Overview of Docker 1.11 features(Covers Docker release summary till 1.11, runc/containerd, dns load balancing ipv6 service discovery, labels, macvlan/ipvlan)
Delve Labs was present during the GoSec 2016 conference, where our lead DevOps engineer presented an overview of the current options available for securing Docker in production environments.
https://www.delve-labs.com
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Docker, Inc.
At Docker, we are striving to enable the extensibility of Docker via "Plugins" and make them available for developers and enterprises alike. Come attend this talk to understand what it takes to build, ship, store and run plugins. We will deep dive into plugin lifecycle management on a single engine and across a swarm cluster. We will also demonstrate how you can integrate plugins from other enterprises or developers into your ecosystem. There will be fun demos accompanying this talk! This will be session will be beneficial to you if you: 1) Are an ops team member trying to integrate Docker with your favorite storage or network vendor 2) Are Interested in extending or customizing Docker; or 3) Want to become a Docker partner, and want to make the technology integration seamless.
Covers overview of CoreOS and current status of CoreOS projects. Presented at Open source meetup, Bangalore(http://www.meetup.com/Bangalore-Open-Source-Meetup/events/229763724/)
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerDocker, Inc.
Join SwarmKit maintainers Drew and Nishant as they showcase features that have made Swarm Mode even more powerful, without compromising the operational simplicity it was designed with. They will discuss the implementation of new features that streamline deployments, increase security, and reduce downtime. These substantial additions to Swarm Mode are completely transparent and straightforward to use, and users may not realize they're already benefiting from these improvements under the hood.
Since its first 1.12 release on July 2016, Docker Swarm Mode has matured enough as a clustering and scheduling tool for IT administrators and developers who can easily establish and manage a cluster of Docker nodes as a single virtual system. Swarm mode integrates the orchestration capabilities of Docker Swarm into Docker Engine itself and help administrators and developers with the ability to add or subtract container iterations as computing demands change. With sophisticated but easy to implement features like built-in Service Discovery, Routing Mesh, Secrets, declarative service model, scaling of the services, desired state reconciliation, scheduling, filters, multi-host networking model, Load-Balancing, rolling updates etc. Docker 17.06 is all set for production-ready product today. Join me webinar organised by Docker Izmir, to get familiar with the current Swarm Mode capabilities & functionalities across the heterogeneous environments.
Catching up with what has happened with logging in Docker since late 2014 all the way up to the recently released Docker 0.10. Also, presenting my view on a comprehensive approach to monitoring Docker using the API to get events, logs, stats with a little bit of self promotion in pointing out that we have recently released an implementation of comprehensive monitoring as part of a Sumo Logic collector source.
It's presentation for technet 2015 in korea.
I changed the format to pptx,
목차는 아래와 같습니다.
Openstack 인프라 구축 (4 node 구성) [ 30분]
Openstack 위에 VM 생성 [ 20분 ]
docker 구축 기초 [ 30분]
오픈스택에 docker를 연결 [ 30분]
Docker로 WEB서비스 구축 [ 15분]
Openstack 위에 Docker로 WEB서비스 구축 [ 15분]
Docker로 jenkins 구현 [30분]
Enhancing OpenShift Security for Business Critical DeploymentsDevOps.com
Join us for this informative session on "Enhancing OpenShift Security." Andrew Toth from Red Hat will outline typical threats and security measures to protect container deployments and will share information on built-in security features of OpenShift and Kubernetes.
Glen Kosaka from NeuVector will present how to enhance security for Kubernetes and OpenShift by using advanced run-time security features to improve visibility and protection in production.
In this talk, Michal Crosby will present on runC and Containerd, the internals and how they work together to start and manage containers in Docker. Afterwards, Arnaud Porterie will touch on about what was shipped in 1.11 and how it will enable some of the things we are working on for 1.12.
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriDocker, Inc.
