MG
Uploaded byMike Goelzer
PDF, PPTX20,502 views

What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi

Docker 1.12 introduces several new features for managing containerized applications at scale including Docker Swarm mode for native clustering and orchestration. Key features include services that allow defining and updating distributed applications, a built-in routing mesh for load balancing between nodes, and security improvements like cryptographic node identities and TLS encryption by default. The document also discusses plugins, health checks, and distributed application bundles for declaring stacks of services.

Embed presentation

Download as PDF, PPTX
What’s New in Docker 1.12 Mike Goelzer (Spoiler alert: a lot!)
$ docker swarm init
$ docker swarm init $ docker swarm join <IP of manager>:2377
$ docker swarm init $ docker swarm join <IP of manager>:2377
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest mynet
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
≠ $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
$ docker service scale frontend=6 mynet
$ docker service scale frontend=10 mynet
$ docker service create --mode=global --name prometheus prom/prometheus mynet
docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp --constraint com.example.storage="ssd" frontend_image:latest docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
$ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp --constraint com.example.storage="ssd" frontend_image:latest $ docker service scale frontend=10 docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
Services
Services are grouped into stacks
Distributed Application Bundle (.dab) declares a stack
Swarm mode orchestration is optional ● You don’t have to use it ● 1.12 is fully backwards compatible ● Will not break existing deployments and scripts
Routing Mesh • Operator reserves a swarm- wide ingress port (80) for myapp • Every node listens on 80 • Container-aware routing mesh can transparently reroute traffic from Worker3 to a node that is running container • Built in load balancing into the Engine • DNS-based service discovery :80 :80 :80 :80 frontend frontend $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest frontend
Routing Mesh: Published Ports • Operator reserves a swarm- wide ingress port (80) for myapp • Every node listens on 80 • Container-aware routing mesh can transparently reroute traffic from Worker3 to a node that is running container • Built in load balancing into the Engine • DNS-based service discovery :80 :80 :80 :80 frontend frontend $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest frontend
Security out of the box ● Cryptographic Node Identity ○ Workload segregation (think PCI) ● There is no “insecure mode”: ○ TLS mutual auth ○ TLS encryption ○ Certificate rotation
HEALTHCHECK --interval=5m --timeout=3s --retries 3 CMD curl -f http://localhost/ || exit 1 Checks every 5 minutes that web server can return index page within 3 seconds. Three consecutive failures puts container in an unhealthy state. Container Health Check in Dockerfile
docker plugin install tiborvass/no-remove docker plugin enable no-remove docker plugin disable no-remove New Plugin Subcommands
$ docker plugin install tiborvass/no-remove Plugin "mikegoelzer/myplugin:latest" requested the following privileges: - Networking: host - Mounting host path: /data Do you grant the above permissions? [y/N] Plugin Permissions Model
Orchestration Deep Dive Andrea Luzzardi DockerCon 2016
Manager Worker
Manager Worker ● Each Node has a role ● Roles are dynamic ● Programmable Topology
● Strongly consistent: Holds desired state ● Simple to operate ● Blazing fast (in-memory reads, domain specific indexing, ...) ● Secure
● Eventually consistent: Routing mesh, load balancing rules, ... ● High volume, p2p network between workers ● Secure: Symmetric encryption with key rotation in Raft
Secure by default with end to end encryption • Cryptographic node identity • Automatic encryption and mutual auth (TLS) • Automatic cert rotation • External CA integration Certificate Authority TLS Certificate Authority TLS Certificate Authority TLS TLS TLSTLS
Learn more about 1.12 Monday 5:20 pm @ Ballroom 6E • Docker Security Deep Dive Tuesday 3:55 pm @ Ballroom 6E • Docker for Ops: Networking Deep Dive, Considerations and Troubleshooting
Mike Goelzer mgoelzer@docker.com / @mgoelzer Andrea Luzzardi al@docker.com / @aluzzardi Questions?
Thank You Mike Goelzer mgoelzer@docker.com / @mgoelzer Andrea Luzzardi al@docker.com / @aluzzardi

More Related Content

PPTX
Docker Security workshop slides
byDocker, Inc.
 
PDF
Docker for Ops - Scott Coulton, Puppet
byDocker, Inc.
 
