What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi

•

57 likes•7,048 views

Mike Goelzer is a developer, hacker, author and the open source product management lead for Docker’s Core Runtime. He currently works on the open source Docker Engine and Docker’s open source container orchestration technologies. Andrea Luzzardi is a Software Engineer at Docker and was part of the original team that built the project. He is currently working on Swarm, a Docker-native clustering system. They discuss what is new in Docker.

What’s New in Docker 1.12
Mike Goelzer
(Spoiler alert: a lot!)

$ docker swarm init
$ docker swarm join <IP of manager>:2377

$ docker service create --replicas 3 --name frontend --network mynet
--publish 80:80/tcp frontend_image:latest
mynet

$ docker service create --replicas 3 --name frontend --network mynet
--publish 80:80/tcp frontend_image:latest
$ docker service create --name redis --network mynet redis:latest
mynet

$ docker service scale frontend=10
mynet

$ docker service create --mode=global --name prometheus
prom/prometheus
mynet

docker daemon --label
com.example.storage="ssd"
docker daemon --label
com.example.storage="ssd"

$ docker service create --replicas 3 --name frontend --network mynet
--publish 80:80/tcp --constraint com.example.storage="ssd"
frontend_image:latest
docker daemon --label
com.example.storage="ssd"
docker daemon --label
com.example.storage="ssd"

Distributed Application Bundle (.dab) declares
a stack

Swarm mode orchestration is optional
● You don’t have to use it
● 1.12 is fully backwards compatible
● Will not break existing deployments and scripts

Routing Mesh
• Operator reserves a swarm-
wide ingress port (80) for
myapp
• Every node listens on 80
• Container-aware routing mesh
can transparently reroute traffic
from Worker3 to a node that is
running container
• Built in load balancing into the
Engine
• DNS-based service discovery
:80
:80
:80 :80
frontend frontend
$ docker service create --replicas 3 --name frontend --network mynet
--publish 80:80/tcp frontend_image:latest
frontend

Routing Mesh: Published Ports
• Operator reserves a swarm-
wide ingress port (80) for
myapp
• Every node listens on 80
• Container-aware routing mesh
can transparently reroute traffic
from Worker3 to a node that is
running container
• Built in load balancing into the
Engine
• DNS-based service discovery
:80
:80
:80 :80
frontend frontend
$ docker service create --replicas 3 --name frontend --network mynet
--publish 80:80/tcp frontend_image:latest
frontend

Security out of the box
● Cryptographic Node Identity
○ Workload segregation (think PCI)
● There is no “insecure mode”:
○ TLS mutual auth
○ TLS encryption
○ Certificate rotation

HEALTHCHECK --interval=5m --timeout=3s
--retries 3
CMD curl -f http://localhost/ || exit 1
Checks every 5 minutes that web server can return index
page within 3 seconds.
Three consecutive failures puts container in an unhealthy
state.
Container Health Check in Dockerfile

docker plugin install tiborvass/no-remove
docker plugin enable no-remove
docker plugin disable no-remove
New Plugin Subcommands

$ docker plugin install tiborvass/no-remove
Plugin "mikegoelzer/myplugin:latest"
requested the following privileges:
- Networking: host
- Mounting host path: /data
Do you grant the above permissions? [y/N]
Plugin Permissions Model

Orchestration Deep Dive
Andrea Luzzardi
DockerCon 2016

Manager
Worker
● Each Node has a role
● Roles are dynamic
● Programmable Topology

● Strongly consistent: Holds desired state
● Simple to operate
● Blazing fast (in-memory reads, domain specific indexing, ...)
● Secure

● Eventually consistent: Routing mesh, load balancing rules, ...
● High volume, p2p network between workers
● Secure: Symmetric encryption with key rotation in Raft

Secure by default with end to end encryption
• Cryptographic node
identity
• Automatic encryption
and mutual auth (TLS)
• Automatic cert rotation
• External CA integration
Certificate
Authority
TLS
Certificate
Authority
TLS
Certificate
Authority
TLS
TLS TLSTLS

Learn more about 1.12
Monday 5:20 pm @ Ballroom 6E
• Docker Security Deep Dive
Tuesday 3:55 pm @ Ballroom 6E
• Docker for Ops: Networking Deep Dive, Considerations and
Troubleshooting

Mike Goelzer
mgoelzer@docker.com / @mgoelzer
Andrea Luzzardi
al@docker.com / @aluzzardi
Questions?

Thank You
Mike Goelzer
mgoelzer@docker.com / @mgoelzer
Andrea Luzzardi
al@docker.com / @aluzzardi

Docker Engine 1.12 can be rightly called ” A Next Generation Docker Clustering & Distributed System”. Though Docker Engine 1.12 Final Release is around corner but the recent RC3 brings lots of improvements and exciting features. One of the major highlight of this release is Docker Swarm Mode which provides powerful yet optional ability to create coordinated groups of decentralized Docker Engines. Swarm Mode combines your engine in swarms of any scale. It’s self-organizing and self-healing. It enables infrastructure-agnostic topology.The newer version democratizes orchestration with out-of-box capabilities for multi-container on multi-host app deployments.

runC: The little engine that could (run Docker containers) by Docker Captain ...

