DockerCon EU 2015: Day 1 General Session
-
Upload
docker-inc -
Category
Technology
-
view
4.503 -
download
3
Transcript of DockerCon EU 2015: Day 1 General Session
Welcome to DockerCon!
Ben GolubCEO, Docker Inc.@golubbe
The power of tools
“Give me a lever and a place to stand, and I will move the world!”- Archimedes
The power of tools
“Our mission is to build tools of mass innovation.”- Solomon Hykes
The Power of Tools in the Hands of Makers
The Power of Tools in the Hands of Makers
Cosmology@Home lets you volunteer your spare computer time (like when your screen
saver is on) to help search for the model which best describes our Universe and to find the range of models that agree with available
cosmological and particle physics data.
Theme 1: It’s all about the makers!
What do you make
with Docker?
I build Adidas MENA Ecommerce platform
I DockerizeGenomics
My VPN connection is in a container
I Dockerized my team!
I deploy under custom OS in
mobile
I Dockerize Norwegian banking
Thank you to those who make Docker
Namespaces (IBM)Cgroups (Google)LXC toolsThe Linux KernelGitSELinux (Red Hat)Solaris ZonesBSD Jails+++We know we’re standin
g on your shoulders
Thank you to the giants
Thank you to the amazing global meetup community
215Groups
63Countries
Thank you to the awesome Docker Inc team
Thank you to our amazing sponsors
Partners, Tools and Applications
Dev Tools
Official Repositories
Operating Systems
Big Data
Service Discovery
Build / Continuous Integration
Configuration ManagementConsulting &Training
Management
Storage
Clustering & Scheduling
Networking
Infrastructure & Service Providers
Security
Monitoring & Logging
State of the Project
…and the bazaarThe cathedral…Sagrada Familia
Construction started: 1882
Est. completion date: 2026
La Boqueria Open Air Market
Operating successfully since 1217
"Sagfampassion" by Wjh31 - Own work - http://lifeinmegapixels.com. Licensed under CC BY 3.0 via Commons -https://commons.wikimedia.org/wiki/File:Sagfampassion.jpg#/media/File:Sagfampassion.jpg
"La Boqueria" by Dungodung - Own work. Licensed under Public Domain via Commons -
https://commons.wikimedia.org/wiki/File:La_Boqueria.JPG#/media/File:La_Boqueria.JPG
DockerCon EU 2015:2 Years 8 Months
A Year has passed, and our baby whale has grown!Our little whale is growing up
DockerCon EU 2014:20 Months
Some growth statistics
Dockerizedapplications
Docker related projects on GitHub
Docker Hub pulls per second
Docker Hub pulls per day
More contributors to Docker open source
240K
655.6M
157%60M
Docker Hub pulls since Jan 2015
1.3B
Docker Jobs
0
10000
20000
30000
40000
50000
60000
70000
Jan-14 Jan-15
Perc
enta
ge G
row
thDocker Job Trends
Functionality
What has changed in the project?
DCEU 14
• Docker Engine• Docker Registry
DCEU 15
• Engine• Registry• Swarm• Networking• Toolbox
• Notary• Compose• Machine• More to come
today!
Applications
DCEU 14
• Primarily Stateless
DCEU 15
• Stateless• Stateful• More to come today!
Platforms
DCEU 14
• All major 64 bit Linux Oss
DCEU 15
• All major 64 bit Linux OS• Windows Server (TP4)• 32 bit• More to come today!
Commercial Solutions
DCEU 14
• Support• Hosted Registry
DCEU 15
• Support• Hosted Registry• CS Engines• DTR, Tutum• More to come tomorrow!
Governance
DCEU 14
• Advisory Board
DCEU 15
• Advisory Board• Runtime and format donated
to foundation (OCI), with 30+ members
• More to come today!
Users
DCEU 14
• Primarilytest/dev
• some prod
DCEU 15
• Docker used widely in Production
Open Container Initiative
22
Availble on Github
OCI Roadmap
Github stars
2,223Member companies
35+
Github forks
Docker, Google, RedHat, CoreOS, Huawei, independents
Maintainers
253Contributors
130
Functionality
What has changed in the project?
DCEU 14
• Docker Engine• Docker Registry
DCEU 15
• Engine• Registry• Swarm• Networking• Toolbox
• Notary• Compose• Machine• More to come
today!