PPTX
Docker Networking : 0 to 60mph slides
byDocker, Inc.
 
PDF
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
byDocker, Inc.
 
PPTX
Docker Meetup 08 03-2016
byDocker
 
PDF
Docker for Developers - Part 1 by David Gageot
byDocker, Inc.
 
PDF
Getting Deep on Orchestration: APIs, Actors, and Abstractions in a Distribute...
byDocker, Inc.
 
PPTX
Dockerizing Windows Server Applications by Ender Barillas and Taylor Brown
byDocker, Inc.
 
Docker Security workshop slides
byDocker, Inc.
 
Docker for Ops - Scott Coulton, Puppet
byDocker, Inc.
 
Docker Networking : 0 to 60mph slides
byDocker, Inc.
 
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
byDocker, Inc.
 
Docker Meetup 08 03-2016
byDocker
 
Docker for Developers - Part 1 by David Gageot
byDocker, Inc.
 
Getting Deep on Orchestration: APIs, Actors, and Abstractions in a Distribute...
byDocker, Inc.
 
Dockerizing Windows Server Applications by Ender Barillas and Taylor Brown
byDocker, Inc.
 

What's hot

PPTX
Enabling Production Grade Containerized Applications through Policy Based Inf...
byDocker, Inc.
 
PDF
Container orchestration from theory to practice
byDocker, Inc.
 
PPTX
DockerCon EU 2015: Stop Being Lazy and Test Your Software!
byDocker, Inc.
 
PDF
Docker Security Deep Dive by Ying Li and David Lawrence
byDocker, Inc.
 
PDF
Docker for Developers - Part 2 by Borja Burgos and Fernando Mayo
byDocker, Inc.
 
PDF
Docker for Devs - John Zaccone, IBM
byDocker, Inc.
 
PDF
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
byDocker, Inc.
 
PDF
DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...
byDocker, Inc.
 
PDF
Docker Online Meetup: Infrakit update and Q&A
byDocker, Inc.
 
PDF
Online Meetup: Why should container system / platform builders care about con...
byDocker, Inc.
 
PPTX
Docker SF Meetup January 2016
byPatrick Chanezon
 
PDF
Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
byDocker, Inc.
 
PDF
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
byDocker, Inc.
 
PPTX
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
byDocker, Inc.
 
PPTX
Programming the world with Docker
byPatrick Chanezon
 
PDF
Orchestrating Linux Containers while tolerating failures
byDocker, Inc.
 
PPTX
Docker Roadshow 2016
byDocker, Inc.
 
PDF
DockerCon EU 2015: The Latest in Docker Engine
byDocker, Inc.
 
PDF
DockerCon EU 2015: Trading Bitcoin with Docker
byDocker, Inc.
 
PDF
Docker Multi-arch All The Things
byDocker, Inc.
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
byDocker, Inc.
 
Container orchestration from theory to practice
byDocker, Inc.
 
DockerCon EU 2015: Stop Being Lazy and Test Your Software!
byDocker, Inc.
 
Docker Security Deep Dive by Ying Li and David Lawrence
byDocker, Inc.
 
Docker for Developers - Part 2 by Borja Burgos and Fernando Mayo
byDocker, Inc.
 
Docker for Devs - John Zaccone, IBM
byDocker, Inc.
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
byDocker, Inc.
 
DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...
byDocker, Inc.
 
Docker Online Meetup: Infrakit update and Q&A
byDocker, Inc.
 
Online Meetup: Why should container system / platform builders care about con...
byDocker, Inc.
 
Docker SF Meetup January 2016
byPatrick Chanezon
 
Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
byDocker, Inc.
 
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
byDocker, Inc.
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
byDocker, Inc.
 
Programming the world with Docker
byPatrick Chanezon
 
Orchestrating Linux Containers while tolerating failures
byDocker, Inc.
 
Docker Roadshow 2016
byDocker, Inc.
 
DockerCon EU 2015: The Latest in Docker Engine
byDocker, Inc.
 
DockerCon EU 2015: Trading Bitcoin with Docker
byDocker, Inc.
 
Docker Multi-arch All The Things
byDocker, Inc.
 

