Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Solomon Hykes
Founder, Docker
@solomonstre
The world needs
tools of mass
innovation
The
best
tools…
1.Get out of the way
The best
tools…
1.Get out of the way
2.Adapt to you
The best
tools…
1.Get out of the way
2.Adapt to you
3.Make the
powerful simple
The best
tools…
enterprise edition
Ubuntu
Fedora
Mac
Azure
CentOS
Windows 10
AWS
Debian
community edition
Ubuntu
Windows Server
Azure
Cent...
Better
tools for
developers
Docker
removes
friction
in the
development
cycle
How to remove
developer
friction in 3
easy steps
Step 1.
Developer
complains
about detail
Step 2.
Fix Detail
Step 3.
Repeat
FOREVER
In the developer experience,
details add up...
Example #1
My container images are too big!
“My container images are too big!”
Introducing
multi-stage
builds
Example #1
“My container images are too big!”
Build smaller images with
multi-stage builds
First stage:
complete build
environment
Second stage:
minimal runtime
environ...
FROM big-buildbase
…
…
FROM tiny-runbase
…
COPY --from=0
/artifact /run/app
…
One Dockerfile,
one build
Stage 0: large bui...
MAC AWS
“I wish it was easier to
take my app from
desktop to cloud”
Example #2
Introducing
DESKTOP-TO-
CLOUD
“I wish it was easier to
take my app from
desktop to cloud”
Example #2
Desktop
integration
21
Built-in collaboration with
Docker Cloud & Docker ID
Ryan Abrams
Software Engineer, Docker
Software Engineer, Docker
Kristie Howard
docker.com/getdocker
edge channel
Available in an
Edge release
near you
Docker for
operators
Going to Production is Hard
Going to Production SECURELY is
EXTREMELY Hard
Challenges to a
secure production:
Distributed Systems1
Challenges to a
secure production:
Distributed Systems1
Solutions:
Distributed systems are
just more systems.
Use the same...
Solutions:
Challenges to a
secure production:
Distributed Systems1 Secure orchestration
Orchestration
Container Runtime
OS
Infrastructure Management
Let’s talk about secure orchestration
Application Services
Raft Store
Node
Identity
Secrets
Routing
Mesh
Encrypted Networking
Application Services
Core Orchestration Engine
Secure O...
Technical Lead Security, Docker
Diogo Monica
Secure
Node
Introduction
SwarmKit
SWMTKN-1-mx8suomaom825bet6-cm6zts22rl4hly2
Known
Prefix
Token
Version
Hash
of Root CA
Ra...
Cryptographic
Node Identity
SwarmKit
MTLS
Between All
Nodes
SwarmKit
Cluster
Segmentation
SwarmKit
Encrypted
Networks
SwarmKit
Secure
Secret
Distribution
SwarmKit
Challenges to a
secure production:
Distributed Systems1
Solutions:
Diverse
Infrastructure
& OS
2
Challenges to a
secure production:
Distributed Systems1
Solutions:
Diverse
Infrastructure
& OS
2
Restrict choice of
infras...
Secure
AND PORTABLE
orchestration
Challenges to a
secure production:
Distributed Systems1
Solutions:
Diverse
Infrastructur...
Challenges to a
secure production:
Distributed Systems1
Solutions:
Diverse Infrastructure
& OS
2
Developer Choice3
Challenges to a
secure production:
Distributed Systems1
Solutions:
Diverse Infrastructure
& OS
2
Developer Choice3
Give de...
Secure,
portable
AND USABLE
orchestration
Challenges to a
secure production:
Distributed Systems1
Solutions:
Diverse Infra...
Docker delivers
SECURE, PORTABLE
and USABLE
orchestration,
powered by SwarmKit.
Nathan LeClaire
Technical Lead Security, Docker
Open Source Engineer, Docker
Diogo Monica
A platform is
only as secure
as its weakest
component
Taking Docker
multi-platform
“I want Docker for X”
Desktop Server Cloud
I want Docker for…
Not every
platform
provides a
Linux
subsystem
Not every platform provides a Linux subsystem
Orchestration
Container Runtime
Linux Subsystem
Infrastructure Management
Ap...
The container