Applications
DCEU 14
• Primarily Stateless
DCEU 15
• Stateless• Stateful• More to come today!
Platforms
DCEU 14
• All major 64 bit Linux Oss
DCEU 15
• All major 64 bit Linux OS• Windows Server (TP4)• 32 bit• More to come today!
Commercial Solutions
DCEU 14
• Support• Hosted Registry
DCEU 15
• Support• Hosted Registry• CS Engines• DTR, Tutum• More to come tomorrow!
Governance
DCEU 14
• Advisory Board
DCEU 15
• Advisory Board• Runtime and format donated
to foundation (OCI), with 30+ members
• More to come today!
Users
DCEU 14
• Primarilytest/dev
• some prod
DCEU 15
• Docker used widely in Production
Theme 2: Docker in Production
Real World Usage of Docker
Real Docker adoption is up 5x in one year
Docker users using Swarm & Compose
Users triple the # containers they use within 5 months
Docker users already running in production
5x 85%
3x 40%
Sources: O’Reilly, Coatue, Datadog
Thank You To All Of Our Users! Add 3DS
Docker in Production
Real Community, Robust Ecosystem
Secure & Extensible
Portable
Great for devs and ops
Real users
Solutions and Roadmap
End to end
Security
Orchestration
Networking
Workflows for build, shipping, deploying/managing
Theme 3: End to End Matters
Apps Have Fundamentally Changed
29
Loosely Coupled Services
Many Small Servers
~2000 Today
Monolithic
Big Servers
Slow changing
Rapidly updated
Lessons learned:
123
Developers do not adopt locked down platforms
End to end matters:- Devs care about deployment- Ops cares about provenance
Build management, orchestration, & more in a way that enables portability
30
Docker End to End Solutions
BUILD SHIP RUN
Registry Service
Cloud or Private Infrastructure
Plugins: Network, Volume, Clustering
Management UIDocker Toolbox
31
Thank you!Ben Golub@golubbe
Dockercon day 1General session
Solomon HykesFounder & CTO, Docker
Photo Caption (Drag&drop a new photo onto photo to change)
3
Our mission is to build
tools of mass innovation
Photo Caption (Drag&drop a new photo onto photo to change)
Billions of creative people Incredible technology
4
Photo Caption (Drag&drop a new photo onto photo to change)
Mass innovation
5
Photo Caption (Drag&drop a new photo onto photo to change)
6
What is the biggest innovation multiplier today?
Photo Caption (Drag&drop a new photo onto photo to change)
7
PROGRAMMING
What is the biggest innovation multiplier today?
The Internet is pretty cool…
The Internet is pretty cool… and getting lots of upgrades!
Servers, phones, TVs, cars, sensors, drones, homes, watches, maps, payment systems, scientific equipment, virtual worlds, data banks, crypto-currencies...
Could we make the Internet...
PROGRAMMABLE?
App
App
App
App
App
App
App
App
App
AppApp
Eager developer
The Internet
Software walled gardens
Photo Caption (Drag&drop a new photo onto photo to change)
App App
App
App
App
App
App
App
App
App
App
We’re building a software layer
to make the Internet programmable
Photo Caption (Drag&drop a new photo onto photo to change)
TheDockerStack
Photo Caption (Drag&drop a new photo onto photo to change)
Standards
Photo Caption (Drag&drop a new photo onto photo to change)
Infrastructure
Photo Caption (Drag&drop a new photo onto photo to change)
Dev tools
Photo Caption (Drag&drop a new photo onto photo to change)
Solutions
Photo Caption (Drag&drop a new photo onto photo to change)
Solutions
Dev tools
Infrastructure
Standards
TheDockerStack
Let’s talk about
QUALITY
Shipping a feature is just 1% of the work.
It should work every time, for every user.
- Security and Reliability matter.- If it’s not usable, it’s worthless.
- Things fail. Handle it gracefully.
Quality means…
Quality is a journey,not a destination.
Either you are focused on quality, or you’re not.
We will alwaysput quality first.
Quality toolsfor developersWhat have we been up to?
Usability
Docker Compose supports all new Swarm/engine features- Magical service discovery - Use a micro-service architecture without rewriting your code - Build persistent services with volume management - All integrated into a seamless developer experience
Many small usability improvements. Details matter!