Docker, Inc.

With the announcement of the OCI by Solomon Hykes at last summer's DockerCon, a Docker-contributed reference implementation of the OCI spec, called runC, was born. While some of you may have tried runC or have a history of poking at the OS layer integration library to Linux namespaces, cgroups and the like (known as libcontainer), many of you may not know what runC offers. In this talk Phil Estes, Docker engine maintainer who has also contributed to libcontainer and runC, will show what's possible using runC as a lightweight and fast runtime environment to experiment with lower-level features of the container runtime. Phil will introduce a conversion tool called "riddler", which can inspect and convert container configurations from Docker into the proper OCI configuration bundle for easy conversion between the two environments. He'll also demonstrate how to make custom configurations for trying out security features like user namespaces and seccomp profiles.

Docker Networking : 0 to 60mph slides

Docker, Inc.

Docker Online Meetup #28: Production-Ready Docker Swarm

Docker, Inc.

presented by Alexandre Beslic (@abronan) Swarm v1.0 is now ready for running your apps in production! Swarm is the easiest way to run Docker applications at large scale on a cluster. It turns a pool of Docker Engines into a single, virtual Engine. You don’t have to worry about where to put containers, or how they’re going to talk to each other - it just handles all that for you. We’ve spent the last few months tirelessly hardening and tuning it, and in combination with multi-host networking and the new volume system in Docker Engine 1.9, we can confidently say that it’s ready for running your apps in production. In our tests, we’ve been running Swarm on EC2 with 1,000 nodes and 30,000 containers and it keeps on scheduling containers in less than half a second. Not even breaking a sweat! Keep an eye for a blog post soon with the full details. Read more: http://blog.docker.com/2015/11/swarm-1-0/

Docker Orchestration at Production Scale

Docker, Inc.

Docker serverless v1.0

Thomas Chacko

Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)

Michelle Antebi

Unikernels: the rise of the library hypervisor in MirageOS

Docker, Inc.

A session covering the container workflow from the developers inner loop, CI/CD, to deployment in a container orchestration solution. We'll cover Visual Studio Code from a Mac, Visual Studio Code from Windows with Bash and Visual Studio as an in-container local development environment targeting both Windows and Linux Containers. We'll walk through CI, Validation and CD to the Azure Container Service running Docker Swarm as one example of how you can convert your existing config as code and VM deployments to the containerized workflows startups and early adopter enterprises are using today.

Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...

Docker, Inc.

Talk from Docker SF Meetup #50 Abstract: Docker swarm mode enables users to manage their applications with service primitives. In this talk we demonstrate how to do service upgrades without impacting your application. The Healthcheck feature provides health indication for a container. Coming up in Docker 1.13 release, Docker Swarm can connect healthcheck result with load balancer to implement no-loss service upgrade. Speaker Biographies: Nishant Totla is a software engineer at Docker, and works on the core open source team. He is currently working on Docker SwarmKit and Docker Swarm. Prior to Docker, he was a PhD student at UC Berkeley, doing research on programming languages. In his spare time, he enjoys long-distance running, biking, and other outdoor activities. Nishant tweets at @nishanttotla. Dongluo Chen is a software engineer at Docker focusing on orchestration and container development. Before Docker he was software engineer manager at Microsoft Azure building and automating global data centers. He worked at France Telecom (Orange) and the Ohio State University as research scientist in networking area.

Docker practical solutions

Kesav Kumar Kolla

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

Docker, Inc.

DCUS17 : Docker networking deep dive

Madhu Venugopal

Windows Server and Docker - The Internals Behind Bringing Docker and Containe...

Docker, Inc.

Docker leverages capabilities in Linux like namespaces and cgroups to enable containers and then builds tooling on top to enable users to build distributed apps. A common question is "What about Docker support for Windows?" In this session the Windows engineering leads will dive deep into the primitives within Windows to enable an awesome Docker experience on Windows. This session will also include a live demo of Docker and Windows Server.

Libnetwork update at Moby summit June 2017

Docker, Inc.

Docker Online Meetup: Infrakit update and Q&A

Docker, Inc.

While working on Docker for AWS and Azure, we realized the need for a standard way to create and manage infrastructure state that was portable across any type of infrastructure, from different cloud providers to on-prem. One challenge is that each vendor has differentiated IP invested in how they handle certain aspects of their cloud infrastructure. It is not enough to just provision five servers; what IT ops teams need is a simple and consistent way to declare the number of servers, what size they should be, and what sort of base software configuration is required. And in the case of server failures (especially unplanned), that sudden change needs to be reconciled against the desired state to ensure that any required servers are re-provisioned with the necessary configuration. We started InfraKit to solves these problems and to provide the ability to create a self healing infrastructure for distributed systems.

What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi

Mike Goelzer

Nebulaworks Docker Overview 09-22-2015

Chris Ciborowski

Docker Security workshop slides

Docker, Inc.