movement needs
a secure, lean,
portable
subsystem
The container movement needs
a secure, lean, portable Linux subsystem.
The container movement needs
a secure, lean, portable Linux subsystem.
introducing
Introducing LinuxKit
A secure, lean, portable Linux subsystem for the container movement
OrchestrationOrchestration
Contai...
Only works with
containers
- Smaller attack surface
- Immutable
infrastructure
- Sandboxed system
services
- Specialized p...
- Minimal size, minimal boot time
- All system services are containers
- Everything can be removed or
replaced
2. LinuxKit...
- Desktop, server, IoT, mainframe
- Intel & ARM
- Bare metal & virtualized
3. LinuxKit: a PORTABLE Linux subsystem
John Gossman
Architect at Microsoft
Docker and Microsoft collaborate to bring
Linux containers to Windows
+ +
Introducing LinuxKit
A secure, lean, portable Linux subsystem for the container movement
Orchestration
Container Runtime
I...
https://github.com/linuxkit/linuxkit
Let’s open source LinuxKit
If the container
ecosystem
succeeds
Docker succeeds
What’s next
for the
container
ecosystem?
Pioneers 2013 - 2014
Ecosystem
10s projects
100s contributors
1000s deployments
0-100M Hub pulls
Production Model: open-source!
Use case: cloud native apps on Linux server
Early Adopters 2015 - 2016
Ecosystem
100s of projects
1,000s of contributors
10,000s of deployments
100M-6B Hub pulls
Production Model: OPEN COMPONENTS
Docker is a platform made of components
Raft Store
Node
Identity
Secrets
Routing
Mesh
Overlay
Networking
Swarm Orchestrati...
12,000,000,000
11,000,000,000
10,000,000,000
9,000,000,000
8,000,000,000
7,000,000,000
6,000,000,000
5,000,000,000
4,000,0...
Mainstream 2017 - 2018
Containers are spreading to every category of computing:
server, datacenter, cloud, IoT, desktop, m...
1,000s of projects
10,000s of contributors
Millions of deployments
Highly specialized participants
The Container Ecosystem...
Case study:
Specializing Docker for the mainstream
Desktop Server Cloud
The open component model shows its limits…
The auto industry has solved this problem:
COMMON ASSEMBLIES.
Scaling the Docker production model: share components
AND ASSEMBLIES.
It’s time to take our ecosystem to the next level…
By collaborating on components AND COMMON ASSEMBLIES.
– Library of 80+ components
– Package your own
components as containers
– Reference assemblies
deployed on millions of
nod...
Docker uses Moby for its
open-source
– Thousands of contributors,
hundreds of patches/week
– Component development
– Speci...
Docker uses Moby for its
open-source...
and so can you!
– Community-run
– Open governance inspired
by the Fedora project
–...
What it means for you
Moby helps you
innovate without tying
you to Docker
System BuildersDocker Users
Docker will better
l...
Moby transforms multi-month R&D
projects into weekend projects.
locked-down
Linux with
remote
attestation
Weekend
project #1:
Notary
custom CI/CD
stack
Weekend
project #2:
Notary Registry Docker Builder
+
custom CI/CD
stack
+ Debian
+ Terraform
Weekend
project #3:
Notary Docker Builder
+
Registry
Rolf Neugebauer
Software Engineer, Docker
“RedisOS”
Weekend
project #4:
"RedisOS"
for Windows
"RedisOS"
for Mac
"RedisOS"
for bare metal
HyperKit
bare metal
Etcd clustering
on Google
Cloud
Weekend
project #5:
Weekend
project #6
Weekend
project #6
Weekend
project #6
HyperKit
Weekend
project #6
HyperKit
Weekend
project #6
HyperKit
Weekend
project #6
SSHD
HyperKit
Weekend
project #6
SSHD
HyperKit
SSHD
Kubernetes on
the Mac
Weekend
project #6:
HyperKit
Let’s take containers mainstream!
Thank
You!
@docker #dockercon
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
Upcoming SlideShare
Loading in …5
×

