SlideShare a Scribd company logo

ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)

DynamicInfraDays
DynamicInfraDays

The document provides an overview of Docker for developers. It summarizes Docker Toolbox, the previous solution for using Docker on Mac or Windows, and introduces Docker for Mac. Docker for Mac uses a new virtualization technique called HyperKit that embeds a lightweight Alpine Linux distribution. It also discusses networking and storage solutions in Docker for Mac that aim to provide a native Mac experience while integrating with existing developer workflows. The document concludes with brief discussions of Docker Cloud for security scanning and automation capabilities.

Technology
1 of 30
DOCKER FOR DEVELOPERS Borja Burgos-Galindo (@borja_burgos) Docker, Inc ContainerDays Boston 2016
OVERVIEW Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage 2 Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
DOCKER TOOLBOX 3 All the Linux tools collected in one installer: Bundle includes a full VirtualBox installation Boot2Docker Virtual Machine The Kitematic UI controlled these pieces A relatively loose collection of components: Installation and lack of integrated updates caused numerous user issues Performance not ideal due to the layering, especially for file sharing Yet most Docker users use a Mac or Windows host as their development environment
OVERVIEW 4 Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
DOCKER FOR MAC Easy drag and drop installation, and autoupdates to get latest Docker. Secure, sandboxed virtualisation architecture without elevated privileges. Native networking support, with VPN and network sharing compatibility. File sharing between container and host: uid mapping, inotify events, etc. 5 Aiming for a native OSX experience that works with existing developer workflows.
OVERVIEW 6 Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
DOCKER FOR MAC > VIRTUALIZATION 7 Uses the new HyperKit framework, which is in turn based on xHyve and FreeBSD's bHyve. Sandbox friendly: processes largely run as non-root, with privileges of the local user. OSX Kernel Hardware virt: VMX, nested paging Userspace User ProcessHypervisor. framework Process Linux Kernel VirtIO IPC VirtIO Block VirtIO Net Alpine Linux Userspace Latest Docker preconfigured Logs redirected to OSX host QCow2 VPNKit
DOCKER FOR MAC > VIRTUALIZATION 8 Embeds Linux: includes an embedded lightweight Alpine Linux distribution optimised for fast boot and stateless operation for containers. $ docker info Containers: 358 Running: 13 Paused: 0 Stopped: 345 Images: 485 Server Version: 1.11.1 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Backing Filesystem: extfs Dirperm1 Supported: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge null host Kernel Version: 4.4.9-moby Operating System: Alpine Linux v3.3 OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.858 GiB Uses the new HyperKit framework, which is in turn based on xHyve and FreeBSD's bHyve.
DOCKER FOR MAC > VIRTUALIZATION 9 Sandbox friendly: processes largely run as non-root, with privileges of the local user. Embeds Linux: includes an embedded lightweight Alpine Linux distribution optimized for fast boot and stateless operation for containers. Drag 'n drop installation: Docker.app is self-contained, installs symlinks from app bundle into /usr/ local, and autoupdates. Uses the new HyperKit framework, which is in turn based on xHyve and FreeBSD's bHyve.
DEMO DOCKER FOR MAC > VIRTUALIZATION 10
OVERVIEW Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage 11 Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
DOCKER FOR MAC > NETWORKING Want to hide the gory details of virtualisation from the user. The Linux VM should be "invisible". Not solving this leads to many user complaints: VPN software and corporate installations do not like bridged virtual machines or custom routing.
 Result: container traffic cannot connect to Internet. Services cannot be exposed on localhost or the external interface and are instead on the Linux VM IP address.
 Result: breaks common web oAuth workflows. 12
DOCKER FOR MAC > NETWORKING 13 Challenge #1: Deal with custom VPN software on the host that makes it difficult to bridge. Solution: VPNKit, efficiently reconstructs container traffic into separate TCP/IP flows and translates them into native OSX/Windows sockets. OSX Host Linux Host Container RUN <...>com.docker.hyperkit-net Reconstruct traffic TCP flows Translate to OSX socket calls Ethernet bridge DHCPv4 NTP
DOCKER FOR MAC > NETWORKING 14 Challenge #1: Deal with custom VPN software on the host that makes it difficult to bridge. OSX Host Linux Host Container RUN <...>com.docker.hyperkit-net Reconstruct traffic TCP flows Translate to OSX socket calls Ethernet bridge DHCPv4 NTP Benefit: All network traffic is generated from normal socket calls (e.g. gethostbyaddr) on the Mac, so interacts well with firewalls, VPNs, and any local security policies.
DOCKER FOR MAC > NETWORKING 15 Challenge #2: Challenge: Services publishing ports should be exposed on localhost without needing VM info. Solution: VPNKit forwards container port requests to a OSX service which binds them natively on its external interface. OSX Host Linux Host Privileged Port Service Container EXPOSE Port Service VSock Binder RUN <...> VSock Listener Userland Proxy
DOCKER FOR MAC > NETWORKING 16 Challenge #2: Challenge: Services publishing ports should be exposed on localhost without needing VM info. Benefits: docker run -P on the Mac now works without requiring any knowledge of the VM innards. External oAuth workflows operate with web apps. OSX Host Linux Host Privileged Port Service Container EXPOSE Port Service VSock Binder RUN <...> VSock Listener Userland Proxy
DEMO DOCKER FOR MAC > NETWORKING 17
OVERVIEW 18 Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
DOCKER FOR MAC > STORAGE 19 Challenge #1: Share arbitrary OSX directory tree into Linux container without requiring extensive modification of either side. Solution: Use a FUSE forwarding layer and translate Linux filesystem calls to OSX equivalents. OSX Host Linux Host Container VOLUMEcom.docker.osxfs Track extra metadata Translate to OSX filesystem calls FUSE
DOCKER FOR MAC > STORAGE 20 Challenge #1: Need filesystem activation so events on the Mac wake up container servers and vice-versa. Solution: osxfs uses FSEvents API and injects inotify activation events into container. OSX Host Linux Host Container VOLUMEcom.docker.osxfs FSEvents watches open files Events from Linux causes OSX apps to wake up FUSE
DOCKER FOR MAC > STORAGE 21 DEMO
DOCKER FOR MAC 22 MULTI-CPU ARCH $ docker run resin/armv7hf-debian uname -a Linux 7ed2fca7a3f0 4.1.12 #1 SMP Tue Jan 12 10:51:00 UTC 2016 armv7l GNU/Linux $ docker run justincormack/ppc64le-debian uname -a Linux edd13885f316 4.1.12 #1 SMP Tue Jan 12 10:51:00 UTC 2016 ppc64le GNU/Linux
OVERVIEW 23 Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
DOCKER CLOUD: SECURITY SCANNING 24
DOCKER CLOUD: SECURITY SCANNING 25 Deep visibility into security profile Continuous monitoring and notifications Secure across the content lifecycle
DOCKER CLOUD: SECURITY SCANNING 26 DEMO
OVERVIEW 27 Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
Dev Deploy ManageBuild CI CD Code repo Image repo Monitoring Logging Scaling Deploy Manage DOCKER CLOUD: AUTOMATION
DOCKER CLOUD: AUTOMATION 29 DEMO
THANK YOU!

