Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DockerCon EU 2015: Day 1 General Session

6,649 views

Published on

DockerCon EU 2015: Day 1 General Session

More information on the Docker announcements: http://blog.docker.com/2015/11/dockercon-eu-2015-day-1/

Published in: Technology

DockerCon EU 2015: Day 1 General Session

  1. 1. Welcome to DockerCon! Ben Golub CEO, Docker Inc. @golubbe
  2. 2. The power of tools “Give me a lever and a place to stand, and I will move the world!” - Archimedes
  3. 3. The power of tools “Our mission is to build tools of mass innovation.” - Solomon Hykes
  4. 4. The Power of Tools in the Hands of Makers
  5. 5. The Power of Tools in the Hands of Makers Cosmology@Home lets you volunteer your spare computer time (like when your screen saver is on) to help search for the model which best describes our Universe and to find the range of models that agree with available cosmological and particle physics data.
  6. 6. Theme 1: It’s all about the makers!
  7. 7. What do you make with Docker? I build Adidas MENA Ecommerce platform I Dockerize Genomics My VPN connection is in a container I Dockerized my team! I deploy under custom OS in mobile I Dockerize Norwegian banking
  8. 8. Thank you to those who make Docker
  9. 9. Namespaces (IBM) Cgroups (Google) LXC tools The Linux Kernel Git SELinux (Red Hat) Solaris Zones BSD Jails +++We know we’re standin g on your shoulders Thank you to the giants
  10. 10. Thank you to the amazing global meetup community 215 Groups 63 Countries
  11. 11. Thank you to the awesome Docker Inc team
  12. 12. Thank you to our amazing sponsors
  13. 13. Partners, Tools and Applications Dev Tools Official Repositories Operating Systems Big Data Service Discovery Build / Continuous Integration Configuration Management Consulting &Training Management Storage Clustering & Scheduling Networking Infrastructure & Service Providers Security Monitoring & Logging
  14. 14. State of the Project
  15. 15. …and the bazaarThe cathedral… Sagrada Familia Construction started: 1882 Est. completion date: 2026 La Boqueria Open Air Market Operating successfully since 1217 "Sagfampassion" by Wjh31 - Own work - http://lifeinmegapixels.com. Licensed under CC BY 3.0 via Commons - https://commons.wikimedia.org/wiki/File:Sagfampassion.jpg#/media/File:Sagfa mpassion.jpg "La Boqueria" by Dungodung - Own work. Licensed under Public Domain via Commons - https://commons.wikimedia.org/wiki/File:La_Boqueria.JPG#/media/File:La_Boqueria.JPG
  16. 16. DockerCon EU 2015: 2 Years 8 Months A Year has passed, and our baby whale has grown! Our little whale is growing up DockerCon EU 2014: 20 Months
  17. 17. Some growth statistics Dockerized applications Docker related projects on GitHub Docker Hub pulls per second Docker Hub pulls per day More contributors to Docker open source 240K 655.6M 157%60M Docker Hub pulls since Jan 2015 1.3B
  18. 18. Docker Jobs 0 10000 20000 30000 40000 50000 60000 70000 Jan-14 Jan-15 PercentageGrowth Docker Job Trends
  19. 19. Functionality What has changed in the project? DCEU 14 • Docker Engine • Docker Registry DCEU 15 • Engine • Registry • Swarm • Networking • Toolbox • Notary • Compose • Machine • More to come today! Applications DCEU 14 • Primarily Stateless DCEU 15 • Stateless • Stateful • More to come today! Platforms DCEU 14 • All major 64 bit Linux Oss DCEU 15 • All major 64 bit Linux OS • Windows Server (TP4) • 32 bit • More to come today! Commercial Solutions DCEU 14 • Support • Hosted Registry DCEU 15 • Support • Hosted Registry • CS Engines • DTR, Tutum • More to come tomorrow! Governance DCEU 14 • Advisory Board DCEU 15 • Advisory Board • Runtime and format donated to foundation (OCI), with 30+ members • More to come today! Users DCEU 14 • Primarily test/dev • some prod DCEU 15 • Docker used widely in Production
  20. 20. Open Container Initiative 22 Availble on Github OCI Roadmap Github stars 2,223 Member companies 35+ Github forks Docker, Google, RedHat, CoreOS, Huawei, independents Maintainers 253 Contributors 130
