July 1, 2015 | Written by: Daniel Berg
Share this post:
DockerCon 2015 was June 22 – 23 in San Francisco with roughly 2000 attendees. Last year at this time people were interested in Docker and trying to figure out this new technology to see if it was more than just hype. This year I observed that attendees were still discovering features of Docker but now there were many more examples were developers were using Docker in production deployments. It is quite impressive to see how far Docker has come in just one year. I heard a statistic during the conference that I found to be quite amazing: 97% of companies (maybe US?) will have some investment in Docker before the end of 2015.
Even if this statistic is only a fraction of the truth, we are still talking about a large number of companies that are investing in what is still a relatively young technology. DockerCon 2015 continued on the aggressive pace set in 2014 with key announcements and themes for the future.
Note: You can find most of the conference slides on slideshare.
Day 1 Keynote
Click here for the keynote slides.
Day 1 started with the keynote led by founder and CTO Solomon Hykes. Solomon stressed key focus areas for Docker in 2015 such as making Docker work everywhere and multi-container deployments used in production. He stressed the importance of extensibility and plug-ability as well as the need for solutions:
- Network & Storage
- Workflows for developing, shipping, and deploying/managing
Solomon made correlations to the early days of the internet and how it is one of the biggest technology achievements ever. Over the next five years he intends to use Docker to make the internet programmable. Solomon outlined three goals for Docker (actually there were four goals but the last one did not interest me 🙂 ).
Goal 1: Reinvent the developer toolbox
Incrementally provide developers the tools necessary to build, deploy, and manage distributed applications. He indicated that they have already started on this incremental revolution to solve developer problems.
- Runtime — Docker Engine
- Packaging & Distribution — Docker Registry
- Machine Management — Docker Machine
- Clustering — Docker Swarm
Then there are new problems that Docker is solving:
- Networking via Docker Network
- Much of this is coming as part of the SocketPlane acquisition. As part of the announcement they included support for multi-host networking as well as micro-segmentation support and standardized service discovery based on DNS.
There were two demos shown with Compose and Machine but both demos had problems but I could get a sense of the direction and value that was provided.
A big part of the new developer toolbox with Docker is support for Docker Plugins of which there are four new plugins:
- Service Discovery
These plugins will be very important for vendors to seamlessly integrate with the Docker platform.
Goal 2: Build better plumbing
The main point here is that Docker plans to make infrastructure plumbing available as separate tools from the Docker platform itself. They are starting with two key projects.
- Notary — Provides a trusted publishing system for any content.
Notary will be used within Docker to certify the proof of origin of Docker images. A new CLI will provide support for signing and key generation. They showed in one slide that images will be scanned for vulnerabilities as well. We need to understand how this fits with the Alchemy Vulnerability Advisor service.
- runC — Is a low level container engine that doesn’t have any Docker overhead. It appears that new features will be developed and validated in runC prior to being brought into Docker. The big thing that was included with runC was support for live migration.
Goal 3: Promote open standards
Two key open source projects:
- Open Container Project — part of the Linux foundation and has many large members including IBM, Microsoft, Google, HP, Intel, RedHat, and Google to name a few. Pretty impressive list for just starting.
- runC — as mentioned above.
Day 2 Keynote
Click here for the keynote slides.
The focus on Day 2 was on the advancements of Docker Hub led by Marianna Tessel. The focus was on Registry V2 which claims to have much faster pull as well as push speeds. Security is another focus area for registry V2.
- Scanning and audit controls
- Authentication microservice
- Content-addressable images
- One-time use build hosts
There is also a new look and feel to the Beta Docker Hub site.
Docker Trusted Registry
They announced the new Docker Trusted Registry (renamed from Docker Hub Enterprise) which has the following features:
- On-premises delivery
- LDAP/Activity Directory
- Role-based access
- Audit and events logging
- Easy deploy, upgrade, and rollback
They made a big deal about the enterprise partnerships with IBM, Microsoft, and AWS with IBM being the first.
Their first customer using the Docker Trusted Registry is the US Government Services Agency. That’s right the US government is a Docker customer. That made a buzz in the room. Docker is not just for startups any longer.
The Docker team has been focused on build, ship, and deploy. Project Orca (announced at the conference) is focused on everything that is needed to “Run” containers.
As you can see Orca has Compose, Swarm, and Engines which integrate with cloud providers. Orca also has a preliminary dashboard which was demoed on stage. My guess is that there was a fair bit of smoke and mirrors but the UX did look good. The UI seems to be a basic view on top of the various CLIs. Similar to the Docker Simple UI but for the cloud.
Note, Orca is in the very early days and Docker is looking for help.
Formula for Success with Docker
I went to many sessions describing use cases and experiences and it seems that there was a common theme for the formula of success to deploy and manage applications with Docker containers. The use cases included Disney, GSA, and Orbitz to name a few:
- CHEF (Puppet, Salt, etc) for setting up machines within a Swarm cluster. It is generally agreed that Docker Machine is immature and not quite ready for prime time.
- Jenkins for continuous integration and delivery pipelines.
- HAProxy for the edge tier routing. GSA used Interlock Proxy which is a new project that extends HA Proxy with automatic configuration rules based on lifecycle events from Docker Swarm.
- Mesos for cluster scheduling. It seems Mesos has gained in popularity over Kubernetes.
- Consul for service discovery. By far the most popular service discovery option discussed at the conference. Consul also has built-in DNS support making it more popular as well.
- Marathon for advanced upgrade/deployment support of containers on Mesos. While not all used Marathon it is worth noting given how the ones that did use it simply loved it. Disney and Orbitz were both strong advocate.
- Elasticsearch/Logstach for logging
Other notable tools.
- Keywhiz is a new project from Square for managing certificates and injecting them into containers.
- Interlock Proxy
- Docker Bench used for security testing of Docker containers. It is recommended that companies publish their company profiles to be used by the Docker Bench.
Other DockerCon Reports