Get hands-on with security features and best practices to protect your containerized services. Learn to push and verify signed images with Docker Content Trust, and collaborate with delegation roles. Intermediate to advanced level Docker experience recommended, participants will be building and pushing with Docker during the workshop. Led By Docker Security Experts: Riyaz Faizullabhoy David Lawrence Viktor Stanchev Experience Level: Intermediate to advanced level Docker experience recommended

Fluentd and docker monitoring

Vinay Krishna

Docker Mentorweek beginner workshop notes

Sreenivas Makam

Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22

Ajeet Singh Raina

Online Meetup: Why should container system / platform builders care about con...

Docker, Inc.

Docker and the CNCF recently announced the general availability of containerd 1.0, an industry-standard runtime for building container solutions. The containerd 1.0 milestone comes after several months of alpha and beta releases, that allowed the team to implement various performance improvements: creation of a stress testing system, improvements in garbage collection and shim memory usage, etc. In this online meetup, we look at how containerd works, what are the top features and improvements and how can container system builders integrate with containerd.

virtualization-vs-containerization-paas

rajdeep

Comprehensive Monitoring for Docker

Christian Beedgen

Catching up with what has happened with logging in Docker since late 2014 all the way up to the recently released Docker 0.10. Also, presenting my view on a comprehensive approach to monitoring Docker using the API to get events, logs, stats with a little bit of self promotion in pointing out that we have recently released an implementation of comprehensive monitoring as part of a Sumo Logic collector source.

Docker 1.11 @ Docker SF Meetup

Docker, Inc.

Docker for Ops: Docker Storage and Volumes Deep Dive and Considerations by Br...

Docker, Inc.

Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...

Docker, Inc.

What's hot

Driving containerd operations with gRPC

Docker, Inc.

What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Docker, Inc.

Dockerizing Windows Server Applications by Ender Barillas and Taylor Brown

Docker, Inc.

Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...

Docker, Inc.

Docker practical solutions

Kesav Kumar Kolla

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

Docker, Inc.

DCUS17 : Docker networking deep dive

Madhu Venugopal

Windows Server and Docker - The Internals Behind Bringing Docker and Containe...

Docker, Inc.

Libnetwork update at Moby summit June 2017

Docker, Inc.

Docker Online Meetup: Infrakit update and Q&A

Docker, Inc.

What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi

Mike Goelzer

Nebulaworks Docker Overview 09-22-2015

Chris Ciborowski

Docker Security workshop slides

Docker, Inc.

Fluentd and docker monitoring

Vinay Krishna

Docker Mentorweek beginner workshop notes

Sreenivas Makam

Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22

Ajeet Singh Raina

Online Meetup: Why should container system / platform builders care about con...

Docker, Inc.

virtualization-vs-containerization-paas

rajdeep

Comprehensive Monitoring for Docker

Christian Beedgen

Docker 1.11 @ Docker SF Meetup

Docker, Inc.

What's hot (20)

Driving containerd operations with gRPC

What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Dockerizing Windows Server Applications by Ender Barillas and Taylor Brown

Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...

Docker practical solutions

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

DCUS17 : Docker networking deep dive

Windows Server and Docker - The Internals Behind Bringing Docker and Containe...

Libnetwork update at Moby summit June 2017

Docker Online Meetup: Infrakit update and Q&A

What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi

Nebulaworks Docker Overview 09-22-2015

Docker Security workshop slides

Fluentd and docker monitoring

Docker Mentorweek beginner workshop notes

Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22

Online Meetup: Why should container system / platform builders care about con...

virtualization-vs-containerization-paas

Comprehensive Monitoring for Docker

Docker 1.11 @ Docker SF Meetup

Viewers also liked

Docker for Ops: Docker Storage and Volumes Deep Dive and Considerations by Br...

Docker, Inc.

Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...

Docker, Inc.

Docker for the Enterprise with Containers as a Service by Banjot Chanana

Docker, Inc.

Docker 1.12 - Swarm Mode

Rafael Gomes

Getting Deep on Orchestration: APIs, Actors, and Abstractions in a Distribute...

Docker, Inc.

Orchestration platforms let us work with higher level ideas like services and jobs; but there is more to a platform than scheduling and service discovery. A platform is a collection of actors and APIs that work together and provide those higher level abstractions on a distributed system. In this session we'll go deep on the architecture of open source orchestration platforms, consider scaling pains, reveal extension points, and reflect on an orchestration platform at Amazon. We'll finish with a demo of a homemade abstraction deployed on a live, multi-cloud Swarm cluster.

Docker for Developers - Part 2 by Borja Burgos and Fernando Mayo

Docker, Inc.

Docker Swarm 0.2.0

Docker, Inc.

Docker for Developers - Part 1 by David Gageot

Docker, Inc.

Docker Security Deep Dive by Ying Li and David Lawrence

Docker, Inc.