True microservices are more than simply bolting a REST interface on your legacy application, packing it in a Docker container and hoping for the best. Security is a key component when designing and building out any new architecture, and it must be considered from top to bottom. Umpa Lumpas might not be considered "real" microservices, but Willy Wonka still has them locked down tight!
In this talk, Aaron will briefly touch on the idea and security benefits of microservices before diving into practical and real world examples of creating a secure microservices architecture. We'll start with designing and building high security Docker containers, using and examining the latest security features in Docker (such as User Namespaces and seccomp-bpf) as well as examine some typically forgotten security principals. Aaron will end on exploring related challenges and solutions in the areas of network security, secrets management and application hardening. Finally, while this talk is geared towards Microservices, it should prove informational for all Docker users, building a PaaS or otherwise.
Introductory seminar on Docker and its components (networks and Compose in particular). Focused on going through some basic concepts, mention some more advanced topics, and introduce a practical workshop held on the same evening.
The Nova driver for Docker has been maturing rapidly since its mainline removal in Icehouse. During the Juno cycle, substantial improvements have been made to the driver, and greater parity has been reached with other virtualization drivers. We will explore these improvements and what they mean to deployers. Eric will additionally showcase deployment scenarios for the deployment of OpenStack itself inside and underneath of Docker for powering traditional VM-based computing, storage, and other cloud services. Finally, users should expect a preview of the planned integration with the new OpenStack Containers Service effort to provide automation of advanced containers functionality and Docker-API semantics inside of an OpenStack cloud.
Note that the included Heat templates are NOT usable. See the linked Heat resources for viable templates and examples.
Delve Labs was present during the GoSec 2016 conference, where our lead DevOps engineer presented an overview of the current options available for securing Docker in production environments.
https://www.delve-labs.com
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Docker, Inc.
At Docker, we are striving to enable the extensibility of Docker via "Plugins" and make them available for developers and enterprises alike. Come attend this talk to understand what it takes to build, ship, store and run plugins. We will deep dive into plugin lifecycle management on a single engine and across a swarm cluster. We will also demonstrate how you can integrate plugins from other enterprises or developers into your ecosystem. There will be fun demos accompanying this talk! This will be session will be beneficial to you if you: 1) Are an ops team member trying to integrate Docker with your favorite storage or network vendor 2) Are Interested in extending or customizing Docker; or 3) Want to become a Docker partner, and want to make the technology integration seamless.
Covers overview of CoreOS and current status of CoreOS projects. Presented at Open source meetup, Bangalore(http://www.meetup.com/Bangalore-Open-Source-Meetup/events/229763724/)
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerDocker, Inc.
Join SwarmKit maintainers Drew and Nishant as they showcase features that have made Swarm Mode even more powerful, without compromising the operational simplicity it was designed with. They will discuss the implementation of new features that streamline deployments, increase security, and reduce downtime. These substantial additions to Swarm Mode are completely transparent and straightforward to use, and users may not realize they're already benefiting from these improvements under the hood.
Since its first 1.12 release on July 2016, Docker Swarm Mode has matured enough as a clustering and scheduling tool for IT administrators and developers who can easily establish and manage a cluster of Docker nodes as a single virtual system. Swarm mode integrates the orchestration capabilities of Docker Swarm into Docker Engine itself and help administrators and developers with the ability to add or subtract container iterations as computing demands change. With sophisticated but easy to implement features like built-in Service Discovery, Routing Mesh, Secrets, declarative service model, scaling of the services, desired state reconciliation, scheduling, filters, multi-host networking model, Load-Balancing, rolling updates etc. Docker 17.06 is all set for production-ready product today. Join me webinar organised by Docker Izmir, to get familiar with the current Swarm Mode capabilities & functionalities across the heterogeneous environments.
Catching up with what has happened with logging in Docker since late 2014 all the way up to the recently released Docker 0.10. Also, presenting my view on a comprehensive approach to monitoring Docker using the API to get events, logs, stats with a little bit of self promotion in pointing out that we have recently released an implementation of comprehensive monitoring as part of a Sumo Logic collector source.