Viewers also liked

PPTX
Thinking Inside the Container: A Continuous Delivery Story by Maxfield Stewart
byDocker, Inc.
 
PDF
Containerd: Building a Container Supervisor by Michael Crosby
byDocker, Inc.
 
PDF
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
byDocker, Inc.
 
PDF
runC: The little engine that could (run Docker containers) by Docker Captain ...
byDocker, Inc.
 
PDF
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
byDocker, Inc.
 
PDF
Docker for Ops: Extending Docker with APIs, Drivers and Plugins by Arnaud Por...
byDocker, Inc.
 
PDF
Docker, Docker Swarm mangement tool - Gorae
byRhio kim
 
PDF
Docker swarm
byAlberto Guimarães Viana
 
PDF
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
byGiovanni Toraldo
 
PDF
Docker swarm introduction
byEvan Lin
 
PPTX
Load Balancing Apps in Docker Swarm with NGINX
byNGINX, Inc.
 
PDF
Docker Swarm 0.2.0
byDocker, Inc.
 
PPTX
Docker introduction
bydotCloud
 
PDF
Docker 1.12 - Swarm Mode
byRafael Gomes
 
PPTX
Introduction to docker swarm
byWalid Ashraf
 
PPT
An Introduction to Container Organization with Docker Swarm, Kubernetes, Meso...
byNeo4j
 
PPTX
Docker Swarm Introduction
byrajdeep
 
PDF
Docker Online Meetup #28: Production-Ready Docker Swarm
byDocker, Inc.
 
PPTX
DockerCon 16 General Session Day 1
byDocker, Inc.
 
PPTX
DockerCon 16 General Session Day 2
byDocker, Inc.
 
Thinking Inside the Container: A Continuous Delivery Story by Maxfield Stewart
byDocker, Inc.
 
Containerd: Building a Container Supervisor by Michael Crosby
byDocker, Inc.
 
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
byDocker, Inc.
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
byDocker, Inc.
 
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
byDocker, Inc.
 
Docker for Ops: Extending Docker with APIs, Drivers and Plugins by Arnaud Por...
byDocker, Inc.
 
Docker, Docker Swarm mangement tool - Gorae
byRhio kim
 
Docker swarm
byAlberto Guimarães Viana
 
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
byGiovanni Toraldo
 
Docker swarm introduction
byEvan Lin
 
Load Balancing Apps in Docker Swarm with NGINX
byNGINX, Inc.
 
Docker Swarm 0.2.0
byDocker, Inc.
 
Docker introduction
bydotCloud
 
Docker 1.12 - Swarm Mode
byRafael Gomes
 
Introduction to docker swarm
byWalid Ashraf
 
An Introduction to Container Organization with Docker Swarm, Kubernetes, Meso...
byNeo4j
 
Docker Swarm Introduction
byrajdeep
 
Docker Online Meetup #28: Production-Ready Docker Swarm
byDocker, Inc.
 
DockerCon 16 General Session Day 1
byDocker, Inc.
 
DockerCon 16 General Session Day 2
byDocker, Inc.
 

Similar to What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi

PDF
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
byDocker, Inc.
 
PPTX
Nats meetup oct 2016 docker 112
byNirmal Mehta
 
PDF
New Docker Features for Orchestration and Containers
byJeff Anderson
 
PDF
Docker HK Meetup - 201707
byClarence Ho
 
PDF
Docker 1.12 and SwarmKit
byGianluca Arbezzano
 
PDF
Docker Essentials Workshop— Innovation Labs July 2020
byCloudHero
 
PDF
Deep Dive into Docker Swarm Mode
byAjeet Singh Raina
 
PDF
Alibaba Cloud Conference 2016 - Docker Enterprise
byJohn Willis
 
PDF
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
byDocker, Inc.
 
