Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dockercon EU 2015 Recap


Published on

A brief recap of the Docker, Docker, Docker highlights from Dockercon EU 2015.

Presented at Docker Austin on Dec. 3rd, 2015.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Dockercon EU 2015 Recap

  1. 1. Dockercon EU 2015 Recap
  2. 2. Lee Calcote clouds, containers, networks and their management @lcalcote
  3. 3. Conference Themes Usable Security Quality Production Ready
  4. 4. Security   1. Industry’s First Hardware Signing of Container Images 2. User Namespaces Provides Enhanced Access Control 3. Built-in container security analysis in Docker Hub 
  5. 5. Security - Docker Content Trust  (launched at Dockercon SF) TUF and Notary enable: Survivable Key Compromise Proof of Origin  Protection against untrusted transports.  integrates the guarantees from   into Docker using  , an open source tool that provides trust over any content. The Update Framework (TUF) Notary Hardware signing of container images reinforces Docker Content Trust
  6. 6. Hardware Signing of Container Images Yubico released Yubikey 4 at DockerCon with the goal of increasing the security of Docker images.   “ A YubiKey is a small hardware device that offers two-factor authentication with a simple touch of a button. Docker Experimental only notary key generate notary key list notary key backup export DOCKER_CONTENT_TRUST=1 docker push
  7. 7. Security - Project Nautilus Built-in container security analysis in Docker Hub   Project Goals 1. Scale up the security posture assessment 2. Notify users of new vulnerabilities in existing code proactively 3. Provide visibility to end-users on the security posture of images 
  8. 8. Security - Project Nautilus Text
  9. 9. Security - Project Nautilus An image-scanning service that makes it easier to build and consume high-integrity content Steps through a sequence of tests, including: Image security Component inventory/license management Image optimization Basic functional testing  Functions as a source of truth for certification metadata Has an extensible backend; may support 3rd-party plugins 
  10. 10. Security - User Namespaces containers themselves don’t have access to root on the host only the Docker daemon does. user namespaces gives IT operations the ability to separate container and Docker daemon-level privileges to assign privileges for each container by user group. IT operations will lock down hosts to a restricted group of sysadmins per security
  11. 11. best practices Docker Universal Control Plane “  "an on-premises solution for deploying and managing Dockerized distributed applications in production on any infrastructure." gives IT ops a single Docker-native management interface for all container on-premise or in cloud Currently in beta. Sign-up here. UCP is to containers as vCenter is to VMs
  12. 12. User Management •LDAP/AD integration with Trusted Registry •Role based access control (RBAC) to cluster, apps, containers, images Resource Management •Visibility into cluster, apps, containers, images, events with intuitive dashboards •Manage clusters, images, network and volumes •Manage apps and containers •Monitoring and logging Security & Compliance •On-premise deployment •Out of the box TLS •LDAP/AD authentication •User audit logs •Out of the box HA Containers as a Service
  13. 13. Production-Ready Swarm 1.0 Clustering 
  14. 14. Scaling Swarm to 1,000 AWS nodes and 50,000 containers!
  15. 15. Multi-host networking •   , and Swarm integrates fully with this. Any networks you create in Swarm will seamlessly work across multiple hosts. Docker Engine 1.9 features a new networking system Persistent storage Engine 1.9 has a new volume management system If you use a volume driver that works across multiple hosts (such as   or  ) you’ll be able to store persistent data on your Swarm regardless of where containers get scheduled on your cluster. Volume management works from the command line interface with plug-ins There are drivers available for  ,  ,  ,   and  . Flocker Ceph Blockbridge Ceph ClusterHQ EMC Portworx
  16. 16. Production-Ready: Docker Hub Autobuilds  build system can now be configured to dynamically trigger builds as your team creates new git branches and tags. Docker Hub Dynamic Matching Parallel Builds Automated Build system will execute as many builds in parallel as you have private repositories. 
  17. 17. Networking Multi-host networking no longer experimental Out of the box overlay networking in 1.9 New 'docker network' command provides management of networks as a top-level object Extensibility through network plugins Already 6 implementations done or under development 
  18. 18. Support for DNS to come later An IP per container... contrasted with an IP per pod in kubernetes
  19. 19. Surgically Segmented Networks
  20. 20. Network driver plugins available are from Cisco, Microsoft, Midokura, Nuage, Project Calico, VMware, and Weave. Default IP addressing remains same, but IPAM is pluggable
  21. 21. VXLAN as the Overlay for cluster membershipSerf
  22. 22. Resources
  23. 23. Video Day 1 General Session Day 2 General Session Day 2 Closing General Session - Moby's Cool Hacks Wild Card Day 1 Videos/Slides Wild Card Day 2 Videos/Slides Slides General and separate tracks Upcoming Online Events Dec 10th:  Dec 11th:  Dec 17th:  Jan 12th:  Feb 11th:  Introduction to Docker Security Building, running & deploying Docker containers Intro to Docker - Demo and FAQ The Value of Docker Subscription and Support Introduction to the Docker Platform