It's presentation for technet 2015 in korea.
I changed the format to pptx,
목차는 아래와 같습니다.
Openstack 인프라 구축 (4 node 구성) [ 30분]
Openstack 위에 VM 생성 [ 20분 ]
docker 구축 기초 [ 30분]
오픈스택에 docker를 연결 [ 30분]
Docker로 WEB서비스 구축 [ 15분]
Openstack 위에 Docker로 WEB서비스 구축 [ 15분]
Docker로 jenkins 구현 [30분]
Enhancing OpenShift Security for Business Critical DeploymentsDevOps.com
Join us for this informative session on "Enhancing OpenShift Security." Andrew Toth from Red Hat will outline typical threats and security measures to protect container deployments and will share information on built-in security features of OpenShift and Kubernetes.
Glen Kosaka from NeuVector will present how to enhance security for Kubernetes and OpenShift by using advanced run-time security features to improve visibility and protection in production.
In this talk, Michal Crosby will present on runC and Containerd, the internals and how they work together to start and manage containers in Docker. Afterwards, Arnaud Porterie will touch on about what was shipped in 1.11 and how it will enable some of the things we are working on for 1.12.
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriDocker, Inc.
True microservices are more than simply bolting a REST interface on your legacy application, packing it in a Docker container and hoping for the best. Security is a key component when designing and building out any new architecture, and it must be considered from top to bottom. Umpa Lumpas might not be considered "real" microservices, but Willy Wonka still has them locked down tight!
In this talk, Aaron will briefly touch on the idea and security benefits of microservices before diving into practical and real world examples of creating a secure microservices architecture. We'll start with designing and building high security Docker containers, using and examining the latest security features in Docker (such as User Namespaces and seccomp-bpf) as well as examine some typically forgotten security principals. Aaron will end on exploring related challenges and solutions in the areas of network security, secrets management and application hardening. Finally, while this talk is geared towards Microservices, it should prove informational for all Docker users, building a PaaS or otherwise.
Introductory seminar on Docker and its components (networks and Compose in particular). Focused on going through some basic concepts, mention some more advanced topics, and introduce a practical workshop held on the same evening.
The Nova driver for Docker has been maturing rapidly since its mainline removal in Icehouse. During the Juno cycle, substantial improvements have been made to the driver, and greater parity has been reached with other virtualization drivers. We will explore these improvements and what they mean to deployers. Eric will additionally showcase deployment scenarios for the deployment of OpenStack itself inside and underneath of Docker for powering traditional VM-based computing, storage, and other cloud services. Finally, users should expect a preview of the planned integration with the new OpenStack Containers Service effort to provide automation of advanced containers functionality and Docker-API semantics inside of an OpenStack cloud.
Note that the included Heat templates are NOT usable. See the linked Heat resources for viable templates and examples.
The age of orchestration: from Docker basics to cluster managementNicola Paolucci
The container abstraction hit the collective developer mind with great force and created a space of innovation for the distribution, configuration and deployment of cloud based applications. Now that this new model has established itself work is moving towards orchestration and coordination of loosely coupled network services. There is an explosion of tools in this arena at different degrees of stability but the momentum is huge.
On the above premise this session we'll delve into a selection of the following topics:
- Two minute Docker intro refresher
- Overview of the orchestration landscape (Kubernetes, Mesos, Helios and Docker tools)
- Introduction to Docker own ecosystem orchestration tools (machine, swarm and compose)
- Live demo of cluster management using a sample application.
A basic understanding of Docker is suggested to fully enjoy the talk.
Practical guide to Oracle Virtual environmentsNelson Calero
Virtualization and containers are the technologies that enable isolation of environments running on the same hardware, and can be used in some of the cloud offerings as well as in your local hardware.
This session will introduce you to Vagrant, Ansible, and Docker with examples, showing step by step guides to automatically create and provision virtual Oracle environments using different solutions (no need to code, just to configure existing code).
