During this Docker Online Meetup, Ben Firshman and Dongluo Chen discuss what's new in Docker 1.10. Read more about Docker 1.10 in this blog post: http://blog.docker.com/2016/02/docker-1-10/ It’s now much easier to define and run complex distributed apps with Docker Compose. The power that Compose brought to orchestrating containers is now available for setting up networks and volumes. On your development machine, you can set up your app with multiple network tiers and complex storage configurations, replicating how you might set it up in production. You can then take that same configuration from development, and use it to run your app on CI, on staging, and right through into production. Check out the blog post about the new Compose file to find out more: https://blog.docker.com/2016/02/compose-1-6/ Docker 1.10 is a huge leap forward for container security. All the big security features you’ve been asking for are now available to use: user namespacing for isolating system users, seccomp profiles for filtering syscalls, and an authorization plugin system for restricting access to Engine features. Check out the blog post for all the details: https://blog.docker.com/2016/02/docker-engine-1-10-security/ Another big security enhancement is that image IDs now represent the content that is inside an image, in a similar way to how Git commits represent the content inside commits. This means you can guarantee that the content you’re running is what you expect by just specifying that image’s ID. When upgrading to Engine 1.10, there is a migration process that could take a long time, so take a read of the documentation if you want to prevent downtime: https://docs.docker.com/engine/migration/

1. Docker 1.10
February 2016

2. New Compose file
2
version: 2
services:
web:
image: oscorp/myapp
networks:
- web-tier
- db-tier
links:
- db
db:
image: postgres
network: web-tier
volumes:
- db
networks:
web-tier:
…
db-tier:
…
volumes:
db:
…
● Describe your app in a single file for
deploying across multiple
environments
● Build in development, test in CI,
deploy to Swarm
● In version 2 of the format, you can
now describe and define
relationships between services,
networks, and volumes
● Networks and volumes can be
backed by drivers depending on what
environment you’re in

3. Security updates
3
● Seccomp profiles: Fine-grained policy controlling what syscalls containers can
make, with sensible defaults now applied to all containers
● User namespacing: Give containers their own set of UIDs and GIDs so users are
isolated.
● Content addressable image IDs: Image IDs represent the content that is inside an
image.
● Authorization plugins: A plugin mechanism for doing access control on Engine
actions.

4. Networking updates
4
● Links in user-defined networks: Links return in user-defined networks to allow
you to explicitly define dependencies and alias hostnames to a different name for a
single container (e.g. --link db:production-postgres ).
● Custom IP addresses: Specify what IP address a container should use when
joining a network.
● Alias containers within a network: Allow a container to be accessed by multiple
names within a network.
● DNS server for name resolution: Host files have been replaced with a DNS server
for improved reliability.

5. Engine
5
● Better event stream
● Resource constraints for disk I/O
● Update resource constraints without
having to restart containers
● Reload daemon configuration without
restarting daemon
● Improved push/pull performance and
reliability
● Log driver for Splunk for sending
container logs

6. Swarm
6
● Experimental rescheduling of
containers when node fails
● Run images from private repositories
● Better node management: see errors
from nodes that fail to join the cluster

7. Other Highlights
7
Docker Machine
● Improved reliability
● No need to specify “default” for
commands
● New provision command for
reprovisioning machines
Docker Compose
● Use pre-built images on Hub to
speed up dev environments
● Events command

8. THANK YOU
8