DockerCon EU 2015: Day 1 General Session

Welcome to DockerCon!

Ben GolubCEO, Docker Inc.@golubbe

The power of tools

“Give me a lever and a place to stand, and I will move the world!”- Archimedes

The power of tools

“Our mission is to build tools of mass innovation.”- Solomon Hykes

The Power of Tools in the Hands of Makers

The Power of Tools in the Hands of Makers

Cosmology@Home lets you volunteer your spare computer time (like when your screen

saver is on) to help search for the model which best describes our Universe and to find the range of models that agree with available

cosmological and particle physics data.

Theme 1: It’s all about the makers!

What do you make

with Docker?

I build Adidas MENA Ecommerce platform

I DockerizeGenomics

My VPN connection is in a container

I Dockerized my team!

I deploy under custom OS in

mobile

I Dockerize Norwegian banking

Thank you to those who make Docker

Namespaces (IBM)Cgroups (Google)LXC toolsThe Linux KernelGitSELinux (Red Hat)Solaris ZonesBSD Jails+++We know we’re standin

g on your shoulders

Thank you to the giants

Thank you to the amazing global meetup community

215Groups

63Countries

Thank you to the awesome Docker Inc team

Thank you to our amazing sponsors

Partners, Tools and Applications

Dev Tools

Official Repositories

Operating Systems

Big Data

Service Discovery

Build / Continuous Integration

Configuration ManagementConsulting &Training

Management

Storage

Clustering & Scheduling

Networking

Infrastructure & Service Providers

Security

Monitoring & Logging

State of the Project

…and the bazaarThe cathedral…Sagrada Familia

Construction started: 1882

Est. completion date: 2026

La Boqueria Open Air Market

Operating successfully since 1217

"Sagfampassion" by Wjh31 - Own work - http://lifeinmegapixels.com. Licensed under CC BY 3.0 via Commons -https://commons.wikimedia.org/wiki/File:Sagfampassion.jpg#/media/File:Sagfampassion.jpg

"La Boqueria" by Dungodung - Own work. Licensed under Public Domain via Commons -

https://commons.wikimedia.org/wiki/File:La_Boqueria.JPG#/media/File:La_Boqueria.JPG

DockerCon EU 2015:2 Years 8 Months

A Year has passed, and our baby whale has grown!Our little whale is growing up

DockerCon EU 2014:20 Months

Some growth statistics

Dockerizedapplications

Docker related projects on GitHub

Docker Hub pulls per second

Docker Hub pulls per day

More contributors to Docker open source

240K

655.6M

157%60M

Docker Hub pulls since Jan 2015

1.3B

Docker Jobs

0

10000

20000

30000

40000

50000

60000

70000

Jan-14 Jan-15

Perc

enta

ge G

row

thDocker Job Trends

Functionality

What has changed in the project?

DCEU 14

• Docker Engine• Docker Registry

DCEU 15

• Engine• Registry• Swarm• Networking• Toolbox

• Notary• Compose• Machine• More to come

today!

Applications

DCEU 14

• Primarily Stateless

DCEU 15

• Stateless• Stateful• More to come today!

Platforms

DCEU 14

• All major 64 bit Linux Oss

DCEU 15

• All major 64 bit Linux OS• Windows Server (TP4)• 32 bit• More to come today!

Commercial Solutions

DCEU 14

• Support• Hosted Registry

DCEU 15

• Support• Hosted Registry• CS Engines• DTR, Tutum• More to come tomorrow!

Governance

DCEU 14

• Advisory Board

DCEU 15

• Advisory Board• Runtime and format donated

to foundation (OCI), with 30+ members

• More to come today!

Users

DCEU 14

• Primarilytest/dev

• some prod

DCEU 15

• Docker used widely in Production

Open Container Initiative

22

Availble on Github

OCI Roadmap

Github stars

2,223Member companies

35+

Github forks

Docker, Google, RedHat, CoreOS, Huawei, independents

Maintainers

253Contributors

130

Functionality

What has changed in the project?