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...Atlassian
Nicola Paolucci, Atlassian
Containers hit the collective developer mind with great force the past two years and created a space of fervent innovation. Now work is moving towards orchestration. In this session we'll cover an overview of the container orchestration landscape, give an introduction to Docker's own tools - machine, swarm and compose - and show a (semi)live demo of how they work in practice.
Collabnix Slack Channel accomodates around 1300+ members and conducted the first online webinar. One of Dockerlabs contributor "Balasundaram Natarajan" talked around Demystifying Docker & Kubernetes Networking.
A guide to deploying an initial Docker Swarm mode network and then incorporating Asterisk into that swarm. Commands, a discussion of host mode vs overlay networking, and the basics of a deployable Docker Swarm mode Stack file are all covered.
Deploying Windows Containers on Windows Server 2016Ben Hall
Introduction into the new Windows Containers and Windows Hyper-V Containers coming in Windows Server 2016.
Presented at WinOps Meetup #5 on Wednesday 20th April 2016. http://www.meetup.com/WinOps/events/229065341/
This presentation covers the basics of dockers, its security related features and how certain misconfigurations can be used to escape from container to host
Have you ever wondered if you are using your Kubernetes cluster efficiently? GKE usage metering provides visibility into the cluster usage which in turn can help you to optimize spend.
Top 3 reasons why you should run your Enterprise workloads on GKESreenivas Makam
This deck covers top 3 reasons why Google Kubernetes engine is best suited to run containerized workloads. The reasons covered are Security, Observability and Maturity.
Compare Docker deployment options in the public cloudSreenivas Makam
Compare Docker public cloud deployment options using Docker machine, Docker Cloud, Docker datacenter, Docker for AWS, Azure and Google cloud, AWS ECS, Google Container engine, Azure Container service.
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
Overview of Service Discovery and Service Discovery using etcd, Consul, Kubernetes and Docker. Presented at Open source meetup, Bangalore(http://www.meetup.com/Bangalore-Open-Source-Meetup/events/229763724/)
Docker Networking - Current Status and goals of Experimental NetworkingSreenivas Makam
This slidedeck covers overview of Docker Networking as of Docker 1.8, drawbacks of current Docker Networking and goals of Docker Experimental Networking.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. About me
• Senior Engineering Manager at Cisco
Systems Data Center group
• Author of “Mastering CoreOS”
https://www.packtpub.com/networki
ng-and-servers/mastering-coreos/ )
• Docker
Captain(https://www.docker.com/co
mmunity/docker-captains )
• Blog:
https://sreeninet.wordpress.com/
• Code: https://github.com/smakam
• Linkedin:
https://in.linkedin.com/in/sreenivas
makam
• Twitter: @srmakam
4. Docker release Timeline
0.1 - March
2013
1.0 -
June
2014
1.1 - July 2014
.dockerignore
for Dockerfile
Tail logs
Bind mounting
full filesystem
into a
container
1.2 - Aug
2014 Docker
restart policy
for container
Capability flag
in docker run
Devices can
be bind
mounted
without using
privilege
option
1.3 -
(Compose 1.0)
- Oct 2014
Experimental
digital
signature for
container
images
Docker exec
introduced
Security
options for
selinux,
apparmor
introduced in
Docker run
1.4 - Dec 2014
Overlayfs as
experimental
storage driver
Can add labels