Recommended

ContainerDays Boston 2016: "Autopilot: Running Real-world Applications in Con...
ContainerDays Boston 2016: "Autopilot: Running Real-world Applications in Con...ContainerDays Boston 2016: "Autopilot: Running Real-world Applications in Con...
ContainerDays Boston 2016: "Autopilot: Running Real-world Applications in Con...
DynamicInfraDays
 
Docker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT InfrastructureDocker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT Infrastructure
Docker, Inc.
 
Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016
Patrick Chanezon
 
Openbar 7 - Leuven - OpenShift - The Enterprise Container Platform - Piros
Openbar 7 - Leuven - OpenShift - The Enterprise Container Platform - PirosOpenbar 7 - Leuven - OpenShift - The Enterprise Container Platform - Piros
Openbar 7 - Leuven - OpenShift - The Enterprise Container Platform - Piros
Openbar
 
Mihai Criveti - PyCon Ireland - Automate Everything
Mihai Criveti - PyCon Ireland - Automate EverythingMihai Criveti - PyCon Ireland - Automate Everything
Mihai Criveti - PyCon Ireland - Automate Everything
Mihai Criveti
 
A Dive Into Containers and Docker
A Dive Into Containers and DockerA Dive Into Containers and Docker
A Dive Into Containers and Docker
Matthew Farina
 
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on AzureDocker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Patrick Chanezon
 
Automate App Container Delivery with CI/CD and DevOps
Automate App Container Delivery with CI/CD and DevOpsAutomate App Container Delivery with CI/CD and DevOps
Automate App Container Delivery with CI/CD and DevOps
Daniel Oh
 

Recommended

ContainerDays Boston 2016: "Autopilot: Running Real-world Applications in Con...
ContainerDays Boston 2016: "Autopilot: Running Real-world Applications in Con...ContainerDays Boston 2016: "Autopilot: Running Real-world Applications in Con...
ContainerDays Boston 2016: "Autopilot: Running Real-world Applications in Con...
DynamicInfraDays
 
Docker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT InfrastructureDocker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT Infrastructure
Docker, Inc.
 
Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016
Patrick Chanezon
 
Openbar 7 - Leuven - OpenShift - The Enterprise Container Platform - Piros
Openbar 7 - Leuven - OpenShift - The Enterprise Container Platform - PirosOpenbar 7 - Leuven - OpenShift - The Enterprise Container Platform - Piros
Openbar 7 - Leuven - OpenShift - The Enterprise Container Platform - Piros
Openbar
 
Mihai Criveti - PyCon Ireland - Automate Everything
Mihai Criveti - PyCon Ireland - Automate EverythingMihai Criveti - PyCon Ireland - Automate Everything
Mihai Criveti - PyCon Ireland - Automate Everything
Mihai Criveti
 
A Dive Into Containers and Docker
A Dive Into Containers and DockerA Dive Into Containers and Docker
A Dive Into Containers and Docker
Matthew Farina
 
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on AzureDocker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Patrick Chanezon
 
Automate App Container Delivery with CI/CD and DevOps
Automate App Container Delivery with CI/CD and DevOpsAutomate App Container Delivery with CI/CD and DevOps
Automate App Container Delivery with CI/CD and DevOps
Daniel Oh
 
Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Docker Container As A Service - March 2016
Docker Container As A Service - March 2016
Patrick Chanezon
 
Docker and Containers overview - Docker Workshop
Docker and Containers overview - Docker WorkshopDocker and Containers overview - Docker Workshop
Docker and Containers overview - Docker Workshop
Jonas Rosland
 
OpenShift and next generation application development
OpenShift and next generation application developmentOpenShift and next generation application development
OpenShift and next generation application development
Syed Shaaf
 
Openshift: The power of kubernetes for engineers - Riga Dev Days 18
Openshift: The power of kubernetes for engineers - Riga Dev Days 18Openshift: The power of kubernetes for engineers - Riga Dev Days 18
Openshift: The power of kubernetes for engineers - Riga Dev Days 18
Jorge Morales
 
Dockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaS
Dockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaSDockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaS
Dockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaS
Adrien Blind
 
Journey to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftJourney to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshift
Yusuf Hadiwinata Sutandar
 
Docker Platform and Ecosystem
Docker Platform and EcosystemDocker Platform and Ecosystem
Docker Platform and Ecosystem
Patrick Chanezon
 
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Docker, Inc.
 
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
Eric D. Schabell
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image Lifecycle
Mihai Criveti
 
A Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using DockerA Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using Docker
Ajeet Singh Raina
 
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Patrick Chanezon
 
Continuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & KontenaContinuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & Kontena
Jussi Nummelin
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Patrick Chanezon
 
Couchbase on Docker - Couchbase Connect 2015
Couchbase on Docker - Couchbase Connect 2015Couchbase on Docker - Couchbase Connect 2015
Couchbase on Docker - Couchbase Connect 2015
Patrick Chanezon
 
Enabling Cloud Native Buildpacks for Windows Containers
Enabling Cloud Native Buildpacks for Windows ContainersEnabling Cloud Native Buildpacks for Windows Containers
Enabling Cloud Native Buildpacks for Windows Containers
VMware Tanzu
 
Docker meetup-20-apr-17-openshit
Docker meetup-20-apr-17-openshitDocker meetup-20-apr-17-openshit
Docker meetup-20-apr-17-openshit
Yusuf Hadiwinata Sutandar
 
NCA GTUG 2012 - Cloud is such stuff as dreams are made on
NCA GTUG 2012 - Cloud is such stuff as dreams are made onNCA GTUG 2012 - Cloud is such stuff as dreams are made on
NCA GTUG 2012 - Cloud is such stuff as dreams are made on
Patrick Chanezon
 