DockerCon EU 2015: Docker Networking Deep Dive

Docker, Inc.

with Jana Radhakrishnan, Lead Software Engineer at Docker, and David Tucker, Product Manager, Docker Docker Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. The networked containers can even span multiple hosts, so you don’t have to worry about what host your container lands on. They can seamlessly communicate with each other wherever they are - thus enabling true distributed applications. And Networking is pluggable, so you can use any third-party networking driver to power your networks without having to make any changes to your application. Read more: https://blog.docker.com/2015/11/docker-multi-host-networking-ga/ -- Docker is an open platform for developers and system administrators to build, ship and run distributed applications. With Docker, IT organizations shrink application delivery from months to minutes, frictionlessly move workloads between data centers and the cloud and can achieve up to 20X greater efficiency in their use of computing resources. Inspired by an active community and by transparent, open source innovation, Docker containers have been downloaded more than 700 million times and Docker is used by millions of developers across thousands of the world’s most innovative organizations, including eBay, Baidu, the BBC, Goldman Sachs, Groupon, ING, Yelp, and Spotify. Docker’s rapid adoption has catalyzed an active ecosystem, resulting in more than 180,000 “Dockerized” applications, over 40 Docker-related startups and integration partnerships with AWS, Cloud Foundry, Google, IBM, Microsoft, OpenStack, Rackspace, Red Hat and VMware. Learn more at www.docker.com

Docker for Ops: Extending Docker with APIs, Drivers and Plugins by Arnaud Por...

Docker, Inc.

Online Meetup: What's new in docker 1.13.0

Docker, Inc.

Core team member and release captain Victor Vieux will introduce us to what's new in Docker 1.13. Victor will first give an overview and demo some of the new features below: • Restructuration of CLI commands • Experimental build • CLI backward compatibility • Swarm default encryption at rest • Compose to Swarm • Data management commands • Brand new “init system” • Various orchestration enhancements

Docker for Ops: Operationalize your Docker Built Apps in Production by Evan H...

Docker, Inc.

Docker 1.12 and swarm mode

Wesley Charles Blake

Building Distributed System with Celery on Docker Swarm

Wei Lin

Swarm - A Docker Clustering System

snrism

Pp docker-swarm-doxlon-28th-march-2017

Bobby DeVeaux, DevOps Consultant

Microservices Architectures with Docker Swarm, etcd, Kuryr and Neutron

Fawad Khaliq

Microservices architectures are revolutionizing the way software is envisioned and built. OpenStack has started to play a key role in enabling the microservices architectures and focused groups inside OpenStack community are working towards this goal: Magnum, Kuryr etc. Docker is one of the key components here and combining them all, we get to build microservices architectures using tools like Docker Swarm, Etcd, Kuryr and Neutron. This workshop will provide attendees with the opportunity to gain experience with various Docker features and uses cases integrated with the OpenStack ecosystem. The lab will cover wide range of topics: Introduction to Docker and OpenStack Docker Swarm: Architecture and usage Etcd Kuryr and Neutron: Architecture and usage with DevStack Deploying Microservices Breaking Docker, Kuryr and debugging it! Attendees simply need to come in (with their laptop). Workshop speaker/organizer will provide instructions and will be available to answer any questions.

Building Distributed System with Celery on Docker Swarm - PyCon JP 2016

Wei Lin

Introducing Docker Swarm - the orchestration tool by Docker

Ramit Surana

Viewers also liked (20)

Docker for Ops: Docker Storage and Volumes Deep Dive and Considerations by Br...

Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...

Docker for the Enterprise with Containers as a Service by Banjot Chanana

Docker 1.12 - Swarm Mode

Getting Deep on Orchestration: APIs, Actors, and Abstractions in a Distribute...

Docker for Developers - Part 2 by Borja Burgos and Fernando Mayo

Docker Swarm 0.2.0

Docker for Developers - Part 1 by David Gageot

Docker Security Deep Dive by Ying Li and David Lawrence

DockerCon EU 2015: Docker Networking Deep Dive

Docker for Ops: Extending Docker with APIs, Drivers and Plugins by Arnaud Por...

Online Meetup: What's new in docker 1.13.0

Docker for Ops: Operationalize your Docker Built Apps in Production by Evan H...

Docker 1.12 and swarm mode

Building Distributed System with Celery on Docker Swarm

Swarm - A Docker Clustering System

Pp docker-swarm-doxlon-28th-march-2017

Microservices Architectures with Docker Swarm, etcd, Kuryr and Neutron

Building Distributed System with Celery on Docker Swarm - PyCon JP 2016

Introducing Docker Swarm - the orchestration tool by Docker

Similar to What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi

New Docker Features for Orchestration and Containers

Jeff Anderson

Nats meetup oct 2016 docker 112

Nirmal Mehta

"Deploying Multi-OS Applications with Docker Swarm" with Docker's David Yu

Steven Puroll

Docker 1.12 and SwarmKit

Gianluca Arbezzano

Deep Dive into Docker Swarm Mode

Ajeet Singh Raina

Since its first 1.12 release on July 2016, Docker Swarm Mode has matured enough as a clustering and scheduling tool for IT administrators and developers who can easily establish and manage a cluster of Docker nodes as a single virtual system. Swarm mode integrates the orchestration capabilities of Docker Swarm into Docker Engine itself and help administrators and developers with the ability to add or subtract container iterations as computing demands change. With sophisticated but easy to implement features like built-in Service Discovery, Routing Mesh, Secrets, declarative service model, scaling of the services, desired state reconciliation, scheduling, filters, multi-host networking model, Load-Balancing, rolling updates etc. Docker 17.06 is all set for production-ready product today. Join me webinar organised by Docker Izmir, to get familiar with the current Swarm Mode capabilities & functionalities across the heterogeneous environments.

JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach

PROIDEA

Docker Networking Deep Dive

Docker, Inc.

Starting with Docker 1.12, Docker has added features to the core Docker Engine to make multi-host and multi-container orchestration extremely simple to use and accessible to everyone. Docker 1.12 Networking plays a key role in enabling these orchestration features. In this online meetup, we learned all the new and exciting networking features introduced in Docker 1.12: Swarm-mode networking Routing Mesh Ingress and Internal Load-Balancing Service Discovery Encrypted Network Control-Plane and Data-Plane Multi-host networking without external KV-Store MACVLAN Driver

Docker 1.12 networking deep dive

Madhu Venugopal

Demystfying container-networking

Balasundaram Natarajan

Troubleshooting Tips from a Docker Support Engineer

Jeff Anderson

Troubleshooting Tips from a Docker Support Engineer - Jeff Anderson, Docker

Docker, Inc.

Docker makes everything easier. But even with the easiest platforms, sometimes you run into problems. In this session, you'll learn first hand from someone whose job is helping customers fix these problems. Using Docker and Docker Data Center, you can keep your apps running smoothly with minimal downtime. In this session, you'll learn how to apply your troubleshooting skills in the Docker ecosystem, including: 1. Identification and characterization of the problem. 2. Command line tools to inspect networking and namespaces. 3. Applying these skills to your workloads on OSS Docker and on DDC.

Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...

Ajeet Singh Raina

Docker container management

Karol Kreft

Docker Networking - Common Issues and Troubleshooting Techniques

Sreenivas Makam

Docker 1.11 Presentation

Sreenivas Makam

Docker, the Future of DevOps

andersjanmyr

What is Docker and why should you care? A Docker container is like a lightweight Virtual Machine. It gives you the benefits of a virtual machine, isolation of your application, without the drawbacks, having to ship an entire operating system with your application, slow startup time, and difficult interaction with the host. In this presentation you will learn why Docker and containerization is the future of DevOps and how to use it efficiently. You will learn how to build, run, and link containers, and what volumes are and what they are used for. You will also learn about some of the many orchestration solutions that exists for managing a cluster of containers, both locally and in the cloud.

Managing multicast/igmp stream on Docker

Thierry Gayet

Container orchestration from theory to practice

Docker, Inc.

"Join Laura Frank and Stephen Day as they explain and examine technical concepts behind container orchestration systems, like distributed consensus, object models, and node topology. These concepts build the foundation of every modern orchestration system, and each technical explanation will be illustrated using SwarmKit and Kubernetes as a real-world example. Gain a deeper understanding of how orchestration systems work in practice and walk away with more insights into your production applications."

Intersog Hack_n_Tell. Docker. First steps.

Intersog

.NET Developer Days - Launching Patterns for Containers

Michele Leroux Bustamante

When you design your microservices strategy you will likely come up with patterns for when and how your services should execute. Traditional container scheduling services often deal with running container instances and distributing those instances across your cluster according to resource constraints – but your microservices design may also have other requirements such as message-based services that run and listen for topics; services that run on a scheduled job cycle; and services that may run in different ways based on initialization and have many instances running in parallel at any given time. This session looks at architecture patterns for container-based solutions; and illustrates the execution of these patterns with Docker containers and related tools. Concepts are platform independent but demos will be based on Kafka and Azure Container Service with Mesosphere DC/OS, Mesos, Marathon and Chronos.

Similar to What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi (20)

New Docker Features for Orchestration and Containers

Nats meetup oct 2016 docker 112

"Deploying Multi-OS Applications with Docker Swarm" with Docker's David Yu

Docker 1.12 and SwarmKit

Deep Dive into Docker Swarm Mode

JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach

Docker Networking Deep Dive

Docker 1.12 networking deep dive

Demystfying container-networking

Troubleshooting Tips from a Docker Support Engineer

Troubleshooting Tips from a Docker Support Engineer - Jeff Anderson, Docker

Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...

Docker container management

Docker Networking - Common Issues and Troubleshooting Techniques

Docker 1.11 Presentation

Docker, the Future of DevOps

Managing multicast/igmp stream on Docker

Container orchestration from theory to practice

Intersog Hack_n_Tell. Docker. First steps.

.NET Developer Days - Launching Patterns for Containers

More from Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience

Docker, Inc.

Raymond Arifianto, AccelByte and Mark Mandel, Google - We have been deploying containerized micro-services for our Game Backend Services for a while. Now we are tackling the challenge to scale up fleets of game dedicated servers in multiple regions, multiple data centers and multiple providers - some in bare metal, some in Cloud. So we leverage docker containerization to deploy Game Servers to achieve Portability, Fast Deployment and Predictability, enabling us to scale up to thousands of servers, on demand, without a sweat.

How to Improve Your Image Builds Using Advance Docker Build

Docker, Inc.

