SlideShare uma empresa Scribd logo

Neues aus dem Docker-Universum

Nicholas Dille
Nicholas Dille

Eine subjektive Sicht des Autors auf die GeEschehnisse zrund um Docker

Tecnologia
1 de 24
Baixar para ler offline
Neues aus dem Docker-Universum Nicholas Dille Docker Captain, Microsoft MVP
Nicholas Dille Husband, Father, Geek, Speaker, Author Proudly working at Haufe Group Microsoft MVP seit 2010 Docker Captain seit 2017 dille.name @NicholasDille
Opinionated View on the Docker Ecosystem 2018
Containers are commodity Knowledge is spreading Increasing need for advanced topics Deployment options Containerization is accepted as additional option Evolution instead of revolution Pace is slowing Features are nice-to-have
DockerCon Docker Enterprise Edition Federated application management across clouds Kubernetes on Windows Server Deployment of cross-platform applications Deployment on Docker Swarm as well as Kubernetes Deployment of OSS serverless frameworks Docker Desktop Template based image creation
docker-app Reuse application stacks Distribute compose files using any Docker registry Can include accompanying files Requires docker-compose version 3.2 Internals Stored like an image Has an manifest with config and one layer Layer containers deployment information
New lifecycle for Docker CE Stable channel 6-month release cycle Edge channel Deprecated in favour of nightly build Nightly build Access new features
The State of Docker Transformation Technology-driven company for over 10 years Change to focus on enterprise customers Kubernetes Embraced in Docker Enterprise Edition Side-by-side with Docker Swarm Community Standardization in Moby project and OCI
Kubernetes Enterprise Edition Community Edition Moby Offerings by Docker Docker CLI SwarmKit runC Trusted RegistryUniversal Control Plane Compose Machinedockerd InfraKit HyperKit VPNKit BuildKit DataKitRegistry libnetwork Docker Hub Docker Certified
12 Projekte Docker and the ecosystem …donated specification and runC (Juni 2015) …donated containerd (März 2017) and Notary (Oktober 2017) …initiated (April 2017)
Docker 18.09 Remoting using SSH Third option in addition to… … Socket … TCP BuildKit Integration of more Moby projects Updated containerd Separation is becoming more obvious
Docker Under the Hood What it looks like How it works dockerd dockerd containerd runc API endpoint Integration with ecosystem Automation Distribution (pull/push) Container storage Metrics Isolates processes Interacts with kernel Lightweight Belongs to CNCF Implements OCI image spec Donated by Docker Available on socket (and TCP) Offers certificate authentication Talks to containerd using gRPC Belongs to OCI Implements OCI runtime spec Donated by Docker in 2015
Docker 18.09: Remoting using SSH So far so good Remoting using tcp://<host>:<port> (use certificates!) Tunneling the socket using SSH (ssh -L /tmp/my-docker.sock:/var/run/docker.sock) Brave new world Remoting using ssh://<user>@<host> Docker 18.09 is required on client and server Under the hood, ssh is used to start docker system dial-stdio
Docker 18.09: BuildKit BuildKit is GA Generic library Frontend for Dockerfile Integrated as optional feature Enabled with (export DOCKER_BUILDKIT=1) Improved build performance 2x from empty state 7x from cache 2.5x with updated source code 9x when using --cache-from
Docker 18.09: BuildKit Demo $ DOCKER_BUILDKIT=1 docker build .
Docker 18.09: Build Secrets Part of BuildKit BuildKit must be enabled Files can be mounted into /run/secrets/ during RUN Prevents copying secrets into image layers Extended syntasx for RUN statement Enabled by comment in Dockerfile New mount parameter (RUN --mount=type=secret,id=mysite.key ...) Build requires additional parameter (docker build --secret id=mysite.key,src=./mysite.key ...)
Docker 18.09: SSH Forwarding Part of BuildKit BuildKit must be enabled SSH agent socket can be mounted during RUN Prevents copying secrets into image layers Extended syntasx for RUN statement Enabled by comment in Dockerfile New mount parameter (RUN --mount=type=ssh ...) Build requires additional parameter (docker build --ssh default ...) Custom SSH socket or private keys are also supported
docker-compose 1.23 New default naming scheme <project>_<service>_<index>_<slug> Parallelization docker-compose build will now build up to 5 images in parallel Remember Variable overrides in file .env
Kubernetes Everywhere Only supported orchestrator Products focus on Kubernetes Example: Rancher 2.x Integrations Product feature Value Add Automation Example: GitLab, GoCD and many more
Kubernetes Everywhere 69 Certified Service Providers 47 Distributions 6 local machine solutions 15 hosted solutions 20 turn key solutions 12 on-premises solutions 19 custom solutions https://landscape.cncf.io/format=landscape Prominent solutions Azure Kubernetes Service (AKS) AWS Elastic Container Service for Kubernetes (EKS) Google Kubernetes Engine (GKE) AWS Fargate Hyper.sh
The State of Docker Swarm Major efforts Zero downtime rolling upgrades Swarm networking for Windows Server 1709/1803 Improved scalability for VIP LB Resilience on high latency networks docker stack works against k8s as well Always use Swarm even on single node Secrets Healthchecks Rolling upgrades Ready for scale-out
Windows Containers Mapping named pipe Added in Windows Server 1709 Allows for Docker-out-of-Docker Linux Container on Windows (LCOW) Added in Windows Server 1803 Allows for Linux and Windows containers side-by-side New base image called windows Added in Windows Server 2019 Contains most OS components (Re-)released on November 13th
Windows Containers Prediction: Native Linux containers on Windows Windows Subsystem for Linux (WSL) already isolated Linux Windows kernel knows how to isolate Windows processes
Lessons Learned Containers are commodity Kubernetes is the most popular orchestrator Docker Swarm is still in active development Windows is on everyone‘s roadmap Windows will run Linux containers natively