ODP
Docker and stuff
byRaimondas Rimkevičius
 
PPTX
Docker Swarm for Beginner
byShahzad Masud
 
PPTX
Codemotion Rome 2018 Docker Swarm Mode
bySimone Soldateschi
 
PDF
11thDockerMeetupSwitzerland
byMichael Mueller
 
PDF
JDO 2019: Container orchestration with Docker Swarm - Jakub Hajek
byPROIDEA
 
PDF
Docker orchestration voxxed days berlin 2016
byGrzegorz Duda
 
PDF
Docker-v3.pdf
byBruno Cornec
 
PPTX
Container Orchestration with Docker Swarm
byFrederik Mogensen
 
PPTX
So Many Docker Platforms...so little time
byMichele Leroux Bustamante
 
PDF
Introduction to Docker and Monitoring with InfluxData
byInfluxData
 
PDF
Docker 1.12 and swarm mode
byWesley Charles Blake
 
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
byDocker, Inc.
 
Nats meetup oct 2016 docker 112
byNirmal Mehta
 
New Docker Features for Orchestration and Containers
byJeff Anderson
 
Docker HK Meetup - 201707
byClarence Ho
 
Docker 1.12 and SwarmKit
byGianluca Arbezzano
 
Docker Essentials Workshop— Innovation Labs July 2020
byCloudHero
 
Deep Dive into Docker Swarm Mode
byAjeet Singh Raina
 
Alibaba Cloud Conference 2016 - Docker Enterprise
byJohn Willis
 
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
byDocker, Inc.
 
Docker and stuff
byRaimondas Rimkevičius
 
Docker Swarm for Beginner
byShahzad Masud
 
Codemotion Rome 2018 Docker Swarm Mode
bySimone Soldateschi
 
11thDockerMeetupSwitzerland
byMichael Mueller
 
JDO 2019: Container orchestration with Docker Swarm - Jakub Hajek
byPROIDEA
 
Docker orchestration voxxed days berlin 2016
byGrzegorz Duda
 
Docker-v3.pdf
byBruno Cornec
 
Container Orchestration with Docker Swarm
byFrederik Mogensen
 
So Many Docker Platforms...so little time
byMichele Leroux Bustamante
 
Introduction to Docker and Monitoring with InfluxData
byInfluxData
 
Docker 1.12 and swarm mode
byWesley Charles Blake
 

Recently uploaded

PDF
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
PDF
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
PDF
Data structure using C :UNIT-I Introduction to Data structures and Stacks BCA...
byKuvempu University
 
PDF
KoderXpert – Odoo, Web & AI Solutions for Growing Businesses
byDhvanil Trivedi
 
PPTX
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
PDF
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
PDF
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
PPTX
Why Your Business Needs Snowflake Consulting_ From Data Silos to AI-Ready Cloud
byChetu
 
PPTX
AI Agent Overview - Why we need AI Agent
byAlokGope
 
PDF
What Is A Woman (WIAW) Token – Smart Contract Security Audit Report by EtherA...
byEtherAuthority
 
PDF
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
PDF
Here’s the case study that shows how companies lose ₹2–6 Cr annually due to m...
bysiddhantdazzlo
 
PDF
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
PDF
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
PDF
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
PDF
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
PDF
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
PPTX
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
PDF
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
PPTX
Week 7 Introduction to HTML PowerPoint Notes.pptx
bylesandawelgens
 
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
Data structure using C :UNIT-I Introduction to Data structures and Stacks BCA...
byKuvempu University
 
KoderXpert – Odoo, Web & AI Solutions for Growing Businesses
byDhvanil Trivedi
 
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
Why Your Business Needs Snowflake Consulting_ From Data Silos to AI-Ready Cloud
byChetu
 
AI Agent Overview - Why we need AI Agent
byAlokGope
 
What Is A Woman (WIAW) Token – Smart Contract Security Audit Report by EtherA...
byEtherAuthority
 
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
Here’s the case study that shows how companies lose ₹2–6 Cr annually due to m...
bysiddhantdazzlo
 
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
Week 7 Introduction to HTML PowerPoint Notes.pptx
bylesandawelgens
 