DCEU 14

• Docker Engine• Docker Registry

DCEU 15

• Engine• Registry• Swarm• Networking• Toolbox

• Notary• Compose• Machine• More to come

today!

Applications

DCEU 14

• Primarily Stateless

DCEU 15

• Stateless• Stateful• More to come today!

Platforms

DCEU 14

• All major 64 bit Linux Oss

DCEU 15

• All major 64 bit Linux OS• Windows Server (TP4)• 32 bit• More to come today!

Commercial Solutions

DCEU 14

• Support• Hosted Registry

DCEU 15

• Support• Hosted Registry• CS Engines• DTR, Tutum• More to come tomorrow!

Governance

DCEU 14

• Advisory Board

DCEU 15

• Advisory Board• Runtime and format donated

to foundation (OCI), with 30+ members

• More to come today!

Users

DCEU 14

• Primarilytest/dev

• some prod

DCEU 15

• Docker used widely in Production

Theme 2: Docker in Production

Real World Usage of Docker

Real Docker adoption is up 5x in one year

Docker users using Swarm & Compose

Users triple the # containers they use within 5 months

Docker users already running in production

5x 85%

3x 40%

Sources: O’Reilly, Coatue, Datadog

Thank You To All Of Our Users! Add 3DS

Docker in Production

Real Community, Robust Ecosystem

Secure & Extensible

Portable

Great for devs and ops

Real users

Solutions and Roadmap

End to end

Security

Orchestration

Networking

Workflows for build, shipping, deploying/managing

Theme 3: End to End Matters

Apps Have Fundamentally Changed

29

Loosely Coupled Services

Many Small Servers

~2000 Today

Monolithic

Big Servers

Slow changing

Rapidly updated

Lessons learned:

123

Developers do not adopt locked down platforms

End to end matters:- Devs care about deployment- Ops cares about provenance

Build management, orchestration, & more in a way that enables portability

30

Docker End to End Solutions

BUILD SHIP RUN

Registry Service

Cloud or Private Infrastructure

Plugins: Network, Volume, Clustering

Management UIDocker Toolbox

31

Thank you!Ben Golub@golubbe

Dockercon day 1General session

Solomon HykesFounder & CTO, Docker

Photo Caption (Drag&drop a new photo onto photo to change)

3

Our mission is to build

tools of mass innovation


Billions of creative people Incredible technology

4


Mass innovation

5


6

What is the biggest innovation multiplier today?


7

PROGRAMMING

What is the biggest innovation multiplier today?

The Internet is pretty cool…

The Internet is pretty cool… and getting lots of upgrades!

Servers, phones, TVs, cars, sensors, drones, homes, watches, maps, payment systems, scientific equipment, virtual worlds, data banks, crypto-currencies...

Could we make the Internet...

PROGRAMMABLE?

App

App

App

App

App

App

App

App

App

AppApp

Eager developer

The Internet

Software walled gardens


App App

App

App

App

App

App

App

App

App

App

We’re building a software layer

to make the Internet programmable


TheDockerStack


Standards


Infrastructure


Dev tools


Solutions


Solutions

Dev tools

Infrastructure

Standards

TheDockerStack

Let’s talk about

QUALITY

Shipping a feature is just 1% of the work.

It should work every time, for every user.

- Security and Reliability matter.- If it’s not usable, it’s worthless.

- Things fail. Handle it gracefully.

Quality means…

Quality is a journey,not a destination.

Either you are focused on quality, or you’re not.

We will alwaysput quality first.

Quality toolsfor developersWhat have we been up to?

Usability

Docker Compose supports all new Swarm/engine features- Magical service discovery - Use a micro-service architecture without rewriting your code - Build persistent services with volume management - All integrated into a seamless developer experience

Many small usability improvements. Details matter!

- Fixing Virtualbox integration issues, one by one. - UI glitches, low priority bugs - Unusual configurations and usage patterns - Better error messages No silver bullet, just lots of unglamorous hard work.

