Welcome to DockerCon!
Ben Golub
CEO, Docker Inc.
@golubbe

The power of tools
“Give me a lever and
a place to stand, and
I will move the
world!”
- Archimedes

The power of tools
“Our mission is to
build tools of mass
innovation.”
- Solomon Hykes

The Power of Tools in the
Hands of Makers

The Power of Tools in the
Hands of Makers
Cosmology@Home lets you volunteer your
spare computer time (like when your screen
saver is on) to help search for the model
which best describes our Universe and to find
the range of models that agree with available
cosmological and particle physics data.

Theme 1:
It’s all about the makers!

What do
you make
with
Docker?
I build Adidas MENA
Ecommerce platform
I Dockerize
Genomics
My VPN connection is in
a container
I Dockerized my
team!
I deploy under
custom OS in
mobile
I Dockerize Norwegian
banking

Thank you to those who
make Docker

Namespaces (IBM)
Cgroups (Google)
LXC tools
The Linux Kernel
Git
SELinux (Red Hat)
Solaris Zones
BSD Jails
+++We know we’re standin
g on your shoulders
Thank you to the giants

Thank you to the amazing global meetup community
215
Groups
63
Countries

Thank you to the awesome Docker Inc team

Thank you to our amazing sponsors

Partners, Tools and Applications
Dev Tools
Official Repositories
Operating Systems
Big Data
Service Discovery
Build / Continuous Integration
Configuration Management
Consulting &Training
Management
Storage
Clustering & Scheduling
Networking
Infrastructure & Service Providers
Security
Monitoring & Logging

State of the Project

…and the bazaarThe cathedral…
Sagrada Familia
Construction started: 1882
Est. completion date: 2026
La Boqueria Open Air Market
Operating successfully since 1217
"Sagfampassion" by Wjh31 - Own work - http://lifeinmegapixels.com. Licensed
under CC BY 3.0 via Commons -
https://commons.wikimedia.org/wiki/File:Sagfampassion.jpg#/media/File:Sagfa
mpassion.jpg
"La Boqueria" by Dungodung - Own work. Licensed under Public Domain via Commons -
https://commons.wikimedia.org/wiki/File:La_Boqueria.JPG#/media/File:La_Boqueria.JPG

DockerCon EU 2015:
2 Years 8 Months
A Year has passed, and our baby whale has grown!
Our little whale is growing up
DockerCon EU 2014:
20 Months

Some growth statistics
Dockerized
applications
Docker related
projects on GitHub
Docker Hub pulls
per second
Docker Hub
pulls per day
More contributors
to Docker open
source
240K
655.6M
157%60M
Docker Hub pulls
since Jan 2015
1.3B

Docker Jobs
0
10000
20000
30000
40000
50000
60000
70000
Jan-14 Jan-15
PercentageGrowth
Docker Job Trends

Functionality
What has changed in the project?
DCEU 14
• Docker Engine
• Docker Registry
DCEU 15
• Engine
• Registry
• Swarm
• Networking
• Toolbox
• Notary
• Compose
• Machine
• More to come
today!
Applications
DCEU 14
• Primarily
Stateless
DCEU 15
• Stateless
• Stateful
• More to come today!
Platforms
DCEU 14
• All major 64 bit
Linux Oss
DCEU 15
• All major 64 bit Linux OS
• Windows Server (TP4)
• 32 bit
• More to come today!
Commercial Solutions
DCEU 14
• Support
• Hosted Registry
DCEU 15
• Support
• Hosted Registry
• CS Engines
• DTR, Tutum
• More to come tomorrow!
Governance
DCEU 14
• Advisory Board
DCEU 15
• Advisory Board
• Runtime and format donated
to foundation (OCI), with 30+
members
• More to come today!
Users
DCEU 14
• Primarily
test/dev
• some prod
DCEU 15
• Docker used widely in
Production

Open Container Initiative
22
Availble on Github
OCI Roadmap
Github stars
2,223
Member companies
35+
Github forks
Docker, Google, RedHat,
CoreOS, Huawei, independents
Maintainers
253
Contributors
130