What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi

  • 1.
    What’s New inDocker 1.12 Mike Goelzer (Spoiler alert: a lot!)
  • 2.
  • 3.
    $ docker swarminit $ docker swarm join <IP of manager>:2377
  • 4.
    $ docker swarminit $ docker swarm join <IP of manager>:2377
  • 5.
    $ docker servicecreate --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest mynet
  • 6.
    $ docker servicecreate --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
  • 7.
    $ docker servicecreate --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
  • 8.
    $ docker servicecreate --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
  • 9.
    ≠ $ docker servicecreate --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
  • 10.
    $ docker servicecreate --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest mynet
  • 11.
    $ docker servicescale frontend=6 mynet
  • 12.
    $ docker servicescale frontend=10 mynet
  • 13.
    $ docker servicecreate --mode=global --name prometheus prom/prometheus mynet
  • 14.
    docker daemon --label com.example.storage="ssd" dockerdaemon --label com.example.storage="ssd"
  • 15.
    $ docker servicecreate --replicas 3 --name frontend --network mynet --publish 80:80/tcp --constraint com.example.storage="ssd" frontend_image:latest docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
  • 16.
    $ docker servicecreate --replicas 3 --name frontend --network mynet --publish 80:80/tcp --constraint com.example.storage="ssd" frontend_image:latest $ docker service scale frontend=10 docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"
  • 17.
  • 18.
  • 19.
    Distributed Application Bundle(.dab) declares a stack
  • 20.
    Swarm mode orchestrationis optional ● You don’t have to use it ● 1.12 is fully backwards compatible ● Will not break existing deployments and scripts
  • 21.
    Routing Mesh • Operatorreserves a swarm- wide ingress port (80) for myapp • Every node listens on 80 • Container-aware routing mesh can transparently reroute traffic from Worker3 to a node that is running container • Built in load balancing into the Engine • DNS-based service discovery :80 :80 :80 :80 frontend frontend $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest frontend
  • 22.
    Routing Mesh: PublishedPorts • Operator reserves a swarm- wide ingress port (80) for myapp • Every node listens on 80 • Container-aware routing mesh can transparently reroute traffic from Worker3 to a node that is running container • Built in load balancing into the Engine • DNS-based service discovery :80 :80 :80 :80 frontend frontend $ docker service create --replicas 3 --name frontend --network mynet --publish 80:80/tcp frontend_image:latest frontend
  • 23.
    Security out ofthe box ● Cryptographic Node Identity ○ Workload segregation (think PCI) ● There is no “insecure mode”: ○ TLS mutual auth ○ TLS encryption ○ Certificate rotation
  • 24.
    HEALTHCHECK --interval=5m --timeout=3s --retries3 CMD curl -f http://localhost/ || exit 1 Checks every 5 minutes that web server can return index page within 3 seconds. Three consecutive failures puts container in an unhealthy state. Container Health Check in Dockerfile
  • 25.
    docker plugin installtiborvass/no-remove docker plugin enable no-remove docker plugin disable no-remove New Plugin Subcommands
  • 26.
    $ docker plugininstall tiborvass/no-remove Plugin "mikegoelzer/myplugin:latest" requested the following privileges: - Networking: host - Mounting host path: /data Do you grant the above permissions? [y/N] Plugin Permissions Model
  • 27.
    Orchestration Deep Dive AndreaLuzzardi DockerCon 2016
  • 29.
  • 30.
    Manager Worker ● Each Nodehas a role ● Roles are dynamic ● Programmable Topology
  • 32.
    ● Strongly consistent:Holds desired state ● Simple to operate ● Blazing fast (in-memory reads, domain specific indexing, ...) ● Secure
  • 33.
    ● Eventually consistent:Routing mesh, load balancing rules, ... ● High volume, p2p network between workers ● Secure: Symmetric encryption with key rotation in Raft
  • 37.
    Secure by defaultwith end to end encryption • Cryptographic node identity • Automatic encryption and mutual auth (TLS) • Automatic cert rotation • External CA integration Certificate Authority TLS Certificate Authority TLS Certificate Authority TLS TLS TLSTLS
  • 38.
    Learn more about1.12 Monday 5:20 pm @ Ballroom 6E • Docker Security Deep Dive Tuesday 3:55 pm @ Ballroom 6E • Docker for Ops: Networking Deep Dive, Considerations and Troubleshooting
  • 39.
    Mike Goelzer [email protected] /@mgoelzer Andrea Luzzardi [email protected] / @aluzzardi Questions?
  • 40.
    Thank You Mike Goelzer [email protected]/ @mgoelzer Andrea Luzzardi [email protected] / @aluzzardi