DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine...
-
Upload
vuongxuyen -
Category
Documents
-
view
239 -
download
0
Transcript of DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine...
![Page 1: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/1.jpg)
Docker Engine - Breakout session
Arnaud Porterie, eng. manager
Michael Crosby, chief maintainer
![Page 2: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/2.jpg)
Agenda
• Engine quick facts
• What’s new in Docker Engine 1.7.0
• What’s coming next - Demo!
• Q&A
![Page 3: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/3.jpg)
Engine quick facts
What’s the Docker Engine?
![Page 4: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/4.jpg)
Engine quick facts
• Central piece of the Docker platform - Docker daemon + docker CLI
• Engine by the numbers - 963 contributors
- 71 pull requests on average merged each week
• https://github.com/docker/docker/
![Page 5: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/5.jpg)
What’s new in Engine 1.7.0
A tour of the major new features
![Page 6: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/6.jpg)
Experimental binary
• A new flavor of the Docker engine - Built and distributed nightly
- Bleeding edge features: we want your feedback!
• First experimental features - New networking model
- Network plugins
- Volume plugins
• https://experimental.docker.com
![Page 7: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/7.jpg)
Network stack
• Introducing libnetwork - Whole new API (Container Networking Model)
• A much needed technical effort - Solid ground for better default batteries
- Single extension point for alternative batteries
• https://github.com/docker/libnetwork/
![Page 8: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/8.jpg)
Better network performance
• docker -d --userland-proxy=false - Huge performance improvement for port publishing
• Not the default - Relies on Hairpinning
- Introduced in 2.6.32, still an issue on some distros
![Page 9: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/9.jpg)
And many more!
• ZFS storage driver
• docker build --cpu-quota …
• docker build https://github.com/x/y#branch
• docker exec -u|--user
• …
![Page 10: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/10.jpg)
What’s next
![Page 11: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/11.jpg)
Better tooling
• Community wants choices - Push/pull without Docker (and vice-versa)
- Containers without the daemon
- …
• Objective: spin-out runtime, builder, trust, …
![Page 12: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/12.jpg)
Security
• Trusted image distribution
• User namespaces
• Syscall filtering with seccomp - Already supported by libcontainer
• Engine security profiles - Simple way to express security constraints
- Single file for capabilities, AppArmor, seccomp, …
![Page 13: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/13.jpg)
Networks & volumes management
• Top-level network concept - Already in experimental
• Similar top-level volume concept - Currently in design
$ docker network create --driver d net1$ docker run --publish-service=svc.net1 my_image
$ docker volume create --driver d vol1 $ docker run -v vol1 my_image
![Page 14: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/14.jpg)
Demo time!
![Page 15: DockerCon - Engine breakout session7u2psl.com5.z0.glb.qiniucdn.com/dockercon/Docker Engine Breakout... · Docker Engine - Breakout session Arnaud Porterie, eng. manager Michael Crosby,](https://reader030.fdocuments.in/reader030/viewer/2022021512/5b16dfc47f8b9a686d8e7422/html5/thumbnails/15.jpg)
Thank you
Arnaud Porterie / @icecrime
Michael Crosby / @crosbymichael