Continuous Delivery Story by Maxfield Stewart
Docker, Inc.
 
Containerd: Building a Container Supervisor by Michael Crosby
Docker, Inc.
 
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Docker, Inc.
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Docker, Inc.
 
Docker for Ops: Extending Docker with APIs, Drivers and Plugins by Arnaud Por...
Docker, Inc.
 
Docker, Docker Swarm mangement tool - Gorae
Rhio kim
 
Docker swarm
Alberto Guimarães Viana
 
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
Giovanni Toraldo
 
Docker swarm introduction
Evan Lin
 
Load Balancing Apps in Docker Swarm with NGINX
NGINX, Inc.
 
Docker Swarm 0.2.0
Docker, Inc.
 
Docker introduction
dotCloud
 
Docker 1.12 - Swarm Mode
Rafael Gomes
 
Introduction to docker swarm
Walid Ashraf
 
An Introduction to Container Organization with Docker Swarm, Kubernetes, Meso...
Neo4j
 
Docker Swarm Introduction
rajdeep
 
Docker Online Meetup #28: Production-Ready Docker Swarm
Docker, Inc.
 
DockerCon 16 General Session Day 1
Docker, Inc.
 
DockerCon 16 General Session Day 2
Docker, Inc.
 
Ad

Similar to What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi (20)

PDF
New Docker Features for Orchestration and Containers
Jeff Anderson
 
PPTX
Nats meetup oct 2016 docker 112
Nirmal Mehta
 
PPTX
"Deploying Multi-OS Applications with Docker Swarm" with Docker's David Yu
Steven Puroll
 
PDF
Docker 1.12 and SwarmKit
Gianluca Arbezzano
 
PDF
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
Docker, Inc.
 
PDF
Deep Dive into Docker Swarm Mode
Ajeet Singh Raina
 
PDF
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
PROIDEA
 
PDF
Docker 1.12 networking deep dive
Madhu Venugopal
 
PDF
Docker Networking Deep Dive
Docker, Inc.
 
PDF
Demystfying container-networking
Balasundaram Natarajan
 
PDF
Troubleshooting Tips from a Docker Support Engineer - Jeff Anderson, Docker
Docker, Inc.
 
PDF
Troubleshooting Tips from a Docker Support Engineer
Jeff Anderson
 
PDF
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Ajeet Singh Raina
 
PPTX
Docker container management
Karol Kreft
 
PPTX
Docker Networking - Common Issues and Troubleshooting Techniques
Sreenivas Makam
 
PPTX
Docker 1.11 Presentation
Sreenivas Makam
 
PDF
Docker, the Future of DevOps
andersjanmyr
 
PPTX
Managing multicast stream on Docker.pptx
Thierry Gayet
 
PDF
Intersog Hack_n_Tell. Docker. First steps.
Intersog
 
PPTX
.NET Developer Days - Launching Patterns for Containers
Michele Leroux Bustamante
 
New Docker Features for Orchestration and Containers
Jeff Anderson
 
Nats meetup oct 2016 docker 112
Nirmal Mehta
 
"Deploying Multi-OS Applications with Docker Swarm" with Docker's David Yu
Steven Puroll
 
Docker 1.12 and SwarmKit
Gianluca Arbezzano
 
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
Docker, Inc.
 
Deep Dive into Docker Swarm Mode
Ajeet Singh Raina
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
PROIDEA
 
Docker 1.12 networking deep dive
Madhu Venugopal
 
Docker Networking Deep Dive
Docker, Inc.
 
Demystfying container-networking
Balasundaram Natarajan
 
Troubleshooting Tips from a Docker Support Engineer - Jeff Anderson, Docker
Docker, Inc.
 
