3. Engine recent history
3
Activity since last DockerCon
2,162 pull requests
… from 438 contributors
… we closed 420 😕 (sorry!)
… we merged 1,615 😇 (80%)
4. (+) 311,780 lines of code added
(-) 163,350 lines of code removed
Engine recent history
4
Activity since last DockerCon
5. Engine recent history
5
Releases since last DockerCon
2015-06-16 - Docker Engine 1.7
ZFS support
Experimental plugins
Experimental multihost networking
2015-06-22 - Open Container Initiative
Runtime (libcontainer) donated to the Linux Foundation
2015-08-11 - Docker Engine 1.8
Docker Content Trust
Docker daemon subcommand
Many, many, many bugfixes
7. Docker Engine 1.9.0
7
Builder improvements
Build time arguments
New ARG Dockerfile instruction
Builtin support for HTTP_PROXY at build
Custom stop signal
New STOPSIGNAL Dockerfile instruction
Configure which signal should terminate the entrypoint
8. Docker Engine 1.9.0
8
Networking
Multihost networking is out of experimental
Out of the box overlay networking
New docker network command
Manage networks as a top-level object
Extensibility through plugins
Already 6 implementations done or under development
9. Docker Engine 1.9.0
9
Volume management
New docker volume command
Manage volumes as a top-level object
Extensibility through plugins
Already several implementations (e.g., Flocker)
See github.com/calavera/dkvolume for Go bootstrapping
10. Docker Engine 1.9.0
10
Experimental: user namespaces
GID/UID remap
Root in the container != root on the host
Key feature for multi-tenancy
Doesn’t come without drawbacks!
Storage dir is scoped by gid/uid
No more --net=container or --net=host
12. What’s next?
12
Distribution rework
Motivations
Ease maintenance
Fix long running structural issues
New manifest format
Enable multi-architecture images (“fat manifests”)
Few user visible changes
Layers != image
Images identified by sha256sum(manifest)
13. What’s next?
13
More platforms
Official ARM support
Currently being worked on (thanks Hypriot!)
Windows Server 2016
Tech preview 3 was released in August 2015
IBM Power Systems, IBM z Systems, Solaris, …
14. What’s next?
14
Security
Default Docker Content Trust
Released in 1.8.0, currently opt-in
Seccomp
Syscall filtering
Stable user namespaces
Help us by testing in experimental
API authorization / authentication
Current working on a proposal from Twistlock
15. What’s next?
15
Split, split, split!
Ongoing effort to decouple pieces of the Engine
Motivations
Ease maintenance
Get more dedication to subsystems (e.g., builder)
Options! (e.g., remove/wrap pieces, drop privileges, …)
Split runtime
RunC, standalone containers supervision
Split builder
Allow to build client-side
16. What’s next?
16
Converge, converge, converge!
Studying convergence of Swarm and Engine
Motivations
Lot of technical overlap
Engine as a degenerated single-node cluster
First hints in 1.9.0
Engine node discovery (--cluster-advertise)