Recomendados

Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
EVE Microservices Platform
EVE Microservices PlatformEVE Microservices Platform
EVE Microservices Platform
Alaa Qutaish
 
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Nico Meisenzahl
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Nico Meisenzahl
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
Philip Welz
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
Thomas Fricke
 
Zombies in Kubernetes
Zombies in KubernetesZombies in Kubernetes
Zombies in Kubernetes
Thomas Fricke
 
Introduction to Kubernetes Security (Aqua & Weaveworks)
Introduction to Kubernetes Security (Aqua & Weaveworks)Introduction to Kubernetes Security (Aqua & Weaveworks)
Introduction to Kubernetes Security (Aqua & Weaveworks)
Weaveworks
 

Recomendados

Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
EVE Microservices Platform
EVE Microservices PlatformEVE Microservices Platform
EVE Microservices Platform
Alaa Qutaish
 
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Nico Meisenzahl
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Nico Meisenzahl
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
Philip Welz
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
Thomas Fricke
 
Zombies in Kubernetes
Zombies in KubernetesZombies in Kubernetes
Zombies in Kubernetes
Thomas Fricke
 
Introduction to Kubernetes Security (Aqua & Weaveworks)
Introduction to Kubernetes Security (Aqua & Weaveworks)Introduction to Kubernetes Security (Aqua & Weaveworks)
Introduction to Kubernetes Security (Aqua & Weaveworks)
Weaveworks
 
Kubernetes - security you need to know about it
Kubernetes - security you need to know about itKubernetes - security you need to know about it
Kubernetes - security you need to know about it
Haydn Johnson
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
Karthik Gaekwad
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
inovex GmbH
 
Kube Apps in action
Kube Apps in actionKube Apps in action
Kube Apps in action
Karthik Gaekwad
 
Kubernetes security and you
Kubernetes security and youKubernetes security and you
Kubernetes security and you
Karthik Gaekwad
 
Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017
Gianluca Arbezzano
 
Docker and Jenkins [as code]
Docker and Jenkins [as code]Docker and Jenkins [as code]
Docker and Jenkins [as code]
Mark Waite
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
Docker, Inc.
 