to Docker
daemon
Security
vulnerabilities
addressed
1.5 - (Compose 1.1) -
Feb 2015
IPV6 support
Docker container
statistics using event
driven model
Dockerfile specifying
file name
Note:
Top 3 features were based on personal choice
5. Docker release Timeline (Contd)
1.6.0 (Compose 1.2,
Swarm 0.2, Machine 0.2,
Registry 2.0) - April 2015
Windows client
Container and Image
labels
Logging drivers support
1.7.0 (Compose
1.3, Swarm 0.3,
Machine 0.3,
Registry 2.0) - June
2015
Docker networking
and storage plugin
as experimental
libnetwork
seperated out from
Docker engine
Swarm, Compose
and multihost
networking
integrated
1.8.0 (Compose
1.4, Swarm 0.9,
Machine 0.4,
Registry 2.1) -
August 2015
Docker content
trust for image
signing
Docker toolbox for
windows and mac
Volume plugins
going to
production
1.9.0 (Compose
1.5, Swarm 1.0,
Machine 0.5,
Registry 2.2) - Nov
2015
Multihost
networking with
libnetwork
Swarm going to
production
Build-time
arguments to
Dockerfile
1.10.0 (Compose 1.6,
Swarm 1.1, Machine
0.6, Registry 2.3) - Feb
2016
Compose file with
networks and volumes
Security enhancement
- user namespace,
seccomp,
authorization plugin
Swarm HA(reschedule
containers when node
fails)
1.11.0 (Compose
1.7, Swarm 1.2,
Machine 0.7,
Registry 2.4) -
May 2016
Runc and
Containerd
DNS round robin
load balancing
ipv6 service
discovery
Note:
Top 3 features were based on personal choice
6. Docker 1.11 feature summary
• Runc and Containerd plumbing
• Built-in load balancing using DNS roundrobin
• Service discovery for ipv6
• Experimental macvlan and ipvlan network plugins
• Labels for networks and volumes
• Yubikey based hardware signing of Container images
moves from experimental to stable
• Container rescheduling in Swarm moves from
experimental to stable
7. Runc and Containerd
• Docker Engine broken into base Docker engine,
Containerd and Runc.
• Runc is the Container runtime based on OCI
specification. Containerd manages running
Containers.
• This makes Docker modular from developers
perspective.
• Future - Runc can be replaced by other Container
runtime like runV, Clear Containers.
• Future - Docker engine and Containerd can be
restarted or upgraded without affecting running
Containers.
Process output running 2 busybox Containers:
root 672 1 0 17:15 ? 00:00:11 /usr/bin/docker daemon --dns 8.8.8.8 --raw-logs
root 695 672 0 17:15 ? 00:00:01 docker-containerd -l /var/run/docker/libcontainerd/docker-containerd.sock --
runtime docker-runc
root 3694 695 0 21:22 ? 00:00:00 docker-containerd-shim
cf0fe4c12041bbf737abe597805f6ea81da8d65b6d30587211f24c85573d2ef1
/var/run/docker/libcontainerd/cf0fe4c12041bbf737abe597805f6ea81da8d65b6d30587211f24c85573d2ef1 docker-runc
root 3787 695 0 21:23 ? 00:00:00 docker-containerd-shim
009f939ef47f4a01f3e5fdcc18c0e7555f050c2ffea1e551c1171ee5bf110a59
/var/run/docker/libcontainerd/009f939ef47f4a01f3e5fdcc18c0e7555f050c2ffea1e551c1171ee5bf110a59 docker-runc
Docker
daemon
Containerd
daemon
2 Runc
with Shim
Picture source: Docker blog
8. DNS load balancing
Create 3 Containers in “fe”
network:
docker run -d --name=nginx1 --net=fe --
net-alias=nginxnet nginx
docker run -d --name=nginx2 --net=fe --
net-alias=nginxnet nginx
docker run -ti --name=myubuntu --net=fe
--link=nginx1:nginx1link --
link=nginx2:nginx2link ubuntu bash
DNS by network alias:
root@4d2d6e34120d:/# ping -c1 nginxnet
PING nginxnet (172.20.0.3) 56(84) bytes of data.
64 bytes from nginx2.fe (172.20.0.3): icmp_seq=1 ttl=64
time=0.852 ms
root@4d2d6e34120d:/# ping -c1 nginxnet
PING nginxnet (172.20.0.2) 56(84) bytes of data.