Docker Developer Toolbox now has full Mac/Windows

feature parity.Installer, Quickstart terminal, Compose,

Machine, Kitematic

Security

Usable security

“How to make developers care about security?”

Wrong question.

Unusable security is not security.

“How to give developersusable security?”

Docker Content Trust

Secure and usable content distribution for

developers.

Built on industry-leading research

TUF and Notary enable Survivable Key Compromise,

Proof of Origin, Protection against untrusted transports.

Can we make developerseven more secure?

Hardware crypto supportfor

Docker Content Trust

and

Proudly introduce

Docker Content Trust +

hardware crypto =

Survive almost any key compromise.

What did we just see?

With the right tools, every developer can become an ultra-secure software publisher.

Let’s prove it!

3 easy steps

Quality toolsfor opsWhat have we been up to?

Security,Reliability,

Scale.

Let’s talk about

SECURITY (again)

Isolation of Linux containers: it’s complicated

- pid namespace

- mnt namespace

- net namespace

- uts namespace

- ipc namespace

- user namespace (new)

- pivot_root

- uid/gid drop

- cap drop

- all cgroups

- selinux

- apparmor

- seccomp

Isolation supported by Docker Engine 0.1 in March 2013

- pid namespace

- mnt namespace

- net namespace

- uts namespace

- ipc namespace

user namespace (new)

- pivot_root

- uid/gid drop

cap drop

all cgroups

selinux

apparmor

seccomp

Isolation supported in Swarm/Engine 1.9

- pid namespace

- mnt namespace

- net namespace

- uts namespace

- ipc namespace


- pivot_root

- uid/gid drop

- cap drop

- all cgroups

- selinux

- apparmor

seccomp

Isolation supported in Swarm/Engine experimental

- pid namespace

- mnt namespace

- net namespace

- uts namespace

- ipc namespace


- pivot_root

- uid/gid drop

- cap drop

- all cgroups

- selinux

- apparmor

seccomp

http://docker.com/experimental

Help us test the bleeding edge!



“Am I running vulnerable containers?”

IntroducingProject Nautilus

Built-in container security analysis in Docker Hub

Quietly went live on official repos two months ago,

helped secure 74 millions pulls. self-service coming soon.

Nautilus uses Deep Content Analysis

Nautilus matches all container content against its own vulnerability

database.

It is not limited to the vulnerability database of Linux distributions.

Benefit 1:

Detect vulnerabilities regardless of Linux distribution.

Benefit 2:

We have caught several vulnerabilities in Linux distributions

and collaborated to fix them.

Benefit 3:Face it: developers have their favorite package

manager. Probably not the one shipped with the distro.

But it’s OK! Nautilus will catch vulnerabilities anyway.

“Those who would give up essential Liberty, to purchase a little temporary

Safety, deserve neither Liberty nor Safety” - Benjamin Franklin.

You don’t need to lock yourself into a Linux distribution to secure your

containers.

SWARM 1.0

Ready for production

Swarm 1.0: ready for production

- Connect any containers across your entire cluster - Create secure overlay networks out of the box - Swap in your favorite backend implementation - DNS service discovery supports unmodified applications

Built-in multi-host networking


- New volume management commands and API - Attach any volume to any container, dynamically - Swap in your favorite backend implementation

Built-in persistent storage


“But does it scale?”

- We scaled Swarm to 50k containers and 1k nodes - Had to stop because of EC2 limit - Swarm keeps scheduling without breaking a sweat - Expect bigger numbers soon - Yes, software can be both scalable and usable

What did we just see?

In summary...

Quality tools for developers- Many usability improvements

- Full Mac/Windows feature parity

- Trusted content distribution for developers

- Support for hardware crypto

Quality tools for ops- More isolation features in Swarm/engine

- Swarm 1.0 is ready for production

- Swarm can run persistent services

- Swarm works a very large scale

Happy Hacking!

Thank you!Solomon Hykes@[email protected]

DockerCon EU 2015: Day 1 General Session

Technology

Transcript of DockerCon EU 2015: Day 1 General Session