Functionality
What has changed in the project?
DCEU 14
• Docker Engine
• Docker Registry
DCEU 15
• Engine
• Registry
• Swarm
• Networking
• Toolbox
• Notary
• Compose
• Machine
• More to come
today!
Applications
DCEU 14
• Primarily
Stateless
DCEU 15
• Stateless
• Stateful
• More to come today!
Platforms
DCEU 14
• All major 64 bit
Linux Oss
DCEU 15
• All major 64 bit Linux OS
• Windows Server (TP4)
• 32 bit
• More to come today!
Commercial Solutions
DCEU 14
• Support
• Hosted Registry
DCEU 15
• Support
• Hosted Registry
• CS Engines
• DTR, Tutum
• More to come tomorrow!
Governance
DCEU 14
• Advisory Board
DCEU 15
• Advisory Board
• Runtime and format donated
to foundation (OCI), with 30+
members
• More to come today!
Users
DCEU 14
• Primarily
test/dev
• some prod
DCEU 15
• Docker used widely in
Production

Theme 2:
Docker in Production

Real World Usage of Docker
Real Docker
adoption is up
5x in one year
Docker users
using Swarm &
Compose
Users triple the #
containers they use
within 5 months
Docker users
already running
in production
5x 85%
3x 40%
Sources: O’Reilly, Coatue, Datadog

Thank You To All Of Our Users! Add 3DS

Docker in Production
Real Community, Robust
Ecosystem
Secure & Extensible
Portable
Great for devs and ops
Real users
Solutions and Roadmap
End to end
Security
Orchestration
Networking
Workflows for build, shipping,
deploying/managing

Theme 3:
End to End Matters

Apps Have Fundamentally Changed
29
Loosely
Coupled
Services
Many Small
Servers
~2000 Today
Monolithic
Big Servers
Slow
changing
Rapidly
updated

Lessons learned:
1
2
3
Developers do not adopt locked down platforms
End to end matters:
- Devs care about deployment
- Ops cares about provenance
Build management, orchestration, &
more in a way that enables portability
30

Docker End to End Solutions
BUILD SHIP RUN
Registry
Service
Cloud or Private Infrastructure
Plugins: Network, Volume, Clustering
Management UIDocker Toolbox
31

Thank you!
Ben Golub
@golubbe

Dockercon day 1
General session
Solomon Hykes
Founder & CTO, Docker

Photo Caption (Drag&drop a new photo onto photo to change)
3
Our mission is to build
tools of mass innovation

Photo Caption (Drag&drop a new photo onto photo to change)
Billions of creative people Incredible technology
4

Photo Caption (Drag&drop a new photo onto photo to change)
Mass innovation
5

Photo Caption (Drag&drop a new photo onto photo to change)
6
What is the biggest
innovation multiplier today?

Photo Caption (Drag&drop a new photo onto photo to change)
7
PROGRAMMING
What is the biggest
innovation multiplier today?

The Internet
is pretty cool…

The Internet
is pretty cool…
and getting lots
of upgrades!
Servers, phones, TVs, cars, sensors,
drones, homes, watches, maps,
payment systems, scientific equipment,
virtual worlds, data banks, crypto-
currencies...

Could we
make the
Internet...
PROGRAMMABLE?

App
App
App
App
App
App
App
App
App
App
App
Eager developer
The Internet
Software walled
gardens

Photo Caption (Drag&drop a new photo onto photo to change)
App App
App
App
App
App
App
App
App
App
App
We’re building
a software layer
to make the Internet
programmable

Photo Caption (Drag&drop a new photo onto photo to change)
The
Docker
Stack

Photo Caption (Drag&drop a new photo onto photo to change)
Standards

Photo Caption (Drag&drop a new photo onto photo to change)
Infrastructure

Photo Caption (Drag&drop a new photo onto photo to change)
Dev tools

Photo Caption (Drag&drop a new photo onto photo to change)
Solutions

Photo Caption (Drag&drop a new photo onto photo to change)
Solutions
Dev tools
Infrastructure
Standards
The
Docker
Stack

Let’s talk about
QUALITY

Shipping a feature is just 1% of the work.
It should work every time, for every user.

- Security and Reliability matter.
- If it’s not usable, it’s worthless.
- Things fail. Handle it gracefully.
Quality means…

Quality is a journey,
not a destination.
Either you are focused on quality, or you’re not.

We will always
put quality first.

Quality tools
for developers
What have we been up to?

