Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Weave User Group Talk - DockerCon 2017 Recap

2,369 views

Published on

Docker moves very fast, with an edge channel released every month and a stable release every 3 months. Patrick will talk about how Docker introduced Docker EE and a certification program for containers and plugins with Docker CE and EE 17.03 (from March), the announcements from DockerCon (April), and the many new features planned for Docker CE 17.05 in May.

This talk will be about what's new in Docker and what's next on the roadmap

Published in: Technology
  • Be the first to comment

Weave User Group Talk - DockerCon 2017 Recap

  1. 1. Patrick Chanezon, @chanezon Docker for Devs and Ops What’s new and What’s next May 2017
  2. 2. French Polyglot Platforms Software Plumber San Francisco Developer Relations @chanezon
  3. 3. Docker
  4. 4. The world needs tools of mass innovation
  5. 5. A programmable Internet would be the ultimate tool of mass innovation
  6. 6. A commercial product, built on a development platform, built on infrastructure, built on standards. Docker is building a stack to program the Internet
  7. 7. Docker is building a stack to program the Internet CE EE
  8. 8. Docker for Developers
  9. 9. The best tools…
  10. 10. 1. Get out of the way The best tools…
  11. 11. 1. Get out of the way 2. Adapt to you The best tools…
  12. 12. 1. Get out of the way 2. Adapt to you 3. Make the powerful simple The best tools…
  13. 13. enterprise edition Ubuntu Fedora Mac Azure CentOS Windows 10 AWS Debian community edition Ubuntu Windows Server Azure CentOS Suse Red Hat AWS Oracle Linux
  14. 14. Better tools for developers
  15. 15. Docker removes friction in the development cycle
  16. 16. How to remove developer friction in 3 easy steps
  17. 17. Step 1. Developer complains about detail
  18. 18. Step 2. Fix Detail
  19. 19. Step 3. Repeat FOREVER
  20. 20. In the developer experience, details add up...
  21. 21. Example #1 My container images are too big! “My container images are too big!”
  22. 22. Introducing multi-stage builds Example #1 “My container images are too big!”
  23. 23. Build smaller images with multi-stage builds First stage: complete build environment Second stage: minimal runtime environment One Dockerfile, one build
  24. 24. FROM big-buildbase … … FROM tiny-runbase … COPY --from=0 /artifact /run/app … One Dockerfile, one build Stage 0: large build environment Stage 1: minimal run environment Copy artifacts from one stage to the next Only copy what you need! Build smaller images with multi-stage builds
  25. 25. MAC AWS “I wish it was easier to take my app from desktop to cloud” Example #2
  26. 26. Introducing DESKTOP-TO- CLOUD “I wish it was easier to take my app from desktop to cloud” Example #2
  27. 27. Desktop integration 27
  28. 28. Built-in collaboration with Docker Cloud & Docker ID
  29. 29. docker.com/getdocker edge channel Available in an Edge release near you
  30. 30. enterprise edition Ubuntu Fedora Mac Azure CentOS Windows 10 AWS Debian community edition Ubuntu Windows Server Azure CentOS Suse Red Hat AWS Oracle Linux
  31. 31. Docker for Ops
  32. 32. Going to Production is Hard
  33. 33. Going to Production SECURELY is EXTREMELY Hard
  34. 34. Challenges to a secure production: Distributed Systems1
  35. 35. Challenges to a secure production: Distributed Systems1 Solutions: Distributed systems are just more systems. Use the same tools.
  36. 36. Solutions: Challenges to a secure production: Distributed Systems1 Secure orchestration
  37. 37. Orchestration Container Runtime OS Infrastructure Management Let’s talk about secure orchestration Application Services
  38. 38. Raft Store Node Identity Secrets Routing Mesh Encrypted Networking Application Services Core Orchestration Engine Secure Orchestration with SwarmKit
  39. 39. Secure Node Introduction SwarmKit SWMTKN-1-mx8suomaom825bet6-cm6zts22rl4hly2 Known Prefix Token Version Hash of Root CA Random Secret
  40. 40. Cryptographic Node Identity SwarmKit
  41. 41. MTLS Between All Nodes SwarmKit
  42. 42. Cluster Segmentation SwarmKit
  43. 43. Encrypted Networks SwarmKit
  44. 44. Secure Secret Distribution SwarmKit
  45. 45. Moby