Nicholas Dille, Haufe-Lexware + Docker Captain - Docker continues to be the standard tool for building container images. For more than a year Docker ships with BuildKit as an alternative image builder, providing advanced features for secret and cache management. These features help to make image builds faster and more secure. In this session, Docker Captain Nicholas Dille will teach you how to use Buildkit features to your advantage.

Build & Deploy Multi-Container Applications to AWS

Docker, Inc.

Lukonde Mwila, Entelect - As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

Securing Your Containerized Applications with NGINX

Docker, Inc.

Kevin Jones, NGNIX - NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.

How To Build and Run Node Apps with Docker and Compose

Docker, Inc.

Kathleen Juell, Digital Ocean - Containers are an essential part of today's microservice ecosystem, as they allow developers and operators to maintain standards of reliability and reproducibility in fast-paced deployment scenarios. And while there are best practices that extend across stacks in containerized environments, there are also things that make each stack distinct, starting with the application image itself. This talk will dive into some of these particularities, both at the image and service level, while also covering general best practices for building and running Node applications with database backends using Docker and Compose.

Hands-on Helm

Docker, Inc.

Distributed Deep Learning with Docker at Salesforce

Docker, Inc.

Jeff Hajewski, Salesforce - There is a wealth of information on building deep learning models with PyTorch or TensorFlow. Anyone interested in building a deep learning model is only a quick search away from a number of clear and well written tutorials that will take them from zero knowledge to having a working image classifier. But what happens when you need to deploy these models in a production setting? At Salesforce, we use TensorFlow models to help us provide customers with insights into their data, and we do this as close to real-time as possible. Designing these systems in a scalable manner requires overcoming a number of design challenges, but the core component is Docker. Docker enables us to design highly scalable systems by allowing us to focus on service interactions, rather than how our services will interact with the hardware. Docker is also at the core of our test infrastructure, allowing developers and data scientists to build and test the system in an end to end manner on their local machines. While some of this may sound complex, the core message is simplicity - Docker allows us to focus on the aspects of the system that matter, greatly simplifying our lives.

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Docker, Inc.

James Fuller, webcomposite s.r.o. - Curl is the venerable (yet very modern) 'swiss army knife' command line tool and library for transferring data with URLs. Recently we (the Curl team) decided to build a release for Docker Hub. This talk will outline our current development workflow with respect to the docker image and provide insights on what it takes to build a docker image for mass public consumption. We are also keen to learn from users and other developers how we might improve and enhance the official curl docker image.

Monitoring in a Microservices World

Docker, Inc.

Fabian Stäber, Instana - In recent years, we saw a great paradigm shift in software engineering away from static monolithic applications towards dynamic distributed horizontally scalable architectures. Docker is one of the key technologies enabling this development. This shift poses a lot of new challenges for application monitoring, ranging from practical issues (need for automation) to technical challenges (Docker networking) to organizational topics (blurring line between software engineers and operations) to fundamental questions (define what is an application). In this talk we show how Docker changed the way we do monitoring, how modern application monitoring systems work, and what future developments we expect.

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Docker, Inc.

Clemente Biondo, Engineering Ingegneria Informatica - When the COVID 19 pandemic started, Engineering Ingegneria Informatica Group (1.25 billion euros of revenues, 65 offices around the world, 12.000 employees) was forced to put their digital transformation to the test in order to maintain operational continuity. In this session, Clemente Biondo, the Tech Lead of the Information Systems Department, will share how his company is reacting to this unforeseeable scenario and how Docker-driven digital transformation had paved the path for work to continue remotely. Clemente will discuss learnings moving from colocated teams, manual approaches, email based-business processes, and a monolithic application to a mature DevOps culture characterized by a distributed autonomous workforce and a continuous deployment process that deploys backward-compatible Docker containerized microservices into hybrid multi cloud datacenters an average of twice a day with zero-downtime. He will detail how they use Docker to unify dev, test and production environments, and as an efficient and automated mechanism for deploying applications. Lastly, Clemente shares how, in our darkest hour, he and others are working to shine their brightest light.

Predicting Space Weather with Docker

Docker, Inc.

Chris Lauer, NOAA Space Weather Prediction Center - This is the story of how adopting a containerized workflow changed the way our small software team works at NOAA’s Space Weather Prediction Center. Our old architecture, a big ball of mud shared-database integration, just wasn’t cutting it - it was killing our agility. Over the past two years, our small team has adopted a microservice style architecture, using Docker with docker-compose and environment files as our deployment strategy for all new development. We’ve discovered the joys of using containers for identical dev, staging, and production environments. We work closely with scientists: much of the code we’re running has complicated and conflicting library dependencies. Docker captures these beautifully - we’ve even had some success teaching our scientists to use it! I’ll share what we’ve learned, some of the persistent challenges we face, and one place we really got it wrong. This talk builds off of a popular hallway track from DockerCon 2019.

Become a Docker Power User With Microsoft Visual Studio Code

Docker, Inc.