Kubescape single pane of glass
Kubescape single pane of glassKubescape single pane of glass
Kubescape single pane of glass
LibbySchulze1
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
LibbySchulze
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDays Riga
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security Journey
Jerry Jalava
 
What is Google Cloud Good For at DevFestInspire 2021
What is Google Cloud Good For at DevFestInspire 2021What is Google Cloud Good For at DevFestInspire 2021
What is Google Cloud Good For at DevFestInspire 2021
Robert John
 
KubeSecOps
KubeSecOpsKubeSecOps
KubeSecOps
Karthik Gaekwad
 
Docker container security
Docker container securityDocker container security
Docker container security
Thoughtworks
 
Nginx conference 2015
Nginx conference 2015Nginx conference 2015
Nginx conference 2015
ING-IT
 
You Want to Kubernetes? You MUST Know Containers!
You Want to Kubernetes? You MUST Know Containers!You Want to Kubernetes? You MUST Know Containers!
You Want to Kubernetes? You MUST Know Containers!
VMware Tanzu
 
Developing Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesDeveloping Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/Kubernetes
Chakradhar Rao Jonagam
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
Kuberton
 
Kubernetes in Higher Education
Kubernetes in Higher EducationKubernetes in Higher Education
Kubernetes in Higher Education
laupow
 
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesDocker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Thomas Barlow
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
Andrey Hristov
 

Mais conteúdo relacionado

Mais procurados

Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
inovex GmbH
 

Mais procurados (20)

Kubernetes - security you need to know about it
Kubernetes - security you need to know about itKubernetes - security you need to know about it
Kubernetes - security you need to know about it
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
 
Kube Apps in action
Kube Apps in actionKube Apps in action
Kube Apps in action
 
Kubernetes security and you
Kubernetes security and youKubernetes security and you
Kubernetes security and you
 
Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017
 
Docker and Jenkins [as code]
Docker and Jenkins [as code]Docker and Jenkins [as code]
Docker and Jenkins [as code]
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
 
Kubescape single pane of glass
Kubescape single pane of glassKubescape single pane of glass
Kubescape single pane of glass
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security Journey
 
What is Google Cloud Good For at DevFestInspire 2021
What is Google Cloud Good For at DevFestInspire 2021What is Google Cloud Good For at DevFestInspire 2021
What is Google Cloud Good For at DevFestInspire 2021
 
KubeSecOps
KubeSecOpsKubeSecOps
KubeSecOps
 
Docker container security
Docker container securityDocker container security
Docker container security
 
Nginx conference 2015
Nginx conference 2015Nginx conference 2015
Nginx conference 2015
 
You Want to Kubernetes? You MUST Know Containers!
You Want to Kubernetes? You MUST Know Containers!You Want to Kubernetes? You MUST Know Containers!
You Want to Kubernetes? You MUST Know Containers!
 
Developing Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesDeveloping Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/Kubernetes
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
 
Kubernetes in Higher Education
Kubernetes in Higher EducationKubernetes in Higher Education
Kubernetes in Higher Education
 

Semelhante a Neues aus dem Docker-Universum

Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Michael Hofmann
 
Microsoft Techsummit Zurich Docker and Microsoft
Microsoft Techsummit Zurich Docker and MicrosoftMicrosoft Techsummit Zurich Docker and Microsoft
Microsoft Techsummit Zurich Docker and Microsoft
Patrick Chanezon
 
Docker for .NET Developers - Michele Leroux Bustamante, Solliance
Docker for .NET Developers - Michele Leroux Bustamante, SollianceDocker for .NET Developers - Michele Leroux Bustamante, Solliance
Docker for .NET Developers - Michele Leroux Bustamante, Solliance
Docker, Inc.
 