  46. 46. Orchestration Container Runtime OS Infrastructure Management Container Platform Layers Application Services
  47. 47. Docker is a platform made of components Raft Store Node Identity Secrets Routing Mesh Overlay Networking Swarm Orchestration Engine Application Services
  48. 48. 12,000,000,000 11,000,000,000 10,000,000,000 9,000,000,000 8,000,000,000 7,000,000,000 6,000,000,000 5,000,000,000 4,000,000,000 3,000,000,000 2,000,000,000 1,000,000,000 Notary runC containerd HyperKit , VPNKit, DataKit SwarmKit libcontainer libnetwork InfraKit 2013 2014 2015 2016 2017 1M 2014 PULLS 1B 2015 PULLS 6B 2016 PULLS 12B 2017 PULLS linuxKit
  49. 49. LinuxKit A toolkit for building secure, portable and lean operating systems for containers
  50. 50. Taking Docker multi-platform “I want Docker for X”
  51. 51. Desktop Server Cloud I want Docker for…
  52. 52. Not every platform provides a Linux subsystem
  53. 53. Not every platform provides a Linux subsystem Orchestration Container Runtime Linux Subsystem Infrastructure Management Application Services
  54. 54. The container movement needs a secure, lean, portable subsystem
  55. 55. The container movement needs a secure, lean, portable Linux subsystem. introducing
  56. 56. Only works with containers - Smaller attack surface - Immutable infrastructure - Sandboxed system services - Specialized patches and configuration Incubator for security innovations - Wireguard, Landlock, KSPP - MirageOS type safe system daemons Community-first security process - Linux is too big for any one company to secure it - Participate in existing Linux security efforts 1. LinuxKit: a SECURE Linux subsystem
  57. 57. - Minimal size, minimal boot time - All system services are containers - Everything can be removed or replaced 2. LinuxKit: a LEAN Linux subsystem
  58. 58. - Desktop, server, IoT, mainframe - Intel & ARM - Bare metal & virtualized 3. LinuxKit: a PORTABLE Linux subsystem
  59. 59. Docker and Microsoft collaborate to bring Linux containers to Windows + +
  60. 60. https://github.com/linuxkit/linuxkit Get Started with LinuxKit
  61. 61. Moby An open framework to assemble specialized container systems without reinventing the wheel.
  62. 62. Pioneers 2013 - 2014
  63. 63. Production Model: open-source!
  64. 64. Use case: cloud native apps on Linux server Early Adopters 2015 - 2016
  65. 65. Production Model: OPEN COMPONENTS
  66. 66. Mainstream 2017 - 2018 Containers are spreading to every category of computing: server, datacenter, cloud, IoT, desktop, mobile…
  67. 67. Case study: Specializing Docker for the mainstream Desktop Server Cloud
  68. 68. The open component model shows its limits…
  69. 69. The auto industry has solved this problem: COMMON ASSEMBLIES.
  70. 70. Scaling the Docker production model: share components AND ASSEMBLIES.
  71. 71. It’s time to take our ecosystem to the next level… By collaborating on components AND COMMON ASSEMBLIES.
  72. 72. – Library of 80+ components – Package your own components as containers – Reference assemblies deployed on millions of nodes – Create your own assemblies or start from an existing one A framework to assemble specialized container systems without reinventing the wheel.
  73. 73. Docker uses Moby for its open-source – Thousands of contributors, hundreds of patches/week – Component development – Specialized assembly development – Integration tests – Architecture design – Integration with other projects – Experimentation and bleeding edge features
  74. 74. Docker uses Moby for its open-source... and so can you! – Community-run – Open governance inspired by the Fedora project – Plays well with existing projects - no donation necessary!
  75. 75. Moby and Docker
  76. 76. What it means for you Moby helps you innovate without tying you to Docker System BuildersDocker Users Docker will better leverage the ecosystem to innovate faster for you
  77. 77. Moby transforms multi-month R&D projects into weekend projects.
  78. 78. locked-down Linux with remote attestation Weekend project #1: Notary
  79. 79. custom CI/CD stack Weekend project #2: Notary Registry Docker Builder +
  80. 80. custom CI/CD stack + Debian + Terraform Weekend project #3: Notary Docker Builder + Registry
  81. 81. “RedisOS” Weekend project #4:
  82. 82. "RedisOS" for Windows "RedisOS" for Mac "RedisOS" for bare metal HyperKit bare metal
  83. 83. Etcd clustering on Google Cloud Weekend project #5:
  84. 84. SSHD Kubernetes on the Mac Weekend project #6: HyperKit
  85. 85. Getting Started - Blog https://mobyproject.org/blog - Twitter @moby - Github moby/moby
  86. 86. Let’s take containers mainstream!
  87. 87. InfraKit A toolkit for building declarative, self-healing infrastructure.
  88. 88. What is it? 90 • Launched at LinuxCon, Berlin in October, 2016. • Toolkit for building declarative, self-managing distributed applications • Active management with active controllers • scaling groups, rolling updates • monitoring / health checks • connecting nodes to L4 / ingress • Declarative infrastructure
  89. 89. Architecture CLI API
  90. 90. container orchestration Where does it fit? 92 kubectl run nginx --image=nginx gcloud container node-pools list --zone us- central1-f --cluster MyWorkers aws autoscaling update-auto-scaling-group --auto-scaling-group-name MyWorkers docker create service nginx … infrakit group describe workers az vmss create --resource-group vmss- test-1 --name MyWorkers container orchestration infrastructure orchestrationinfrastructure orchestration list, err := group.Controller.Describe(“workers”)
  91. 91. App Opscontainer orchestrationApp Ops One console across environments 93 kubectl run nginx --image=nginx docker create service nginx … infrakit group describe workers container orchestration infrastructure orchestration list, err := group.Controller.Describe(“workers”) AWS RackHDAZ GCP OneVIEWMAASKVM VMW Cloud Ops Hardware OpsCluster Ops
  92. 92. Configuration Example config file (zk.conf): Group configuration = Instance + Flavor { "Properties": { /* raw configuration */ } } { "groups" : { "my_zookeeper_nodes" : { "Properties" : { "Instance" : { "Plugin": "instance-vagrant", "Properties": { "Box": "bento/ubuntu-16.04" } }, "Flavor" : { "Plugin": "flavor-zookeeper", "Properties": { "type": "member", "IPs": ["192.168.1.200", "192.168.1.201", "192.168.1.202"] } } } } } }
  93. 93. Current Status
  94. 94. Support more platforms 96 • Compute: • Bare-metal: HP OneView, MAAS, RackHD • Public cloud: AWS, GCP • MacOS X (HyperKit); Docker containers • Coming soon: Azure, IBM, Digital Ocean, Packet, libvirt • Other resource types • AWS - vpc, subnets, gateways, etc.
  95. 95. Improve usability 97 • Templates • Complex scripts and configuration in any format; no more escape quotes in JSON • Fetch templates from remote repositories • Playbooks • CLI - flags, prompts — config driven and dynamic • Share “playbooks” from remote repositories
  96. 96. Improve core system 98 • High Availability — Swarm Mode or etcd • New Plugin types — Metadata and Events • Metadata: cluster-wide sysfs and reflection • Events - publish / subscribe • Remote client access: infrakit -H host:port to remote cluster
  97. 97. Road Map
  98. 98. Use Cases 100 • Support container orchestration • bootstrapping + day N management • API for cluster autoscaling • k8s, Docker Swarm Mode • Bare-metal + GPU provisioning • IoT — LinuxKit integration / custom kernel deployment
  99. 99. Improve usability 101 • Finalize API / Schema for 1.0 • Make it easy to consume • Simplify setup - fewer daemons and binaries • Embeddable / vendor API • Sensible CLI for stable / experimental features • Make it easy to extend / contribute • metadata / instance plugins • playbooks / reusable templates • community CI / compatibility testing • Documentation
  100. 100. Improve core system 102 • Provisioning of diverse resource types • networks / proxies / load balancers • GPU • Stability / performance of core controllers • Asynchronous messaging - mqtt, natsd, amqp • Monitoring + Health check SPI
  101. 101. Support more platforms 103 • Direct libvirt / KVM / CUDA • Better bare-metal / hardware ops integration • Kernel image build pipeline — LinuxKit Build, test, and deploy clusters from infrastructure definitions to kernel images
  102. 102. Get involved https://github.com/docker/infrakit dockercommunity.slack.com: #infrakit
  103. 103. Learn More - blog.docker.com - mobyproject.org
  104. 104. THANK YOU

×