Docker Devoxx UK - Never mind the bollocks here's the Linux Containers
Docker Devoxx UK - Never mind the bollocks here's the Linux ContainersDocker Devoxx UK - Never mind the bollocks here's the Linux Containers
Docker Devoxx UK - Never mind the bollocks here's the Linux Containers
Patrick Chanezon
 
O'Reilly Software Architecture Conference London 2017: Building Resilient Mic...
O'Reilly Software Architecture Conference London 2017: Building Resilient Mic...O'Reilly Software Architecture Conference London 2017: Building Resilient Mic...
O'Reilly Software Architecture Conference London 2017: Building Resilient Mic...
Ambassador Labs
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Phil Estes
 
Be a happier developer with Docker: Tricks of the trade
Be a happier developer with Docker: Tricks of the tradeBe a happier developer with Docker: Tricks of the trade
Be a happier developer with Docker: Tricks of the trade
Nicola Paolucci
 

More Related Content

What's hot

An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
Eric D. Schabell
 
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Patrick Chanezon
 
NCA GTUG 2012 - Cloud is such stuff as dreams are made on
NCA GTUG 2012 - Cloud is such stuff as dreams are made onNCA GTUG 2012 - Cloud is such stuff as dreams are made on
NCA GTUG 2012 - Cloud is such stuff as dreams are made on
Patrick Chanezon
 
Docker Devoxx UK - Never mind the bollocks here's the Linux Containers
Docker Devoxx UK - Never mind the bollocks here's the Linux ContainersDocker Devoxx UK - Never mind the bollocks here's the Linux Containers
Docker Devoxx UK - Never mind the bollocks here's the Linux Containers
Patrick Chanezon
 

What's hot (20)

Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Docker Container As A Service - March 2016
Docker Container As A Service - March 2016
 
Docker and Containers overview - Docker Workshop
Docker and Containers overview - Docker WorkshopDocker and Containers overview - Docker Workshop
Docker and Containers overview - Docker Workshop
 
OpenShift and next generation application development
OpenShift and next generation application developmentOpenShift and next generation application development
OpenShift and next generation application development
 
Openshift: The power of kubernetes for engineers - Riga Dev Days 18
Openshift: The power of kubernetes for engineers - Riga Dev Days 18Openshift: The power of kubernetes for engineers - Riga Dev Days 18
Openshift: The power of kubernetes for engineers - Riga Dev Days 18
 
Dockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaS
Dockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaSDockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaS
Dockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaS
 
Journey to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftJourney to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshift
 
Docker Platform and Ecosystem
Docker Platform and EcosystemDocker Platform and Ecosystem
Docker Platform and Ecosystem
 
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
 
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image Lifecycle
 
A Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using DockerA Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using Docker
 
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
 
Continuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & KontenaContinuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & Kontena
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
 
Couchbase on Docker - Couchbase Connect 2015
Couchbase on Docker - Couchbase Connect 2015Couchbase on Docker - Couchbase Connect 2015
Couchbase on Docker - Couchbase Connect 2015
 
Enabling Cloud Native Buildpacks for Windows Containers
Enabling Cloud Native Buildpacks for Windows ContainersEnabling Cloud Native Buildpacks for Windows Containers
Enabling Cloud Native Buildpacks for Windows Containers
 
Docker meetup-20-apr-17-openshit
Docker meetup-20-apr-17-openshitDocker meetup-20-apr-17-openshit
Docker meetup-20-apr-17-openshit
 
NCA GTUG 2012 - Cloud is such stuff as dreams are made on
NCA GTUG 2012 - Cloud is such stuff as dreams are made onNCA GTUG 2012 - Cloud is such stuff as dreams are made on
NCA GTUG 2012 - Cloud is such stuff as dreams are made on
 
Docker Devoxx UK - Never mind the bollocks here's the Linux Containers
Docker Devoxx UK - Never mind the bollocks here's the Linux ContainersDocker Devoxx UK - Never mind the bollocks here's the Linux Containers
Docker Devoxx UK - Never mind the bollocks here's the Linux Containers
 
O'Reilly Software Architecture Conference London 2017: Building Resilient Mic...
O'Reilly Software Architecture Conference London 2017: Building Resilient Mic...O'Reilly Software Architecture Conference London 2017: Building Resilient Mic...
O'Reilly Software Architecture Conference London 2017: Building Resilient Mic...
 