DockerCon 2017 - General Session Day 1 - Solomon Hykes

4,531 views

Published on

DockerCon 2017 - General Session Day 1 by Solomon Hykes

Published in: Technology
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

DockerCon 2017 - General Session Day 1 - Solomon Hykes

  1. 1. Solomon Hykes Founder, Docker @solomonstre
  2. 2. The world needs tools of mass innovation
  3. 3. The best tools…
  4. 4. 1.Get out of the way The best tools…
  5. 5. 1.Get out of the way 2.Adapt to you The best tools…
  6. 6. 1.Get out of the way 2.Adapt to you 3.Make the powerful simple The best tools…
  7. 7. enterprise edition Ubuntu Fedora Mac Azure CentOS Windows 10 AWS Debian community edition Ubuntu Windows Server Azure CentOS Suse Red Hat AWS Oracle Linux
  8. 8. Better tools for developers
  9. 9. Docker removes friction in the development cycle
  10. 10. How to remove developer friction in 3 easy steps
  11. 11. Step 1. Developer complains about detail
  12. 12. Step 2. Fix Detail
  13. 13. Step 3. Repeat FOREVER
  14. 14. In the developer experience, details add up...
  15. 15. Example #1 My container images are too big! “My container images are too big!”
  16. 16. Introducing multi-stage builds Example #1 “My container images are too big!”
  17. 17. Build smaller images with multi-stage builds First stage: complete build environment Second stage: minimal runtime environment One Dockerfile, one build
  18. 18. FROM big-buildbase … … FROM tiny-runbase … COPY --from=0 /artifact /run/app … One Dockerfile, one build Stage 0: large build environment Stage 1: minimal run environment Copy artifacts from one stage to the next Only copy what you need! Build smaller images with multi-stage builds
  19. 19. MAC AWS “I wish it was easier to take my app from desktop to cloud” Example #2
  20. 20. Introducing DESKTOP-TO- CLOUD “I wish it was easier to take my app from desktop to cloud” Example #2
  21. 21. Desktop integration 21
  22. 22. Built-in collaboration with Docker Cloud & Docker ID
  23. 23. Ryan Abrams Software Engineer, Docker Software Engineer, Docker Kristie Howard
  24. 24. docker.com/getdocker edge channel Available in an Edge release near you
  25. 25. Docker for operators
  26. 26. Going to Production is Hard
  27. 27. Going to Production SECURELY is EXTREMELY Hard
  28. 28. Challenges to a secure production: Distributed Systems1
  29. 29. Challenges to a secure production: Distributed Systems1 Solutions: Distributed systems are just more systems. Use the same tools.
  30. 30. Solutions: Challenges to a secure production: Distributed Systems1 Secure orchestration
  31. 31. Orchestration Container Runtime OS Infrastructure Management Let’s talk about secure orchestration Application Services
  32. 32. Raft Store Node Identity Secrets Routing Mesh Encrypted Networking Application Services Core Orchestration Engine Secure Orchestration with SwarmKit
  33. 33. Technical Lead Security, Docker Diogo Monica
  34. 34. Secure Node Introduction SwarmKit SWMTKN-1-mx8suomaom825bet6-cm6zts22rl4hly2 Known Prefix Token Version Hash of Root CA Random Secret
  35. 35. Cryptographic Node Identity SwarmKit
  36. 36. MTLS Between All Nodes SwarmKit
  37. 37. Cluster Segmentation SwarmKit
  38. 38. Encrypted Networks SwarmKit
  39. 39. Secure Secret Distribution SwarmKit
  40. 40. Challenges to a secure production: Distributed Systems1 Solutions: Diverse Infrastructure & OS 2
  41. 41. Challenges to a secure production: Distributed Systems1 Solutions: Diverse Infrastructure & OS 2 Restrict choice of infrastructure & OS.
  42. 42. Secure AND PORTABLE orchestration Challenges to a secure production: Distributed Systems1 Solutions: Diverse Infrastructure & OS 2
  43. 43. Challenges to a secure production: Distributed Systems1 Solutions: Diverse Infrastructure & OS 2 Developer Choice3
  44. 44. Challenges to a secure production: Distributed Systems1 Solutions: Diverse Infrastructure & OS 2 Developer Choice3 Give developers LESS choice.
  45. 45. Secure, portable AND USABLE orchestration Challenges to a secure production: Distributed Systems1 Solutions: Diverse Infrastructure & OS 2 Developer Choice3
  46. 46. Docker delivers SECURE, PORTABLE and USABLE orchestration, powered by SwarmKit.
  47. 47. Nathan LeClaire Technical Lead Security, Docker Open Source Engineer, Docker Diogo Monica
  48. 48. A platform is only as secure as its weakest component
  49. 49. Taking Docker multi-platform “I want Docker for X”
  50. 50. Desktop Server Cloud I want Docker for…
  51. 51. Not every platform provides a Linux subsystem
  52. 52. Not every platform provides a Linux subsystem Orchestration Container Runtime Linux Subsystem Infrastructure Management Application Services
  53. 53. The container movement needs a secure, lean, portable subsystem
  54. 54. The container movement needs a secure, lean, portable Linux subsystem.
  55. 55. The container movement needs a secure, lean, portable Linux subsystem. introducing
