DockerCon 2017 Recap: Here’s What You Missed (Part 1 of 2)
We recently closed the books on another amazing DockerCon conference, which took place in Austin, TX and wrapped up on April 20th. In case you were unable to attend this incredible 3-day event, we’ve decided to put together a nice little wrap up to go over the highlights, relevant news, exciting announcements and more. So, without further ado, here’s the low-down of what you missed at this year’s conference.
Astronomical Growth
The first noteworthy thing about this year’s event is how much it has grown. There were over 5,500 attendees and the number of contributors has grown from 400 to an incredible 3,300 in just three short years. Of those, 41.5% of code base was contributed by individuals, 40.6% by Docker, 7.7% by Microsoft and 3.2% by IBM.
DockerHub now has 900K apps, up from 15K apps in 2014 and some 14 million hosts are now running Docker. There have been 12 billion image pulls over the past four years, a number that represents a mind-boggling growth rate of 390,000%!
Another noteworthy takeaway from this year’s DockerCon is the number and diversity of use cases that were presented. For instance, Docker has now been documented for use in:
- Keeping planes in the air
- Powering the largest financial institutions
- Processing $ billions in transactions per day
- Healthcare, genome sequencing, curing diseases
- 25M tax returns are running through Docker this year,
Furthermore, over 100 startups in the Docker ecosystem have received funding and the global community has grown to 287 cities with 170K+ members. Not too shabby!
Sacrifice to the ‘Demo Gods’
This year’s conference kicked off with an introduction by Solomon Hykes, Docker’s Founder and CTO. Hykes revealed quite a few intriguing things that really got the crowd amped up — specifically, better tools for developers and less friction in the development cycle. To demonstrate these changes, a few examples were provided based on common developer frustrations, including:
Example #1: “My container images are too big!”
This prompted the introduction of multi-stage builds, which provide the ability to build smaller images in multiple stages: first, completing the build environment and second, minimal runtime environment, resulting in one Dockerfile.
Example #2: “I wish there was an easier way to take my app from desktop to the cloud.”
The solution proposed for this example was an introduction to the new desktop-to-cloud feature. This provides the ability to add and connect Swarms running in supported cloud providers, including AWS, Azure and Google Cloud (beta). It also features built-in collaboration with Docker Cloud and Docker ID. To demonstrate, two Docker software engineers used multi-stage builds and Desktop-to-Cloud as a deployment mechanism for the Swarm cluster.
The multi-stage build and Desktop-to-Cloud features will be available in the next stable release which ships in June. These features are currently available in Docker’s edge channel, which is the experimental build. You can download it here: https://docker.com/getdocker
Security Improvements
Another exciting announcement that many have been anxiously anticipating was the secure orchestration with SwarmKit, a Docker open-source project that functions as a toolkit for orchestrating distributed systems at any scale. It includes primitives for node discovery, raft-based consensus, task scheduling and more.
There is now an automatic public key infrastructure that creates cryptographic node identities for every node that joins the Swarm, as well as automatic certificate rotation. The toolkit operates using Mutual TLS for authorization, authentication and encryption of all communication across the control plane of all nodes on the Swarm. Using Raft, SwarmKit helps share secrets securely.
Use cases for this include PCI DSS, healthcare and other sensitive or confidential workloads.
Introducing LinuxKit
According to Hykes, one of the challenges to cross-platform containers has been the lack of a portable Linux subsystem across different hardware platforms and operating systems.
LinuxKit was developed as a solution to provide the container movement with a secure, lean and portable Linux subsystem. This is the result of a mass collaboration between Docker, IBM, Linux Foundation, Microsoft, ARM, HP Enterprise and Intel. Now open source, the solution is open to public contributions.
Specifications of the secure Linux subsystem are as follows:
- Only works with containers
- Smaller attack surface
- Immutable infrastructure
- Sandboxed system services
- Specialized patches and configuration
- Incubator for security innovations
— Wireguard, Landlock, Kernel Self Protection Program (KSPP)
— MirageOS type safe system daemons - Community-first security process
— Linux is too big for any one company to secure it
— Participate in existing Linux security efforts
With a lean Linux subsystems, users can expect the following:
- Minimal size, minimal boot time
- All system services are containers
- Everything can be removed or replaced
Portable Linux subsystems offer:
- Desktop, server, IoT, mainframe
- Intel and ARM
- Bare metal and virtualized
Getting Started with Docker Swarm
If you’re interested in getting started with Docker Swarm on AWS or Azure, consider checking out the Caylent beta.
Caylent is a cloud-agnostic Container Management Platform that acts as a fully managed Docker Swarm solution and has lots of great features like one-click deployments, continuous delivery, user access management, and more.