Viewers also liked

Enterprise Knowledge Graph
Enterprise Knowledge GraphEnterprise Knowledge Graph
Enterprise Knowledge Graph
Lukas Masuch
 
Tesla Accelerated Computing Platform
Tesla Accelerated Computing PlatformTesla Accelerated Computing Platform
Tesla Accelerated Computing Platform
inside-BigData.com
 
Deep learning - A Visual Introduction
Deep learning - A Visual IntroductionDeep learning - A Visual Introduction
Deep learning - A Visual Introduction
Lukas Masuch
 
Deep Learning - The Past, Present and Future of Artificial Intelligence
Deep Learning - The Past, Present and Future of Artificial IntelligenceDeep Learning - The Past, Present and Future of Artificial Intelligence
Deep Learning - The Past, Present and Future of Artificial Intelligence
Lukas Masuch
 

Viewers also liked (9)

Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
 
Be a happier developer with Docker: Tricks of the trade
Be a happier developer with Docker: Tricks of the tradeBe a happier developer with Docker: Tricks of the trade
Be a happier developer with Docker: Tricks of the trade
 
Tensorflow in Docker
Tensorflow in DockerTensorflow in Docker
Tensorflow in Docker
 
Enterprise Knowledge Graph
Enterprise Knowledge GraphEnterprise Knowledge Graph
Enterprise Knowledge Graph
 
Chainerのテスト環境とDockerでのCUDAの利用
Chainerのテスト環境とDockerでのCUDAの利用Chainerのテスト環境とDockerでのCUDAの利用
Chainerのテスト環境とDockerでのCUDAの利用
 
Tesla Accelerated Computing Platform
Tesla Accelerated Computing PlatformTesla Accelerated Computing Platform
Tesla Accelerated Computing Platform
 
Basic docker for developer
Basic docker for developerBasic docker for developer
Basic docker for developer
 
Deep learning - A Visual Introduction
Deep learning - A Visual IntroductionDeep learning - A Visual Introduction
Deep learning - A Visual Introduction
 
Deep Learning - The Past, Present and Future of Artificial Intelligence
Deep Learning - The Past, Present and Future of Artificial IntelligenceDeep Learning - The Past, Present and Future of Artificial Intelligence
Deep Learning - The Past, Present and Future of Artificial Intelligence
 

Similar to ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)

OSCON: Advanced Docker developer workflows on Mac OS and Windows
OSCON: Advanced Docker developer workflows on Mac OS and WindowsOSCON: Advanced Docker developer workflows on Mac OS and Windows
OSCON: Advanced Docker developer workflows on Mac OS and Windows
Docker, Inc.
 
.docker : How to deploy Digital Experience in a container, drinking a cup of ...
.docker : How to deploy Digital Experience in a container, drinking a cup of ....docker : How to deploy Digital Experience in a container, drinking a cup of ...
.docker : How to deploy Digital Experience in a container, drinking a cup of ...
ICON UK EVENTS Limited
 
Docker for .NET Developers - Michele Leroux Bustamante, Solliance
Docker for .NET Developers - Michele Leroux Bustamante, SollianceDocker for .NET Developers - Michele Leroux Bustamante, Solliance
Docker for .NET Developers - Michele Leroux Bustamante, Solliance
Docker, Inc.
 

Similar to ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos) (20)

The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and Windows
 
OSCON: Advanced Docker developer workflows on Mac OS and Windows
OSCON: Advanced Docker developer workflows on Mac OS and WindowsOSCON: Advanced Docker developer workflows on Mac OS and Windows
OSCON: Advanced Docker developer workflows on Mac OS and Windows
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: Introduction
 
Docker: A New Way to Turbocharging Your Apps Development
Docker: A New Way to Turbocharging Your Apps DevelopmentDocker: A New Way to Turbocharging Your Apps Development
Docker: A New Way to Turbocharging Your Apps Development
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
 
Docker Meetup 08 03-2016
Docker Meetup 08 03-2016Docker Meetup 08 03-2016
Docker Meetup 08 03-2016
 
Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30
 
Docker - fundamental
Docker - fundamentalDocker - fundamental
Docker - fundamental
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
 
Docker for .net developer
Docker for .net developerDocker for .net developer
Docker for .net developer
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET Developers
 
Faster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker PlatformFaster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker Platform
 
Docker 101 Checonf 2016
Docker 101 Checonf 2016Docker 101 Checonf 2016
Docker 101 Checonf 2016
 
Academy PRO: Docker. Part 4
Academy PRO: Docker. Part 4Academy PRO: Docker. Part 4
Academy PRO: Docker. Part 4
 
Containerizing Web Application with Docker
Containerizing Web Application with DockerContainerizing Web Application with Docker
Containerizing Web Application with Docker
 
.docker : How to deploy Digital Experience in a container, drinking a cup of ...
.docker : How to deploy Digital Experience in a container, drinking a cup of ....docker : How to deploy Digital Experience in a container, drinking a cup of ...
.docker : How to deploy Digital Experience in a container, drinking a cup of ...
 