Brian Christner, 56k + Docker Captain - In this session, we will unlock the full potential of using Microsoft Visual Studio Code (VS Code) and Docker Desktop to turn you into a Docker Power User. When we expand and utilize the VS Code Docker plugin, we can take our projects and Docker skills to the next level. In addition to using VS Code, we streamline our Docker Desktop development workflow with less context switching and built-in shortcuts. You will learn how to bootstrap new projects, quickly write Dockerfiles utilizing templates, build, run, and interact with containers all from VS Code.

How to Use Mirroring and Caching to Optimize your Container Registry

Docker, Inc.

Monolithic to Microservices + Docker = SDLC on Steroids!

Docker, Inc.

Ashish Sharma, SS&C Eze - SS&C Eze provides various products in the stock market domain. We spent the last couple of years building Eclipse which is an investment suite born in cloud. The journey so far has been very interesting. The very first version of the product were a bunch of monolithic windows services and deployed using Octopus tool. We successfully managed to bring all the monolithic problem to the cloud and created a nightmare for ourselves. We then started applying microservices architecture principles and started breaking the monolithic into small services. Very soon we realized that we need a better packaging/deployment tool. Docker looked like a magical solution to our problem. Since its adoption, It has not only solved the deployment problem for us but has made a deep impact on different aspects of SDLC. It allowed us to use heterogeneous technology stacks, simplified development environment setup, simplified our testing strategy, improved our speed of delivery, and made our developers more productive. In this talk I would like to share our experience of using Docker and its positive impact on our SDLC.

Kubernetes at Datadog Scale

Docker, Inc.

Ara Pulido, Datadog - Container technologies, although not new, have increased their popularity in the past few years, with container orchestrators allowing companies around the world to adopt these technologies to help them ship and scale microservices with precision and velocity. Kubernetes is currently the most popular container orchestration platform, and while many organizations are migrating their workloads to it, Kubernetes is still relatively immature. New corner cases, errors, and quirks are regularly discovered as users push the boundaries of size and scale. When Datadog adopted Kubernetes we discovered some of these boundaries the hard way, and we continuously challenge and modify our infrastructure decisions in order to fit our use case. Join me in this talk for our story on what we learned while we scaled our Kubernetes clusters, the contributions to Kubernetes we made along the way, and how you can apply those learnings when growing your Kubernetes clusters from a handful to hundreds or thousands of nodes.

Labels, Labels, Labels

Docker, Inc.

Andy Clemenko, StackRox - One underutilized, and amazing, thing about the docker image scheme is labels. Labels are a built in way to document all aspects about the image itself. Think about all the information that the tags inside your clothing carry. If you care to look you can find out everything about the garment. All that information can be very valuable. Now think about how we can leverage labels to carry similar information. We can even use the labels to contain Docker Compose or even Kubernetes Yaml. We can even include labels into the CI/CD process making things more secure and smoother. Come find out some fun techniques on how to leverage labels to do some fun and amazing things.

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Docker, Inc.

Patrick Deloulay, Micro Focus - Micro Focus started their digital transformation 3 years ago, moving the entire portfolio into hundreds of container images. Leveraging Docker Hub as our primary registry service, we will cover how we ended up building a simple but secure push/pull model to publish and deliver our premium assets to our customers and partners to both meet the high agility of our DevOps teams while greatly simplifying the deployment of our applications.

Build & Deploy Multi-Container Applications to AWS

Docker, Inc.

Lukonde Mwila, Entelect As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Docker, Inc.

Elton Stoneman, Docker Captain + Container Consultant and Trainer How do you provide a SaaS offering when your product is a 10-year old Fortran app, currently built to run on Windows 10? With Docker and Kubernetes of course - and you can do it in a week (... to prototype level at least). In this session I'll walk through the processes and practicalities of taking an older Windows app, making it run in containers with Kubernetes, and then building a simple API wrapper to host the whole stack as a cloud-based SaaS product. There's a lot of technology here from a real world case study, and I'll focus on: - running Windows apps in Docker containers - building a .NET Core API which can run in Linux or Windows containers - running the stack in Kubernetes with Docker Desktop locally and AKS in the cloud - configuring AKS workloads in Azure to burst out to Azure Container Instances And there's a core theme to this session: Docker and Kubernetes are complex technologies, but they're the key to modern development. If you invest time learning them, they make projects like this simple, portable, fast and fun.

Developing with Docker for the Arm Architecture

Docker, Inc.

This virtual meetup introduces the concepts and best practices of using Docker containers for software development for the Arm architecture across a variety of hardware systems. Using Docker Desktop on Windows or Mac, Amazon Web Services (AWS) A1 instances, and embedded Linux, we will demonstrate the latest Docker features to build, share, and run multi-architecture images with transparent support for Arm.

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience

How to Improve Your Image Builds Using Advance Docker Build

Build & Deploy Multi-Container Applications to AWS

Securing Your Containerized Applications with NGINX

How To Build and Run Node Apps with Docker and Compose

Hands-on Helm

Distributed Deep Learning with Docker at Salesforce

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Monitoring in a Microservices World

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Predicting Space Weather with Docker

Become a Docker Power User With Microsoft Visual Studio Code

How to Use Mirroring and Caching to Optimize your Container Registry

Monolithic to Microservices + Docker = SDLC on Steroids!