  56. 56. Introducing LinuxKit A secure, lean, portable Linux subsystem for the container movement OrchestrationOrchestration Container Runtime Linux Subsystem Infrastructure Management Application Services
  57. 57. Only works with containers - Smaller attack surface - Immutable infrastructure - Sandboxed system services - Specialized patches and configuration Incubator for security innovations - Wireguard, Landlock, KSPP - MirageOS type safe system daemons Community-first security process - Linux is too big for any one company to secure it - Participate in existing Linux security efforts 1. LinuxKit: a SECURE Linux subsystem
  58. 58. - Minimal size, minimal boot time - All system services are containers - Everything can be removed or replaced 2. LinuxKit: a LEAN Linux subsystem
  59. 59. - Desktop, server, IoT, mainframe - Intel & ARM - Bare metal & virtualized 3. LinuxKit: a PORTABLE Linux subsystem
  60. 60. John Gossman Architect at Microsoft
  61. 61. Docker and Microsoft collaborate to bring Linux containers to Windows + +
  62. 62. Introducing LinuxKit A secure, lean, portable Linux subsystem for the container movement Orchestration Container Runtime Infrastructure Management Application Services
  63. 63. https://github.com/linuxkit/linuxkit Let’s open source LinuxKit
  64. 64. If the container ecosystem succeeds Docker succeeds
  65. 65. What’s next for the container ecosystem?
  66. 66. Pioneers 2013 - 2014
  67. 67. Ecosystem 10s projects 100s contributors 1000s deployments 0-100M Hub pulls
  68. 68. Production Model: open-source!
  69. 69. Use case: cloud native apps on Linux server Early Adopters 2015 - 2016
  70. 70. Ecosystem 100s of projects 1,000s of contributors 10,000s of deployments 100M-6B Hub pulls
  71. 71. Production Model: OPEN COMPONENTS
  72. 72. Docker is a platform made of components Raft Store Node Identity Secrets Routing Mesh Overlay Networking Swarm Orchestration Engine Application Services
  73. 73. 12,000,000,000 11,000,000,000 10,000,000,000 9,000,000,000 8,000,000,000 7,000,000,000 6,000,000,000 5,000,000,000 4,000,000,000 3,000,000,000 2,000,000,000 1,000,000,000 Notary runC containerd HyperKit , VPNKit, DataKit SwarmKit libcontainer libnetwork InfraKit 2013 2014 2015 2016 2017 1M 2014 PULLS 1B 2015 PULLS 6B 2016 PULLS 12B 2017 PULLS linuxKit
  74. 74. Mainstream 2017 - 2018 Containers are spreading to every category of computing: server, datacenter, cloud, IoT, desktop, mobile…
  75. 75. 1,000s of projects 10,000s of contributors Millions of deployments Highly specialized participants The Container Ecosystem goes Mainstream How do we scale?
  76. 76. Case study: Specializing Docker for the mainstream Desktop Server Cloud
  77. 77. The open component model shows its limits…
  78. 78. The auto industry has solved this problem: COMMON ASSEMBLIES.
  79. 79. Scaling the Docker production model: share components AND ASSEMBLIES.
  80. 80. It’s time to take our ecosystem to the next level… By collaborating on components AND COMMON ASSEMBLIES.
  81. 81. – Library of 80+ components – Package your own components as containers – Reference assemblies deployed on millions of nodes – Create your own assemblies or start from an existing one A framework to assemble specialized container systems without reinventing the wheel.
  82. 82. Docker uses Moby for its open-source – Thousands of contributors, hundreds of patches/week – Component development – Specialized assembly development – Integration tests – Architecture design – Integration with other projects – Experimentation and bleeding edge features
  83. 83. Docker uses Moby for its open-source... and so can you! – Community-run – Open governance inspired by the Fedora project – Plays well with existing projects - no donation necessary!
  84. 84. What it means for you Moby helps you innovate without tying you to Docker System BuildersDocker Users Docker will better leverage the ecosystem to innovate faster for you
  85. 85. Moby transforms multi-month R&D projects into weekend projects.
  86. 86. locked-down Linux with remote attestation Weekend project #1: Notary
  87. 87. custom CI/CD stack Weekend project #2: Notary Registry Docker Builder +
  88. 88. custom CI/CD stack + Debian + Terraform Weekend project #3: Notary Docker Builder + Registry
  89. 89. Rolf Neugebauer Software Engineer, Docker
  90. 90. “RedisOS” Weekend project #4:
  91. 91. "RedisOS" for Windows "RedisOS" for Mac "RedisOS" for bare metal HyperKit bare metal
  92. 92. Etcd clustering on Google Cloud Weekend project #5:
  93. 93. Weekend project #6
  94. 94. Weekend project #6
  95. 95. Weekend project #6 HyperKit
  96. 96. Weekend project #6 HyperKit
  97. 97. Weekend project #6 HyperKit
  98. 98. Weekend project #6 SSHD HyperKit
  99. 99. Weekend project #6 SSHD HyperKit
  100. 100. SSHD Kubernetes on the Mac Weekend project #6: HyperKit
  101. 101. Let’s take containers mainstream!
  102. 102. Thank You! @docker #dockercon

×