Docker for .NET Developers - Michele Leroux Bustamante, Solliance
Docker for .NET Developers - Michele Leroux Bustamante, SollianceDocker for .NET Developers - Michele Leroux Bustamante, Solliance
Docker for .NET Developers - Michele Leroux Bustamante, Solliance
 
Import golang; struct microservice - Codemotion Rome 2015
Import golang; struct microservice - Codemotion Rome 2015Import golang; struct microservice - Codemotion Rome 2015
Import golang; struct microservice - Codemotion Rome 2015
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 

More from DynamicInfraDays

More from DynamicInfraDays (16)

ContainerDays NYC 2016: "From Hello World to Real World: Building a Productio...
ContainerDays NYC 2016: "From Hello World to Real World: Building a Productio...ContainerDays NYC 2016: "From Hello World to Real World: Building a Productio...
ContainerDays NYC 2016: "From Hello World to Real World: Building a Productio...
 
ContainerDays NYC 2016: "Securing Your Docker Image Registry for Production" ...
ContainerDays NYC 2016: "Securing Your Docker Image Registry for Production" ...ContainerDays NYC 2016: "Securing Your Docker Image Registry for Production" ...
ContainerDays NYC 2016: "Securing Your Docker Image Registry for Production" ...
 
ContainerDays NYC 2016: "OpenWhisk: A Serverless Computing Platform" (Rodric ...
ContainerDays NYC 2016: "OpenWhisk: A Serverless Computing Platform" (Rodric ...ContainerDays NYC 2016: "OpenWhisk: A Serverless Computing Platform" (Rodric ...
ContainerDays NYC 2016: "OpenWhisk: A Serverless Computing Platform" (Rodric ...
 
ContainerDays NYC 2016: "State of the Persistence Art: Present Best Practices...
ContainerDays NYC 2016: "State of the Persistence Art: Present Best Practices...ContainerDays NYC 2016: "State of the Persistence Art: Present Best Practices...
ContainerDays NYC 2016: "State of the Persistence Art: Present Best Practices...
 
ContainerDays NYC 2016: "Observability and Manageability in a Container Envir...
ContainerDays NYC 2016: "Observability and Manageability in a Container Envir...ContainerDays NYC 2016: "Observability and Manageability in a Container Envir...
ContainerDays NYC 2016: "Observability and Manageability in a Container Envir...
 
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
 
ContainerDays NYC 2016: "Containers in Azure: Understanding the Microsoft Con...
ContainerDays NYC 2016: "Containers in Azure: Understanding the Microsoft Con...ContainerDays NYC 2016: "Containers in Azure: Understanding the Microsoft Con...
ContainerDays NYC 2016: "Containers in Azure: Understanding the Microsoft Con...
 
ContainerDays NYC 2016: "Introduction to Application Automation with Habitat"...
ContainerDays NYC 2016: "Introduction to Application Automation with Habitat"...ContainerDays NYC 2016: "Introduction to Application Automation with Habitat"...
ContainerDays NYC 2016: "Introduction to Application Automation with Habitat"...
 
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...
 
ContainerDays NYC 2015: "Container Orchestration Compared: Kubernetes and Doc...
ContainerDays NYC 2015: "Container Orchestration Compared: Kubernetes and Doc...ContainerDays NYC 2015: "Container Orchestration Compared: Kubernetes and Doc...
ContainerDays NYC 2015: "Container Orchestration Compared: Kubernetes and Doc...
 
ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" ...
ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" ...ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" ...
ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" ...
 
ContainerDays NYC 2015: "How Yodle Cleaned Up the Mess Using Containers and M...
ContainerDays NYC 2015: "How Yodle Cleaned Up the Mess Using Containers and M...ContainerDays NYC 2015: "How Yodle Cleaned Up the Mess Using Containers and M...
ContainerDays NYC 2015: "How Yodle Cleaned Up the Mess Using Containers and M...
 