Kubernetes at Datadog Scale

Labels, Labels, Labels

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Build & Deploy Multi-Container Applications to AWS

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Developing with Docker for the Arm Architecture

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Generating a custom Ruby SDK for your web service or Rails API using Smithy

g2nightmarescribd

Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Key Trends Shaping the Future of Infrastructure.pdf

Leading Change strategies and insights for effective change management pdf 1.pdf

Bits & Pixels using AI for Good.........

Generating a custom Ruby SDK for your web service or Rails API using Smithy

Accelerate your Kubernetes clusters with Varnish Caching

Neuro-symbolic is not enough, we need neuro-*semantic*

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

JMeter webinar - integration with InfluxDB and Grafana

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Monitoring Java Application Security with JDK Tools and JFR Events

PCI PIN Basics Webinar from the Controlcase Team

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Epistemic Interaction - tuning interfaces to provide information for AI support

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Connector Corner: Automate dynamic content and events by pushing a button

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Elevating Tactical DDD Patterns Through Object Calisthenics

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi

1. What’s New in Docker 1.12 Mike Goelzer (Spoiler alert: a lot!)

2. $ docker swarm init

3. $ docker swarm init $ docker swarm join <IP of manager>:2377

4. $ docker swarm init $ docker swarm join <IP of manager>:2377

5. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest mynet

6. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet

7. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet

8. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet

9. ≠ $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet

10. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet

11. $ docker service scale frontend=6 mynet

12. $ docker service scale frontend=10 mynet

13. $ docker service create --mode=global --name prometheus prom/prometheus mynet

14. docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"

15. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp --constraint com.example.storage="ssd" frontend_image:latest docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"

16. $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp --constraint com.example.storage="ssd" frontend_image:latest $ docker service scale frontend=10 docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"

17. Services

18. Services are grouped into stacks

19. Distributed Application Bundle (.dab) declares a stack

20. Swarm mode orchestration is optional ● You don’t have to use it ● 1.12 is fully backwards compatible ● Will not break existing deployments and scripts

21. Routing Mesh • Operator reserves a swarm- wide ingress port (80) for myapp • Every node listens on 80 • Container-aware routing mesh can transparently reroute traffic from Worker3 to a node that is running container • Built in load balancing into the Engine • DNS-based service discovery :80 :80 :80 :80 frontend frontend $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest frontend

22. Routing Mesh: Published Ports • Operator reserves a swarm- wide ingress port (80) for myapp • Every node listens on 80 • Container-aware routing mesh can transparently reroute traffic from Worker3 to a node that is running container • Built in load balancing into the Engine • DNS-based service discovery :80 :80 :80 :80 frontend frontend $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest frontend

23. Security out of the box ● Cryptographic Node Identity ○ Workload segregation (think PCI) ● There is no “insecure mode”: ○ TLS mutual auth ○ TLS encryption ○ Certificate rotation

24. HEALTHCHECK --interval=5m --timeout=3s --retries 3 CMD curl -f http://localhost/ || exit 1 Checks every 5 minutes that web server can return index page within 3 seconds. Three consecutive failures puts container in an unhealthy state. Container Health Check in Dockerfile

25. docker plugin install tiborvass/no-remove docker plugin enable no-remove docker plugin disable no-remove New Plugin Subcommands

26. $ docker plugin install tiborvass/no-remove Plugin "mikegoelzer/myplugin:latest" requested the following privileges: - Networking: host - Mounting host path: /data Do you grant the above permissions? [y/N] Plugin Permissions Model

27. Orchestration Deep Dive Andrea Luzzardi DockerCon 2016

28.

29. Manager Worker

30. Manager Worker ● Each Node has a role ● Roles are dynamic ● Programmable Topology

31.

32. ● Strongly consistent: Holds desired state ● Simple to operate ● Blazing fast (in-memory reads, domain specific indexing, ...) ● Secure

33. ● Eventually consistent: Routing mesh, load balancing rules, ... ● High volume, p2p network between workers ● Secure: Symmetric encryption with key rotation in Raft

34.

35.

36.

37. Secure by default with end to end encryption • Cryptographic node identity • Automatic encryption and mutual auth (TLS) • Automatic cert rotation • External CA integration Certificate Authority TLS Certificate Authority TLS Certificate Authority TLS TLS TLSTLS

38. Learn more about 1.12 Monday 5:20 pm @ Ballroom 6E • Docker Security Deep Dive Tuesday 3:55 pm @ Ballroom 6E • Docker for Ops: Networking Deep Dive, Considerations and Troubleshooting

39. Mike Goelzer mgoelzer@docker.com / @mgoelzer Andrea Luzzardi al@docker.com / @aluzzardi Questions?

40. Thank You Mike Goelzer mgoelzer@docker.com / @mgoelzer Andrea Luzzardi al@docker.com / @aluzzardi

What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi

Similar to What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi (20)

More from Docker, Inc.

More from Docker, Inc. (20)

Recently uploaded

Recently uploaded (20)

What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi