Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DockerCon EU 2015 - The Latest on Docker Engine

1,141 views

Published on

Core maintainers Jessie Frazelle & Arnaud Porterie talk about newest additions and future plans for the Docker Engine at DockerCon Europe 2015.

Published in: Technology
  • Be the first to comment

DockerCon EU 2015 - The Latest on Docker Engine

  1. 1. The latest in Docker Engine Jessie Frazelle Software Engineer, Docker Arnaud Porterie Senior Engineering Manager, Docker
  2. 2. The past What happened since last DockerCon?
  3. 3. Engine recent history 3 Activity since last DockerCon 2,162 pull requests
 
 
 … from 438 contributors
 … we closed 420 😕 (sorry!)
 … we merged 1,615 😇 (80%)
  4. 4. (+) 311,780 lines of code added
 (-) 163,350 lines of code removed Engine recent history 4 Activity since last DockerCon
  5. 5. Engine recent history 5 Releases since last DockerCon 2015-06-16 - Docker Engine 1.7
 ZFS support
 Experimental plugins
 Experimental multihost networking
 2015-06-22 - Open Container Initiative
 Runtime (libcontainer) donated to the Linux Foundation
 2015-08-11 - Docker Engine 1.8
 Docker Content Trust
 Docker daemon subcommand
 Many, many, many bugfixes
  6. 6. The present Docker Engine 1.9.0
  7. 7. Docker Engine 1.9.0 7 Builder improvements Build time arguments
 New ARG Dockerfile instruction
 Builtin support for HTTP_PROXY at build
 Custom stop signal
 New STOPSIGNAL Dockerfile instruction
 Configure which signal should terminate the entrypoint
  8. 8. Docker Engine 1.9.0 8 Networking Multihost networking is out of experimental
 Out of the box overlay networking
 New docker network command
 Manage networks as a top-level object
 Extensibility through plugins
 Already 6 implementations done or under development
  9. 9. Docker Engine 1.9.0 9 Volume management New docker volume command
 Manage volumes as a top-level object
 Extensibility through plugins
 Already several implementations (e.g., Flocker)
 See github.com/calavera/dkvolume for Go bootstrapping
  10. 10. Docker Engine 1.9.0 10 Experimental: user namespaces GID/UID remap
 Root in the container != root on the host
 Key feature for multi-tenancy
 Doesn’t come without drawbacks!
 Storage dir is scoped by gid/uid
 No more --net=container or --net=host
  11. 11. The future What’s next for Docker Engine?
  12. 12. What’s next? 12 Distribution rework Motivations
 Ease maintenance
 Fix long running structural issues
 New manifest format
 Enable multi-architecture images (“fat manifests”)
 Few user visible changes
 Layers != image
 Images identified by sha256sum(manifest)
  13. 13. What’s next? 13 More platforms Official ARM support
 Currently being worked on (thanks Hypriot!)
 Windows Server 2016
 Tech preview 3 was released in August 2015
 IBM Power Systems, IBM z Systems, Solaris, … 

  14. 14. What’s next? 14 Security Default Docker Content Trust
 Released in 1.8.0, currently opt-in
 Seccomp
 Syscall filtering
 Stable user namespaces
 Help us by testing in experimental
 API authorization / authentication
 Current working on a proposal from Twistlock
  15. 15. What’s next? 15 Split, split, split! Ongoing effort to decouple pieces of the Engine
 Motivations
 Ease maintenance
 Get more dedication to subsystems (e.g., builder)
 Options! (e.g., remove/wrap pieces, drop privileges, …) Split runtime
 RunC, standalone containers supervision
 Split builder
 Allow to build client-side
  16. 16. What’s next? 16 Converge, converge, converge! Studying convergence of Swarm and Engine
 Motivations
 Lot of technical overlap
 Engine as a degenerated single-node cluster
 First hints in 1.9.0
 Engine node discovery (--cluster-advertise)
  17. 17. Demo Containers are not lightweight VMs
  18. 18. Demo 18 Linux namespaces N etw ork M ount PID IPC U ser U TS
  19. 19. Demo 19 Linux namespaces M ount PID IPC U ser U TS M ount PIDIPC U ser U TS App Wireshark Host N et N et ���������������
  20. 20. Demo 20 Linux namespaces M ount PID IPC U ser U TS Wireshark N et M ount PID IPC U ser U TS N et App M ount PID IPC U ser U TS VNC N et ��������������� �������������
  21. 21. Thank you! @frazelledazzell
 princess@docker.com Arnaud Porterie @icecrime
 arnaud@docker.com Jessie Frazelle

×