64 bytes from nginx1.fe (172.20.0.2): icmp_seq=1 ttl=64
time=0.244 ms
DNS by Container name:
root@4d2d6e34120d:/# ping -c1 nginx1
PING nginx1 (172.20.0.2) 56(84) bytes of data.
64 bytes from nginx1.fe (172.20.0.2): icmp_seq=1 ttl=64
time=0.112 ms
root@4d2d6e34120d:/# ping -c1 nginx2
PING nginx2 (172.20.0.3) 56(84) bytes of data.
64 bytes from nginx2.fe (172.20.0.3): icmp_seq=1 ttl=64
time=0.090 ms
DNS by link name:
root@4d2d6e34120d:/# ping -c1 nginx1link
PING nginx1link (172.20.0.2) 56(84) bytes of data.
64 bytes from nginx1.fe (172.20.0.2): icmp_seq=1 ttl=64
time=0.049 ms
root@4d2d6e34120d:/# ping -c1 nginx2link
PING nginx2link (172.20.0.3) 56(84) bytes of data.
64 bytes from nginx2.fe (172.20.0.3): icmp_seq=1 ttl=64
time=0.253 ms
ubuntu
nginx1
nginx2
9. IPV6 Service Discovery
• Create IPV6 network:
docker network create --ipv6 --subnet=1111:2222:3333::/64 myipv6
• Create 2 Containers:
docker run --rm -ti --net=myipv6 --name=u1 smakam/myubuntu:v4 bash
docker run --rm -ti --net=myipv6 --name=u2 smakam/myubuntu:v4 bash
Dig output from U2:
# dig u1 AAAA
; <<>> DiG 9.9.5-3-Ubuntu <<>> u1 AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
62676
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
ADDITIONAL: 0
;; QUESTION SECTION:
;u1.
IN AAAA
;; ANSWER SECTION:
u1. 600
IN AAAA
1111:2222:3333::2
U1:
eth0 Link encap:Ethernet HWaddr 02:42:ac:18:00:02
inet addr:172.24.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: 1111:2222:3333::2/64 Scope:Global
U2:
eth0 Link encap:Ethernet HWaddr 02:42:ac:18:00:03
inet addr:172.24.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: 1111:2222:3333::3/64 Scope:Global
Ping U2 from U1:
# ping6 -c1 u2
PING u2(u2.myipv6) 56 data bytes
64 bytes from u2.myipv6: icmp_seq=1 ttl=64 time=0.136 ms
# ping -c1 u2
PING u2 (172.24.0.3) 56(84) bytes of data.
64 bytes from u2.myipv6 (172.24.0.3): icmp_seq=1 ttl=64
time=0.100 ms
10. Labels for Networks and Volumes
• Labels allows tagging and filtering of Container
resources.
• Before Docker 1.11, labels were supported for
Containers, images, daemons.
• Docker 1.11 added labels for Networks and
Volumes. Compose will add this support soon.
Create network with 2 labels:
docker network create -d bridge --label tier=fe --label
owner=dev mynet
Display Docker network labels:
docker network inspect mynet
"Labels": {
"owner": "dev",
"tier": "fe"
}
Filter not working yet:
docker network ls --filter "label=tier=fe"
Error response from daemon: Invalid filter 'label'
Create Volume:
docker volume create --label name=ssd --name myvol
Display Docker volume labels:
docker volume inspect myvol
"Labels": {
"name": "ssd"
}
Filter not working yet:
docker volume ls --filter "label=name=ssd"
Error response from daemon: Invalid filter 'label'
11. Macvlan, ipvlan
• Macvlan and ipvlan are new Docker network plugins like
bridge and overlay.
• Macvlan and ipvlan drivers are provided by Linux kernel.
• Available in experimental Docker.
• Allows Containers to use underlay networks natively.
Useful for customers who want to reach Containers from
external network without using NAT.
• Macvlan interfaces have unique mac and IP address.
Ipvlan interfaces have unique IP address, but share the
same mac address as underlay interface.