  21. 21. Functionality What has changed in the project? DCEU 14 • Docker Engine • Docker Registry DCEU 15 • Engine • Registry • Swarm • Networking • Toolbox • Notary • Compose • Machine • More to come today! Applications DCEU 14 • Primarily Stateless DCEU 15 • Stateless • Stateful • More to come today! Platforms DCEU 14 • All major 64 bit Linux Oss DCEU 15 • All major 64 bit Linux OS • Windows Server (TP4) • 32 bit • More to come today! Commercial Solutions DCEU 14 • Support • Hosted Registry DCEU 15 • Support • Hosted Registry • CS Engines • DTR, Tutum • More to come tomorrow! Governance DCEU 14 • Advisory Board DCEU 15 • Advisory Board • Runtime and format donated to foundation (OCI), with 30+ members • More to come today! Users DCEU 14 • Primarily test/dev • some prod DCEU 15 • Docker used widely in Production
  22. 22. Theme 2: Docker in Production
  23. 23. Real World Usage of Docker Real Docker adoption is up 5x in one year Docker users using Swarm & Compose Users triple the # containers they use within 5 months Docker users already running in production 5x 85% 3x 40% Sources: O’Reilly, Coatue, Datadog
  24. 24. Thank You To All Of Our Users! Add 3DS
  25. 25. Docker in Production Real Community, Robust Ecosystem Secure & Extensible Portable Great for devs and ops Real users Solutions and Roadmap End to end Security Orchestration Networking Workflows for build, shipping, deploying/managing
  26. 26. Theme 3: End to End Matters
  27. 27. Apps Have Fundamentally Changed 29 Loosely Coupled Services Many Small Servers ~2000 Today Monolithic Big Servers Slow changing Rapidly updated
  28. 28. Lessons learned: 1 2 3 Developers do not adopt locked down platforms End to end matters: - Devs care about deployment - Ops cares about provenance Build management, orchestration, & more in a way that enables portability 30
  29. 29. Docker End to End Solutions BUILD SHIP RUN Registry Service Cloud or Private Infrastructure Plugins: Network, Volume, Clustering Management UIDocker Toolbox 31
  30. 30. Thank you! Ben Golub @golubbe
  31. 31. Dockercon day 1 General session Solomon Hykes Founder & CTO, Docker
  32. 32. Photo Caption (Drag&drop a new photo onto photo to change) 3 Our mission is to build tools of mass innovation
  33. 33. Photo Caption (Drag&drop a new photo onto photo to change) Billions of creative people Incredible technology 4
  34. 34. Photo Caption (Drag&drop a new photo onto photo to change) Mass innovation 5
  35. 35. Photo Caption (Drag&drop a new photo onto photo to change) 6 What is the biggest innovation multiplier today?
  36. 36. Photo Caption (Drag&drop a new photo onto photo to change) 7 PROGRAMMING What is the biggest innovation multiplier today?
  37. 37. The Internet is pretty cool…
  38. 38. The Internet is pretty cool… and getting lots of upgrades! Servers, phones, TVs, cars, sensors, drones, homes, watches, maps, payment systems, scientific equipment, virtual worlds, data banks, crypto- currencies...
  39. 39. Could we make the Internet... PROGRAMMABLE?
  40. 40. App App App App App App App App App App App Eager developer The Internet Software walled gardens
  41. 41. Photo Caption (Drag&drop a new photo onto photo to change) App App App App App App App App App App App We’re building a software layer to make the Internet programmable
  42. 42. Photo Caption (Drag&drop a new photo onto photo to change) The Docker Stack
  43. 43. Photo Caption (Drag&drop a new photo onto photo to change) Standards
  44. 44. Photo Caption (Drag&drop a new photo onto photo to change) Infrastructure
  45. 45. Photo Caption (Drag&drop a new photo onto photo to change) Dev tools
  46. 46. Photo Caption (Drag&drop a new photo onto photo to change) Solutions
  47. 47. Photo Caption (Drag&drop a new photo onto photo to change) Solutions Dev tools Infrastructure Standards The Docker Stack
  48. 48. Let’s talk about QUALITY
  49. 49. Shipping a feature is just 1% of the work. It should work every time, for every user.
  50. 50. - Security and Reliability matter.
 
 - If it’s not usable, it’s worthless.
 - Things fail. Handle it gracefully. Quality means…
  51. 51. Quality is a journey, not a destination. Either you are focused on quality, or you’re not.
  52. 52. We will always put quality first.
  53. 53. Quality tools for developers What have we been up to?
  54. 54. Usability
  55. 55. Docker Compose supports all new Swarm/engine features - Magical service discovery - Use a micro-service architecture without rewriting your code - Build persistent services with volume management - All integrated into a seamless developer experience
  56. 56. Many small usability improvements. Details matter! - Fixing Virtualbox integration issues, one by one. - UI glitches, low priority bugs - Unusual configurations and usage patterns - Better error messages 
 No silver bullet, just lots of unglamorous hard work.
  57. 57. Docker Developer Toolbox now has full Mac/Windows feature parity. Installer, Quickstart terminal, Compose, Machine, Kitematic
  58. 58. Security
  59. 59. Usable security
  60. 60. “How to make developers care about security?” Wrong question.
  61. 61. Unusable security is not security.
  62. 62. “How to give developers usable security?”
  63. 63. Docker Content Trust Secure and usable content distribution for developers.
  64. 64. Built on industry-leading research TUF and Notary enable Survivable Key Compromise, Proof of Origin, Protection against untrusted transports.
  65. 65. Can we make developers even more secure?
  66. 66. Hardware crypto support for Docker Content Trust and Proudly introduce
  67. 67. Docker Content Trust + hardware crypto = Survive almost any key compromise.
  68. 68. What did we just see?
  69. 69. What did we just see?
  70. 70. What did we just see?
  71. 71. With the right tools, every developer can become an ultra-secure software publisher.
  72. 72. Let’s prove it!
  73. 73. 3 easy steps
  74. 74. Quality tools for ops What have we been up to?
  75. 75. Security, Reliability, Scale.
  76. 76. Let’s talk about SECURITY (again)
  77. 77. Isolation of Linux containers: it’s complicated - pid namespace - mnt namespace - net namespace - uts namespace - ipc namespace - user namespace (new) - pivot_root - uid/gid drop - cap drop - all cgroups - selinux - apparmor - seccomp
  78. 78. Isolation supported by Docker Engine 0.1 in March 2013 - pid namespace - mnt namespace - net namespace - uts namespace - ipc namespace user namespace (new) - pivot_root - uid/gid drop cap drop all cgroups selinux apparmor seccomp
  79. 79. Isolation supported in Swarm/Engine 1.9 - pid namespace - mnt namespace - net namespace - uts namespace - ipc namespace user namespace (new) - pivot_root - uid/gid drop - cap drop - all cgroups - selinux - apparmor seccomp
  80. 80. Isolation supported in Swarm/Engine experimental - pid namespace - mnt namespace - net namespace - uts namespace - ipc namespace user namespace (new) - pivot_root - uid/gid drop - cap drop - all cgroups - selinux - apparmor seccomp
  81. 81. http://docker.com/experimental Help us test the bleeding edge!
  82. 82. “Am I running vulnerable containers?”
  83. 83. Introducing Project Nautilus Built-in container security analysis in Docker Hub
  84. 84. Quietly went live on official repos two months ago, helped secure 74 millions pulls. self-service coming soon.
  85. 85. Nautilus uses Deep Content Analysis
  86. 86. Nautilus matches all container content against its own vulnerability database. It is not limited to the vulnerability database of Linux distributions.
  87. 87. Benefit 1: Detect vulnerabilities regardless of Linux distribution.
  88. 88. Benefit 2: We have caught several vulnerabilities in Linux distributions and collaborated to fix them.
  89. 89. Benefit 3: Face it: developers have their favorite package manager. Probably not the one shipped with the distro. But it’s OK! Nautilus will catch vulnerabilities anyway.
  90. 90. “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety” - Benjamin Franklin.
  91. 91. You don’t need to lock yourself into a Linux distribution to secure your containers.
  92. 92. SWARM 1.0 Ready for production
  93. 93. Swarm 1.0: ready for production - Connect any containers across your entire cluster - Create secure overlay networks out of the box - Swap in your favorite backend implementation - DNS service discovery supports unmodified applications Built-in multi-host networking
  94. 94. Swarm 1.0: ready for production - New volume management commands and API - Attach any volume to any container, dynamically - Swap in your favorite backend implementation Built-in persistent storage
  95. 95. Swarm 1.0: ready for production “But does it scale?”
  96. 96. - We scaled Swarm to 50k containers and 1k nodes - Had to stop because of EC2 limit - Swarm keeps scheduling without breaking a sweat - Expect bigger numbers soon - Yes, software can be both scalable and usable What did we just see?
  97. 97. In summary...
  98. 98. Quality tools for developers - Many usability improvements - Full Mac/Windows feature parity - Trusted content distribution for developers - Support for hardware crypto Quality tools for ops - More isolation features in Swarm/engine - Swarm 1.0 is ready for production - Swarm can run persistent services - Swarm works a very large scale
  99. 99. Happy Hacking!
  100. 100. Thank you! Solomon Hykes @solomonstre s@docker.com

×