If you feel overwhelmed by the breakdown of technologies Docker is built on, here is a cheat list to ease the pain 🙂
Just take a look at the new structure of the Docker platform. Many of its components are now offered as generalized components any one can use to build a new container framework and yet are used to build any new release of Docker open source free tools, as well as enterprise paid products.
This new structure is part of the OCI – Open Container Initiative driven projects.
Users of Docker tools should not experience any change in their work flows, yet system builders now have common stardard hooks they can use to stack their solutions into Docker and other container based frameworks.
- Moby is a standard framework for system builders to create customized containers based on Docker or other engines. Moby container images are called Assemblies and they usually contain a specific set of components such Infrakit, Linuxkit, Containerd, JDK, Java App.
- InfraKit is a toolkit for creating and managing self-healing infrastructure. InfraKit is designed to support setup and management of base infrastructure. For example, it can help you manage a system like a cluster or container orchestrator
- LinuxKit, a toolkit for building custom minimal, immutable Linux distributions. Linuxkit is a hardened minimized Linux image as the basis for building container images – based on minimized read-only Alpine Linux that is cryptographically verified and used for the initialization of a container. Linuxkit include a timer counter that triggers the refresh of your container image so you always run the latest most secure baseline and also reverse any changes an attacker may have caused to your container
- Containerd is the open source generalized replacement for dockerd daemon. It takes care of image retrieval, network name spaces, launching runC. Containerd includes a daemon exposing gRPC API over a local UNIX socket – much more robust that the REST API previous versions of Dockerd daemon was using.
- RunC is a CLI that activates the actual container engine required for our image: Docker, Rkt or others
- Notary is the mechanism that signs an verifies cryptographically the images in its registry.
- SwarmKit is a toolkit for orchestrating distributed systems at any scale. It includes primitives for node discovery, raft-based consensus, task scheduling and more. Swarmkit takes care of cluster maintenance including rotation of certificates.
I remember how I felt years ago, when I had the first couple of Linux and Windows Virtual machines running in the lab. It was a great sense of freedom, from hardware limitations, from lost time and productivity. It was real Magic.
Then about 2 years ago, when Docker started its journey, it almost felt like black magic. The speed, the embedded versioning, the Freedom from the Operating system cage…
Looking at the new opportunities and energy at the recent DockerCon EU (2015), feels like a visit to Harry Potter’s Hogwarts castle. Anyway, enough with the story, let’s dig into some tech bits:
- Impressive focus on security, quality,scalability and stability (See the Keynote as well as this session)
- Docker Trusted Registry – Easy signing of your code using UBkey stick (a bit later AWS launched its own Docker registry service..)
- Remote revocation of signed code in case of compromise
- Nautilus- Automatic vulnerability scan of code that is uploaded into Dockerhub
- Internal Dockerhub on premise option including the secure code signing and Nautilus features
- Swarm cluster scales from 10 to 1000 nodes running 50,000 containers without any hiccups!
- Docker Universal Control plane – the dashboard for managing your docker swarm as well as on-the-fly secret data insertion and rotation, On-The-Fly insertion of specific Docker images across Swarm nodes.
- Docker Remote API that allows remote CLI, remote Compose and Docker Swarm
- Docker compose now
- Includes the network overlay system that automatically allows containers to find each other and applications merely call hostnames without worrying about name resolution
- Allows you to assign volumes to specific containers, which allows mixing of both persistent and non-persistent applications
- Started supporting seccomp for more granular Docker permissions as well as user namespaces which allows a process inside a container to “believe” it is running as root, while in fact it’s not
- Docker monitoring resources
- A massive list of tools on Github
- InfluxDB – Platform for Time Series data
- Docker tools
- Docker Bridge: Interlock, Registrator
- Service Registry: etcd, consul, zookeeper
- Template: Interlock, confd, consul-template
- Reverse Proxy: HAProxy, NGINX, Traefik
- Docker sidekicks – special containers that provide Service Discovery, HealthChecks and orchestration through a REST API. Examples include Amazon ECS Agents, AWS Beanstalk, COREOS, Docker Ambassador
- DCOS – The DataCenter Operating System – The Mesosphere Datacenter Operating System (DCOS) is a new kind of operating system that spans all of the machines in your datacenter or cloud. It provides a highly elastic, and highly scalable way of deploying applications, services and big data infrastructure on shared resources including AWS, GCP, Azure.
- Docker for Windows
- Will not run Linux images
- Same code base as Docker for Linux
- Requires Windows Server 2016
- Includes an abstraction layer between Docker and the Windows Kernel
- The Docker C:\Windows maps to \Global?\C:\Windows
- Contains all Windows device entry points including C: and \Registry, \Device\TCP
- Each container has its own “chrooted” devices
- File system is hybrid of UnionFS and NTFS: Virtual Block Device + NTFS partition per container Symlinks to layers on host FS
- Sundial – Rides on top of AWS ECS (Docker on AWS) and offers aggregation of Docker JOBS / ECS into processes with dependency tree graphical representation and central logging and control
- Great sessions you should NOT miss
- Green Font, Black Background – Docker Security by Example
- Cgroups, namespaces, and beyond: what are containers made from?
- Cultural Revolution – How to Manage the Changes Docker Brings
- How to be successful running Docker in Production
- Continuous Integration with Jenkins, Docker and Compose
Checkout http://domeide.github.io …
They created IDE plugins for Docker, on the most popular development IDE tools (Sublime Text, Eclipse, Visual Studio and more)
Here is their slideshare presenting their plugins..
That’s it. Docker won over Windows containerization as well!
Microsoft just announced it will add to its support for Linux VMs running Docker Linux Containers, support of Docker engine inside Windows Server and Windows Azure, to support native Windows containers,
More info here: Docker based Windows containers
This means you will be able to develop and support your Windows Apps within a slim agile-to-maintain container. What happens to licensing is one question, and what happens to security is definitely another worthy question.