Core maintainers Jessie Frazelle & Arnaud Porterie talk about newest additions and future plans for the Docker Engine at DockerCon Europe 2015.

1. The latest in Docker Engine
Jessie Frazelle
Software Engineer, Docker
Arnaud Porterie
Senior Engineering Manager, Docker

2. The past
What happened since last DockerCon?

3. Engine recent history
3
Activity since last DockerCon
2,162 pull requests
… from 438 contributors
… we closed 420 😕 (sorry!)
… we merged 1,615 😇 (80%)

4. (+) 311,780 lines of code added
(-) 163,350 lines of code removed
Engine recent history
4
Activity since last DockerCon

5. Engine recent history
5
Releases since last DockerCon
2015-06-16 - Docker Engine 1.7
ZFS support
Experimental plugins
Experimental multihost networking
2015-06-22 - Open Container Initiative
Runtime (libcontainer) donated to the Linux Foundation
2015-08-11 - Docker Engine 1.8
Docker Content Trust
Docker daemon subcommand
Many, many, many bugfixes

6. The present
Docker Engine 1.9.0

7. Docker Engine 1.9.0
7
Builder improvements
Build time arguments
New ARG Dockerfile instruction
Builtin support for HTTP_PROXY at build
Custom stop signal
New STOPSIGNAL Dockerfile instruction
Configure which signal should terminate the entrypoint

8. Docker Engine 1.9.0
8
Networking
Multihost networking is out of experimental
Out of the box overlay networking
New docker network command
Manage networks as a top-level object
Extensibility through plugins
Already 6 implementations done or under development

9. Docker Engine 1.9.0
9
Volume management
New docker volume command
Manage volumes as a top-level object
Extensibility through plugins
Already several implementations (e.g., Flocker)
See github.com/calavera/dkvolume for Go bootstrapping

10. Docker Engine 1.9.0
10
Experimental: user namespaces
GID/UID remap
Root in the container != root on the host
Key feature for multi-tenancy
Doesn’t come without drawbacks!
Storage dir is scoped by gid/uid
No more --net=container or --net=host

11. The future
What’s next for Docker Engine?

12. What’s next?
12
Distribution rework
Motivations
Ease maintenance
Fix long running structural issues
New manifest format
Enable multi-architecture images (“fat manifests”)
Few user visible changes
Layers != image
Images identified by sha256sum(manifest)

13. What’s next?
13
More platforms
Official ARM support
Currently being worked on (thanks Hypriot!)
Windows Server 2016
Tech preview 3 was released in August 2015
IBM Power Systems, IBM z Systems, Solaris, …

14. What’s next?
14
Security
Default Docker Content Trust
Released in 1.8.0, currently opt-in
Seccomp
Syscall filtering
Stable user namespaces
Help us by testing in experimental
API authorization / authentication
Current working on a proposal from Twistlock

15. What’s next?
15
Split, split, split!
Ongoing effort to decouple pieces of the Engine
Motivations
Ease maintenance
Get more dedication to subsystems (e.g., builder)
Options! (e.g., remove/wrap pieces, drop privileges, …)
Split runtime
RunC, standalone containers supervision
Split builder
Allow to build client-side

16. What’s next?
16
Converge, converge, converge!
Studying convergence of Swarm and Engine
Motivations
Lot of technical overlap
Engine as a degenerated single-node cluster
First hints in 1.9.0
Engine node discovery (--cluster-advertise)

17. Demo
Containers are not lightweight VMs

18. Demo
18
Linux namespaces
N
etw
ork
M
ount
PID
IPC
U
ser
U
TS

19. Demo
19
Linux namespaces
M
ount
PID
IPC
U
ser
U
TS
M
ount
PIDIPC
U
ser
U
TS
App Wireshark
Host
N
et
N
et
���������������

20. Demo
20
Linux namespaces
M
ount
PID
IPC
U
ser
U
TS
Wireshark
N
et
M
ount
PID
IPC
U
ser
U
TS
N
et
App
M
ount
PID
IPC
U
ser
U
TS
VNC
N
et
���������������
�������������

21. Thank you!
@frazelledazzell
princess@docker.com
Arnaud Porterie
@icecrime
arnaud@docker.com
Jessie Frazelle