Usability

Docker Compose supports all
new Swarm/engine features
- Magical service discovery
- Use a micro-service architecture without rewriting your code
- Build persistent services with volume management
- All integrated into a seamless developer experience

Many small usability improvements.
Details matter!
- Fixing Virtualbox integration issues, one by one.
- UI glitches, low priority bugs
- Unusual configurations and usage patterns
- Better error messages
No silver bullet, just lots of unglamorous hard work.

Docker Developer Toolbox
now has full Mac/Windows
feature parity.
Installer, Quickstart terminal, Compose,
Machine, Kitematic

Security

Usable security

“How to make developers
care about security?”
Wrong question.

Unusable security is
not security.

“How to give developers
usable security?”

Docker Content Trust
Secure and usable
content distribution for
developers.

Built on industry-leading research
TUF and Notary enable
Survivable Key Compromise,
Proof of Origin,
Protection against untrusted transports.

Can we make developers
even more secure?

Hardware crypto support
for
Docker Content Trust
and
Proudly introduce

Docker Content Trust
+
hardware crypto
=
Survive almost any
key compromise.

What did we just see?

What did we just see?

What did we just see?

With the right tools,
every developer can become an
ultra-secure software publisher.

Let’s prove it!

3 easy steps

Quality tools
for ops
What have we been up to?

Security,
Reliability,
Scale.

Let’s talk about
SECURITY
(again)

Isolation of Linux containers: it’s complicated
- pid namespace
- mnt namespace
- net namespace
- uts namespace
- ipc namespace
- user namespace (new)
- pivot_root
- uid/gid drop
- cap drop
- all cgroups
- selinux
- apparmor
- seccomp

Isolation supported by Docker Engine 0.1 in March 2013
- pid namespace
- mnt namespace
- net namespace
- uts namespace
- ipc namespace
user namespace (new)
- pivot_root
- uid/gid drop
cap drop
all cgroups
selinux
apparmor
seccomp

Isolation supported in Swarm/Engine 1.9
- pid namespace
- mnt namespace
- net namespace
- uts namespace
- ipc namespace
user namespace (new)
- pivot_root
- uid/gid drop
- cap drop
- all cgroups
- selinux
- apparmor
seccomp

Isolation supported in Swarm/Engine experimental
- pid namespace
- mnt namespace
- net namespace
- uts namespace
- ipc namespace
user namespace (new)
- pivot_root
- uid/gid drop
- cap drop
- all cgroups
- selinux
- apparmor
seccomp

http://docker.com/experimental
Help us test the bleeding edge!

“Am I running vulnerable
containers?”

Introducing
Project Nautilus
Built-in container security analysis
in Docker Hub

Quietly went live on official repos
two months ago,
helped secure 74 millions pulls.
self-service coming soon.

Nautilus uses Deep Content Analysis

Nautilus matches all container
content against its own vulnerability
database.
It is not limited to the vulnerability
database of Linux distributions.

Benefit 1:
Detect vulnerabilities
regardless of Linux distribution.

Benefit 2:
We have caught several
vulnerabilities in Linux distributions
and collaborated to fix them.

Benefit 3:
Face it: developers have their favorite package
manager. Probably not the one shipped with the distro.
But it’s OK! Nautilus will catch vulnerabilities anyway.

“Those who would give up essential
Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety”
- Benjamin Franklin.

You don’t need to lock yourself into a
Linux distribution to secure your
containers.

SWARM 1.0
Ready for production

Swarm 1.0: ready for production
- Connect any containers across your entire cluster
- Create secure overlay networks out of the box
- Swap in your favorite backend implementation
- DNS service discovery supports unmodified applications
Built-in multi-host networking

Swarm 1.0: ready for production
- New volume management commands and API
- Attach any volume to any container, dynamically
- Swap in your favorite backend implementation
Built-in persistent storage

Swarm 1.0: ready for production
“But does it scale?”

- We scaled Swarm to 50k containers and 1k nodes
- Had to stop because of EC2 limit
- Swarm keeps scheduling without breaking a sweat
- Expect bigger numbers soon
- Yes, software can be both scalable and usable
What did we just see?

In summary...

Quality tools for developers
- Many usability improvements
- Full Mac/Windows feature parity
- Trusted content distribution for developers
- Support for hardware crypto
Quality tools for ops
- More isolation features in Swarm/engine
- Swarm 1.0 is ready for production
- Swarm can run persistent services
- Swarm works a very large scale

Happy Hacking!

Thank you!
Solomon Hykes
@solomonstre
s@docker.com