C219 - Docker and PureApplication Patterns: Better Together
C219 - Docker and PureApplication Patterns: Better TogetherC219 - Docker and PureApplication Patterns: Better Together
C219 - Docker and PureApplication Patterns: Better Together
Hendrik van Run
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
kanedafromparis
 

Semelhante a Neues aus dem Docker-Universum (20)

Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesDocker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
Developer Experience Cloud Native - From Code Gen to Git Commit without a CI/...
 
Microsoft Techsummit Zurich Docker and Microsoft
Microsoft Techsummit Zurich Docker and MicrosoftMicrosoft Techsummit Zurich Docker and Microsoft
Microsoft Techsummit Zurich Docker and Microsoft
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
 
Kubernetes Powered Docker for Mac Platform
Kubernetes Powered Docker for Mac PlatformKubernetes Powered Docker for Mac Platform
Kubernetes Powered Docker for Mac Platform
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
 
Docker for .NET Developers - Michele Leroux Bustamante, Solliance
Docker for .NET Developers - Michele Leroux Bustamante, SollianceDocker for .NET Developers - Michele Leroux Bustamante, Solliance
Docker for .NET Developers - Michele Leroux Bustamante, Solliance
 
Docker slides
Docker slidesDocker slides
Docker slides
 
C219 - Docker and PureApplication Patterns: Better Together
C219 - Docker and PureApplication Patterns: Better TogetherC219 - Docker and PureApplication Patterns: Better Together
C219 - Docker and PureApplication Patterns: Better Together
 
Yet Another Session about Docker and Containers​
Yet Another Session about Docker and Containers​Yet Another Session about Docker and Containers​
Yet Another Session about Docker and Containers​
 
Docker in practice
Docker in practiceDocker in practice
Docker in practice
 
Docker
DockerDocker
Docker
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
 
Quick Trip with Docker
Quick Trip with DockerQuick Trip with Docker
Quick Trip with Docker
 
Docker ee an architecture and operations overview
Docker ee an architecture and operations overviewDocker ee an architecture and operations overview
Docker ee an architecture and operations overview
 
Demystifying Docker101
Demystifying Docker101Demystifying Docker101
Demystifying Docker101
 
Demystifying Docker
Demystifying DockerDemystifying Docker
Demystifying Docker
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Neues aus dem Docker-Universum