Troubleshooting Tips from a Docker Support Engineer
Jeff Anderson
 
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Ajeet Singh Raina
 
Docker container management
Karol Kreft
 
Docker Networking - Common Issues and Troubleshooting Techniques
Sreenivas Makam
 
Docker 1.11 Presentation
Sreenivas Makam
 
Docker, the Future of DevOps
andersjanmyr
 
Managing multicast stream on Docker.pptx
Thierry Gayet
 
Intersog Hack_n_Tell. Docker. First steps.
Intersog
 
.NET Developer Days - Launching Patterns for Containers
Michele Leroux Bustamante
 

Recently uploaded (20)

PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PPTX
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
System and Network Administration Chapter 2
jaramharo
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Introduction Database Management System for Course Database
ReinertYosua
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
AI in Product Development-omnex systems
omnex systems
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 

What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi

  • 1. What’s New in Docker 1.12 Mike Goelzer (Spoiler alert: a lot!)
  • 3. $ docker swarm init $ docker swarm join <IP of manager>:2377
  • 4. $ docker swarm init $ docker swarm join <IP of manager>:2377
  • 5. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest mynet
  • 6. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
  • 7. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
  • 8. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
  • 9. ≠ $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
  • 10. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
  • 11. $ docker service scale frontend=6 mynet
  • 12. $ docker service scale frontend=10 mynet
  • 13. $ docker service create --mode=global --name prometheus prom/prometheus mynet
  • 14. docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
  • 15. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp --constraint com.example.storage="ssd" frontend_image:latest docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
  • 16. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp --constraint com.example.storage="ssd" frontend_image:latest $ docker service scale frontend=10 docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
  • 18. Services are grouped into stacks
  • 19. Distributed Application Bundle (.dab) declares a stack
  • 20. Swarm mode orchestration is optional ● You don’t have to use it ● 1.12 is fully backwards compatible ● Will not break existing deployments and scripts
  • 21. Routing Mesh • Operator reserves a swarm- wide ingress port (80) for myapp • Every node listens on 80 • Container-aware routing mesh can transparently reroute traffic from Worker3 to a node that is running container • Built in load balancing into the Engine • DNS-based service discovery :80 :80 :80 :80 frontend frontend $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest frontend
  • 22. Routing Mesh: Published Ports • Operator reserves a swarm- wide ingress port (80) for myapp • Every node listens on 80 • Container-aware routing mesh can transparently reroute traffic from Worker3 to a node that is running container • Built in load balancing into the Engine • DNS-based service discovery :80 :80 :80 :80 frontend frontend $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest frontend
  • 23. Security out of the box ● Cryptographic Node Identity ○ Workload segregation (think PCI) ● There is no “insecure mode”: ○ TLS mutual auth ○ TLS encryption ○ Certificate rotation
  • 24. HEALTHCHECK --interval=5m --timeout=3s --retries 3 CMD curl -f http://localhost/ || exit 1 Checks every 5 minutes that web server can return index page within 3 seconds. Three consecutive failures puts container in an unhealthy state. Container Health Check in Dockerfile
  • 25. docker plugin install tiborvass/no-remove docker plugin enable no-remove docker plugin disable no-remove New Plugin Subcommands
  • 26. $ docker plugin install tiborvass/no-remove Plugin "mikegoelzer/myplugin:latest" requested the following privileges: - Networking: host - Mounting host path: /data Do you grant the above permissions? [y/N] Plugin Permissions Model
  • 27. Orchestration Deep Dive Andrea Luzzardi DockerCon 2016
  • 30. Manager Worker ● Each Node has a role ● Roles are dynamic ● Programmable Topology
  • 32. ● Strongly consistent: Holds desired state ● Simple to operate ● Blazing fast (in-memory reads, domain specific indexing, ...) ● Secure
  • 33. ● Eventually consistent: Routing mesh, load balancing rules, ... ● High volume, p2p network between workers ● Secure: Symmetric encryption with key rotation in Raft
  • 37. Secure by default with end to end encryption • Cryptographic node identity • Automatic encryption and mutual auth (TLS) • Automatic cert rotation • External CA integration Certificate Authority TLS Certificate Authority TLS Certificate Authority TLS TLS TLSTLS
  • 38. Learn more about 1.12 Monday 5:20 pm @ Ballroom 6E • Docker Security Deep Dive Tuesday 3:55 pm @ Ballroom 6E • Docker for Ops: Networking Deep Dive, Considerations and Troubleshooting
  • 39. Mike Goelzer mgoelzer@docker.com / @mgoelzer Andrea Luzzardi al@docker.com / @aluzzardi Questions?
  • 40. Thank You Mike Goelzer mgoelzer@docker.com / @mgoelzer Andrea Luzzardi al@docker.com / @aluzzardi