17. Build smaller images with
multi-stage builds
First stage:
complete build
environment
Second stage:
minimal runtime
environment
One Dockerfile, one build
18. FROM big-buildbase
…
…
FROM tiny-runbase
…
COPY --from=0
/artifact /run/app
…
One Dockerfile,
one build
Stage 0: large build
environment
Stage 1: minimal run
environment
Copy artifacts from one
stage to the next
Only copy what you need!
Build smaller images with
multi-stage builds
19. MAC AWS
“I wish it was easier to
take my app from
desktop to cloud”
Example #2
62. Introducing LinuxKit
A secure, lean, portable Linux subsystem for the container movement
OrchestrationOrchestration
Container Runtime
Linux Subsystem
Infrastructure Management
Application Services
63. Only works with
containers
- Smaller attack surface
- Immutable
infrastructure
- Sandboxed system
services
- Specialized patches
and configuration
Incubator for
security innovations
- Wireguard,
Landlock, KSPP
- MirageOS type safe
system daemons
Community-first
security process
- Linux is too big for
any one company
to secure it
- Participate in
existing Linux
security efforts
1. LinuxKit: a SECURE Linux subsystem
64. - Minimal size, minimal boot time
- All system services are containers
- Everything can be removed or
replaced
2. LinuxKit: a LEAN Linux subsystem
65. - Desktop, server, IoT, mainframe
- Intel & ARM
- Bare metal & virtualized
3. LinuxKit: a PORTABLE Linux subsystem
69. Introducing LinuxKit
A secure, lean, portable Linux subsystem for the container movement
Orchestration
Container Runtime
Infrastructure Management
Application Services
80. Docker is a platform made of components
Raft Store
Node
Identity
Secrets
Routing
Mesh
Overlay
Networking
Swarm Orchestration
Engine
Application Services
82. Mainstream 2017 - 2018
Containers are spreading to every category of computing:
server, datacenter, cloud, IoT, desktop, mobile…
83. 1,000s of projects
10,000s of contributors
Millions of deployments
Highly specialized participants
The Container Ecosystem goes Mainstream
How do we scale?
88. It’s time to take our ecosystem to the next level…
By collaborating on components AND COMMON ASSEMBLIES.
89.
90.
91. – Library of 80+ components
– Package your own
components as containers
– Reference assemblies
deployed on millions of
nodes
– Create your own assemblies
or start from an existing one
A framework to assemble
specialized container
systems without
reinventing the wheel.
92. Docker uses Moby for its
open-source
– Thousands of contributors,
hundreds of patches/week
– Component development
– Specialized assembly
development
– Integration tests
– Architecture design
– Integration with other projects
– Experimentation and bleeding
edge features
93. Docker uses Moby for its
open-source...
and so can you!
– Community-run
– Open governance inspired
by the Fedora project
– Plays well with existing
projects - no donation
necessary!
94. What it means for you
Moby helps you
innovate without tying
you to Docker
System BuildersDocker Users
Docker will better
leverage the ecosystem
to innovate faster for you