  • 1. Neues aus dem Docker-Universum Nicholas Dille Docker Captain, Microsoft MVP
  • 2. Nicholas Dille Husband, Father, Geek, Speaker, Author Proudly working at Haufe Group Microsoft MVP seit 2010 Docker Captain seit 2017 dille.name @NicholasDille
  • 4. Containers are commodity Knowledge is spreading Increasing need for advanced topics Deployment options Containerization is accepted as additional option Evolution instead of revolution Pace is slowing Features are nice-to-have
  • 5. DockerCon Docker Enterprise Edition Federated application management across clouds Kubernetes on Windows Server Deployment of cross-platform applications Deployment on Docker Swarm as well as Kubernetes Deployment of OSS serverless frameworks Docker Desktop Template based image creation
  • 6. docker-app Reuse application stacks Distribute compose files using any Docker registry Can include accompanying files Requires docker-compose version 3.2 Internals Stored like an image Has an manifest with config and one layer Layer containers deployment information
  • 7. New lifecycle for Docker CE Stable channel 6-month release cycle Edge channel Deprecated in favour of nightly build Nightly build Access new features
  • 8. The State of Docker Transformation Technology-driven company for over 10 years Change to focus on enterprise customers Kubernetes Embraced in Docker Enterprise Edition Side-by-side with Docker Swarm Community Standardization in Moby project and OCI
  • 9. Kubernetes Enterprise Edition Community Edition Moby Offerings by Docker Docker CLI SwarmKit runC Trusted RegistryUniversal Control Plane Compose Machinedockerd InfraKit HyperKit VPNKit BuildKit DataKitRegistry libnetwork Docker Hub Docker Certified
  • 10. 12 Projekte Docker and the ecosystem …donated specification and runC (Juni 2015) …donated containerd (März 2017) and Notary (Oktober 2017) …initiated (April 2017)
  • 11. Docker 18.09 Remoting using SSH Third option in addition to… … Socket … TCP BuildKit Integration of more Moby projects Updated containerd Separation is becoming more obvious
  • 12. Docker Under the Hood What it looks like How it works dockerd dockerd containerd runc API endpoint Integration with ecosystem Automation Distribution (pull/push) Container storage Metrics Isolates processes Interacts with kernel Lightweight Belongs to CNCF Implements OCI image spec Donated by Docker Available on socket (and TCP) Offers certificate authentication Talks to containerd using gRPC Belongs to OCI Implements OCI runtime spec Donated by Docker in 2015
  • 13. Docker 18.09: Remoting using SSH So far so good Remoting using tcp://<host>:<port> (use certificates!) Tunneling the socket using SSH (ssh -L /tmp/my-docker.sock:/var/run/docker.sock) Brave new world Remoting using ssh://<user>@<host> Docker 18.09 is required on client and server Under the hood, ssh is used to start docker system dial-stdio
  • 14. Docker 18.09: BuildKit BuildKit is GA Generic library Frontend for Dockerfile Integrated as optional feature Enabled with (export DOCKER_BUILDKIT=1) Improved build performance 2x from empty state 7x from cache 2.5x with updated source code 9x when using --cache-from
  • 15. Docker 18.09: BuildKit Demo $ DOCKER_BUILDKIT=1 docker build .
  • 16. Docker 18.09: Build Secrets Part of BuildKit BuildKit must be enabled Files can be mounted into /run/secrets/ during RUN Prevents copying secrets into image layers Extended syntasx for RUN statement Enabled by comment in Dockerfile New mount parameter (RUN --mount=type=secret,id=mysite.key ...) Build requires additional parameter (docker build --secret id=mysite.key,src=./mysite.key ...)
  • 17. Docker 18.09: SSH Forwarding Part of BuildKit BuildKit must be enabled SSH agent socket can be mounted during RUN Prevents copying secrets into image layers Extended syntasx for RUN statement Enabled by comment in Dockerfile New mount parameter (RUN --mount=type=ssh ...) Build requires additional parameter (docker build --ssh default ...) Custom SSH socket or private keys are also supported
  • 18. docker-compose 1.23 New default naming scheme <project>_<service>_<index>_<slug> Parallelization docker-compose build will now build up to 5 images in parallel Remember Variable overrides in file .env
  • 19. Kubernetes Everywhere Only supported orchestrator Products focus on Kubernetes Example: Rancher 2.x Integrations Product feature Value Add Automation Example: GitLab, GoCD and many more
  • 20. Kubernetes Everywhere 69 Certified Service Providers 47 Distributions 6 local machine solutions 15 hosted solutions 20 turn key solutions 12 on-premises solutions 19 custom solutions https://landscape.cncf.io/format=landscape Prominent solutions Azure Kubernetes Service (AKS) AWS Elastic Container Service for Kubernetes (EKS) Google Kubernetes Engine (GKE) AWS Fargate Hyper.sh
  • 21. The State of Docker Swarm Major efforts Zero downtime rolling upgrades Swarm networking for Windows Server 1709/1803 Improved scalability for VIP LB Resilience on high latency networks docker stack works against k8s as well Always use Swarm even on single node Secrets Healthchecks Rolling upgrades Ready for scale-out
  • 22. Windows Containers Mapping named pipe Added in Windows Server 1709 Allows for Docker-out-of-Docker Linux Container on Windows (LCOW) Added in Windows Server 1803 Allows for Linux and Windows containers side-by-side New base image called windows Added in Windows Server 2019 Contains most OS components (Re-)released on November 13th
  • 23. Windows Containers Prediction: Native Linux containers on Windows Windows Subsystem for Linux (WSL) already isolated Linux Windows kernel knows how to isolate Windows processes
  • 24. Lessons Learned Containers are commodity Kubernetes is the most popular orchestrator Docker Swarm is still in active development Windows is on everyone‘s roadmap Windows will run Linux containers natively