ContainerDays NYC 2015: "Easing Your Way Into Docker: Lessons From a Journey ...
ContainerDays NYC 2015: "Easing Your Way Into Docker: Lessons From a Journey ...ContainerDays NYC 2015: "Easing Your Way Into Docker: Lessons From a Journey ...
ContainerDays NYC 2015: "Easing Your Way Into Docker: Lessons From a Journey ...
 
ContainerDays Boston 2015: "CoreOS: Building the Layers of the Scalable Clust...
ContainerDays Boston 2015: "CoreOS: Building the Layers of the Scalable Clust...ContainerDays Boston 2015: "CoreOS: Building the Layers of the Scalable Clust...
ContainerDays Boston 2015: "CoreOS: Building the Layers of the Scalable Clust...
 
ContainerDays Boston 2015: "Continuous Delivery with Containers" (Nick Gauthier)
ContainerDays Boston 2015: "Continuous Delivery with Containers" (Nick Gauthier)ContainerDays Boston 2015: "Continuous Delivery with Containers" (Nick Gauthier)
ContainerDays Boston 2015: "Continuous Delivery with Containers" (Nick Gauthier)
 
ContainerDays Boston 2015: "A Brief History of Containers" (Jeff Victor & Kir...
ContainerDays Boston 2015: "A Brief History of Containers" (Jeff Victor & Kir...ContainerDays Boston 2015: "A Brief History of Containers" (Jeff Victor & Kir...
ContainerDays Boston 2015: "A Brief History of Containers" (Jeff Victor & Kir...
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)