- Fixing Virtualbox integration issues, one by one. - UI glitches, low priority bugs - Unusual configurations and usage patterns - Better error messages No silver bullet, just lots of unglamorous hard work.
Docker Developer Toolbox now has full Mac/Windows
feature parity.Installer, Quickstart terminal, Compose,
Machine, Kitematic
Security
Usable security
“How to make developers care about security?”
Wrong question.
Unusable security is not security.
“How to give developersusable security?”
Docker Content Trust
Secure and usable content distribution for
developers.
Built on industry-leading research
TUF and Notary enable Survivable Key Compromise,
Proof of Origin, Protection against untrusted transports.
Can we make developerseven more secure?
Hardware crypto supportfor
Docker Content Trust
and
Proudly introduce
Docker Content Trust +
hardware crypto =
Survive almost any key compromise.
What did we just see?
What did we just see?
What did we just see?
With the right tools, every developer can become an ultra-secure software publisher.
Let’s prove it!
3 easy steps
Quality toolsfor opsWhat have we been up to?
Security,Reliability,
Scale.
Let’s talk about
SECURITY (again)
Isolation of Linux containers: it’s complicated
- pid namespace
- mnt namespace
- net namespace
- uts namespace
- ipc namespace
- user namespace (new)
- pivot_root
- uid/gid drop
- cap drop
- all cgroups
- selinux
- apparmor
- seccomp
Isolation supported by Docker Engine 0.1 in March 2013
- pid namespace
- mnt namespace
- net namespace
- uts namespace
- ipc namespace
user namespace (new)
- pivot_root
- uid/gid drop
cap drop
all cgroups
selinux
apparmor
seccomp
Isolation supported in Swarm/Engine 1.9
- pid namespace
- mnt namespace
- net namespace
- uts namespace
- ipc namespace
user namespace (new)
- pivot_root
- uid/gid drop
- cap drop
- all cgroups
- selinux
- apparmor
seccomp
Isolation supported in Swarm/Engine experimental
- pid namespace
- mnt namespace
- net namespace
- uts namespace
- ipc namespace
user namespace (new)
- pivot_root
- uid/gid drop
- cap drop
- all cgroups
- selinux
- apparmor
seccomp
http://docker.com/experimental
Help us test the bleeding edge!
“Am I running vulnerable containers?”
IntroducingProject Nautilus
Built-in container security analysis in Docker Hub
Quietly went live on official repos two months ago,
helped secure 74 millions pulls. self-service coming soon.
Nautilus uses Deep Content Analysis
Nautilus matches all container content against its own vulnerability
database.
It is not limited to the vulnerability database of Linux distributions.
Benefit 1:
Detect vulnerabilities regardless of Linux distribution.
Benefit 2:
We have caught several vulnerabilities in Linux distributions
and collaborated to fix them.
Benefit 3:Face it: developers have their favorite package
manager. Probably not the one shipped with the distro.
But it’s OK! Nautilus will catch vulnerabilities anyway.
“Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety” - Benjamin Franklin.
You don’t need to lock yourself into a Linux distribution to secure your
containers.
SWARM 1.0
Ready for production
Swarm 1.0: ready for production
- Connect any containers across your entire cluster - Create secure overlay networks out of the box - Swap in your favorite backend implementation - DNS service discovery supports unmodified applications
Built-in multi-host networking
Swarm 1.0: ready for production
- New volume management commands and API - Attach any volume to any container, dynamically - Swap in your favorite backend implementation
Built-in persistent storage
Swarm 1.0: ready for production
“But does it scale?”
- We scaled Swarm to 50k containers and 1k nodes - Had to stop because of EC2 limit - Swarm keeps scheduling without breaking a sweat - Expect bigger numbers soon - Yes, software can be both scalable and usable
What did we just see?
In summary...
Quality tools for developers- Many usability improvements
- Full Mac/Windows feature parity
- Trusted content distribution for developers
- Support for hardware crypto
Quality tools for ops- More isolation features in Swarm/engine
- Swarm 1.0 is ready for production
- Swarm can run persistent services
- Swarm works a very large scale
Happy Hacking!
Thank you!Solomon Hykes@[email protected]