  • 1. DOCKER FOR DEVELOPERS Borja Burgos-Galindo (@borja_burgos) Docker, Inc ContainerDays Boston 2016
  • 2. OVERVIEW Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage 2 Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
  • 3. DOCKER TOOLBOX 3 All the Linux tools collected in one installer: Bundle includes a full VirtualBox installation Boot2Docker Virtual Machine The Kitematic UI controlled these pieces A relatively loose collection of components: Installation and lack of integrated updates caused numerous user issues Performance not ideal due to the layering, especially for file sharing Yet most Docker users use a Mac or Windows host as their development environment
  • 4. OVERVIEW 4 Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
  • 5. DOCKER FOR MAC Easy drag and drop installation, and autoupdates to get latest Docker. Secure, sandboxed virtualisation architecture without elevated privileges. Native networking support, with VPN and network sharing compatibility. File sharing between container and host: uid mapping, inotify events, etc. 5 Aiming for a native OSX experience that works with existing developer workflows.
  • 6. OVERVIEW 6 Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
  • 7. DOCKER FOR MAC > VIRTUALIZATION 7 Uses the new HyperKit framework, which is in turn based on xHyve and FreeBSD's bHyve. Sandbox friendly: processes largely run as non-root, with privileges of the local user. OSX Kernel Hardware virt: VMX, nested paging Userspace User ProcessHypervisor. framework Process Linux Kernel VirtIO IPC VirtIO Block VirtIO Net Alpine Linux Userspace Latest Docker preconfigured Logs redirected to OSX host QCow2 VPNKit
  • 8. DOCKER FOR MAC > VIRTUALIZATION 8 Embeds Linux: includes an embedded lightweight Alpine Linux distribution optimised for fast boot and stateless operation for containers. $ docker info Containers: 358 Running: 13 Paused: 0 Stopped: 345 Images: 485 Server Version: 1.11.1 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Backing Filesystem: extfs Dirperm1 Supported: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge null host Kernel Version: 4.4.9-moby Operating System: Alpine Linux v3.3 OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.858 GiB Uses the new HyperKit framework, which is in turn based on xHyve and FreeBSD's bHyve.
  • 9. DOCKER FOR MAC > VIRTUALIZATION 9 Sandbox friendly: processes largely run as non-root, with privileges of the local user. Embeds Linux: includes an embedded lightweight Alpine Linux distribution optimized for fast boot and stateless operation for containers. Drag 'n drop installation: Docker.app is self-contained, installs symlinks from app bundle into /usr/ local, and autoupdates. Uses the new HyperKit framework, which is in turn based on xHyve and FreeBSD's bHyve.
  • 10. DEMO DOCKER FOR MAC > VIRTUALIZATION 10
  • 11. OVERVIEW Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage 11 Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
  • 12. DOCKER FOR MAC > NETWORKING Want to hide the gory details of virtualisation from the user. The Linux VM should be "invisible". Not solving this leads to many user complaints: VPN software and corporate installations do not like bridged virtual machines or custom routing.
 Result: container traffic cannot connect to Internet. Services cannot be exposed on localhost or the external interface and are instead on the Linux VM IP address.
 Result: breaks common web oAuth workflows. 12
  • 13. DOCKER FOR MAC > NETWORKING 13 Challenge #1: Deal with custom VPN software on the host that makes it difficult to bridge. Solution: VPNKit, efficiently reconstructs container traffic into separate TCP/IP flows and translates them into native OSX/Windows sockets. OSX Host Linux Host Container RUN <...>com.docker.hyperkit-net Reconstruct traffic TCP flows Translate to OSX socket calls Ethernet bridge DHCPv4 NTP
  • 14. DOCKER FOR MAC > NETWORKING 14 Challenge #1: Deal with custom VPN software on the host that makes it difficult to bridge. OSX Host Linux Host Container RUN <...>com.docker.hyperkit-net Reconstruct traffic TCP flows Translate to OSX socket calls Ethernet bridge DHCPv4 NTP Benefit: All network traffic is generated from normal socket calls (e.g. gethostbyaddr) on the Mac, so interacts well with firewalls, VPNs, and any local security policies.
  • 15. DOCKER FOR MAC > NETWORKING 15 Challenge #2: Challenge: Services publishing ports should be exposed on localhost without needing VM info. Solution: VPNKit forwards container port requests to a OSX service which binds them natively on its external interface. OSX Host Linux Host Privileged Port Service Container EXPOSE Port Service VSock Binder RUN <...> VSock Listener Userland Proxy
  • 16. DOCKER FOR MAC > NETWORKING 16 Challenge #2: Challenge: Services publishing ports should be exposed on localhost without needing VM info. Benefits: docker run -P on the Mac now works without requiring any knowledge of the VM innards. External oAuth workflows operate with web apps. OSX Host Linux Host Privileged Port Service Container EXPOSE Port Service VSock Binder RUN <...> VSock Listener Userland Proxy
  • 17. DEMO DOCKER FOR MAC > NETWORKING 17
  • 18. OVERVIEW 18 Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
  • 19. DOCKER FOR MAC > STORAGE 19 Challenge #1: Share arbitrary OSX directory tree into Linux container without requiring extensive modification of either side. Solution: Use a FUSE forwarding layer and translate Linux filesystem calls to OSX equivalents. OSX Host Linux Host Container VOLUMEcom.docker.osxfs Track extra metadata Translate to OSX filesystem calls FUSE
  • 20. DOCKER FOR MAC > STORAGE 20 Challenge #1: Need filesystem activation so events on the Mac wake up container servers and vice-versa. Solution: osxfs uses FSEvents API and injects inotify activation events into container. OSX Host Linux Host Container VOLUMEcom.docker.osxfs FSEvents watches open files Events from Linux causes OSX apps to wake up FUSE
  • 21. DOCKER FOR MAC > STORAGE 21 DEMO
  • 22. DOCKER FOR MAC 22 MULTI-CPU ARCH $ docker run resin/armv7hf-debian uname -a Linux 7ed2fca7a3f0 4.1.12 #1 SMP Tue Jan 12 10:51:00 UTC 2016 armv7l GNU/Linux $ docker run justincormack/ppc64le-debian uname -a Linux edd13885f316 4.1.12 #1 SMP Tue Jan 12 10:51:00 UTC 2016 ppc64le GNU/Linux
  • 23. OVERVIEW 23 Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
  • 24. DOCKER CLOUD: SECURITY SCANNING 24
  • 25. DOCKER CLOUD: SECURITY SCANNING 25 Deep visibility into security profile Continuous monitoring and notifications Secure across the content lifecycle
  • 26. DOCKER CLOUD: SECURITY SCANNING 26 DEMO
  • 27. OVERVIEW 27 Current state of things (Docker Toolbox) Docker for Mac Virtualization Networking Storage Docker Cloud Docker Security Scanning Automation (CI/CD) Build,Test, Deploy
  • 28. Dev Deploy ManageBuild CI CD Code repo Image repo Monitoring Logging Scaling Deploy Manage DOCKER CLOUD: AUTOMATION