The document discusses Docker 1.5 and its new features including IPv6 support, read-only containers, Docker stats, and the Docker image specification. IPv6 can be enabled by running Docker with the --ipv6 flag. Read-only containers restrict writes to containers. Docker stats provides live metrics for containers. The Docker image specification defines the format for layered image files and metadata.

1. Docker 1.5
Overview
Author : Rajdeep Dua
Date : March 2015

2. IPv6 Support
• By default, the Docker server configures the
container network for IPv4 only.
• Enable IPv4/IPv6 dual stack support by
running the Docker daemon with the --ipv6
flag.
• Docker will set up the bridge docker0 with the
IPv6 link-local address fe80::1.

3. Enabling IPv6 support
• By default, containers that are created will only get a link-local
IPv6 address.
• To assign globally routable IPv6 addresses to your containers
specify an IPv6 subnet to pick the addresses from.
• Set the IPv6 subnet via the --fixed-cidr-v6 parameter when
starting Docker daemon:
$ docker -d --ipv6 --fixed-cidr-v6="2001:db8:1::/64"

4. Enable IPv6 Routing
$ ip -6 route add 2001:db8:1::/64 dev docker0
$ sysctl net.ipv6.conf.default.forwarding=1
$ sysctl net.ipv6.conf.all.forwarding=1

5. Check the IP Address
• Launch a New Container
• Check the IP Address
$ sudo docker run -t -i ubuntu:14.04 /bin/bash
root@a232a2f68927:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:04
inet addr:172.17.0.4 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: 2001:db8:1::242:ac11:4/64 Scope:Global
inet6 addr: fe80::42:acff:fe11:4/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:448 (448.0 B) TX bytes:406 (406.0 B)

6. Read Only Containers
• Enable a read-only file system for your container via
the --read-only flag.
• The read-only feature allows to restrict the locations
that an application inside a container can write files
to.
• This loads a Read-only Root File System in the
container
sudo docker run -i -t --name
another_container_ro --read-only ubuntu /bin/bash

7. Read Only Containers
• A New Flag has been introduced which is set to true
if the flag –read-only is specified in the command
line or is set in the API call
Rootfs string `json:"rootfs"` // root fs of the container
ReadonlyRootfs bool `json:"readonly_rootfs"`

8. Docker Stats
• Stats API endpoint and CLI command that
streams live CPU, memory, network IO and
block IO for container/containers specified.
$ docker stats <container_id>
CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O
insurgency1 3.62% 244.4 MB/2.099 GB 11.64% 0 B/0 B
insurgency2 4.65% 135.6 MB/2.099 GB 6.46% 0 B/0 B
insurgency3 3.65% 79.18 MB/2.099 GB 3.77% 0 B/0 B
minecraft-family 14.13% 408.6 MB/2.099 GB 19.47% 0 B/0 B
redis 0.17% 6.558 MB/67.11 MB 9.77% 648 B/648 B

9. Docker Image Spec
• A Docker Image is an ordered collection of
root file system changes and the
corresponding execution parameters for use
within a container runtime.
• Docker Image specification outlines the
format of these file system changes
• It Describes how to create and use them for
use with a container runtime and execution
tool.

10. Docker Image Spec
• Layer
• Image JSON
• Image File System Change set
• Image ID
• Tag Repository

11. Docker Image Spec - Layer
• Images are composed of layers.
• Image layer is a general term which may be
used to refer to one or both of the following:
– Layer Metadata : The metadata for the layer,
described in the JSON format.
– Image Diff : The file system changes described by
a layer.

12. Docker Image JSON
Each layer has an associated JSON structure
which describes some basic information about
the image such as
– Date created
– Author
– Parent Image ID
– Execution/runtime configuration
E.g. entry point, default arguments, CPU/memory shares,
networking, and volumes.

13. Docker Image Spec – JSON..example
{
"id":"a9561eb1b190625c9adb5….2d4c5236c9a6957ec7dfd5a9",
"parent":"c6e3cedcda2e3982a1a6760e178355….8743fa3549d284e024",
"checksum":"tarsum.v1+sha25……d651fedc3aa72af9972e7d046b",
"created":"2014-10-13T21:19:18.674353812Z",
"author”:”author_name",
"architecture":"amd64",
"os":"linux",
"Size":271828,
}

14. Docker Image Spec – JSON ..example
{
…
"config":{
"User":"alice",
"Memory":2048,
"MemorySwap":4096,
"CpuShares":8,
"ExposedPorts":{
"8080/tcp":{
}
},
"Env":[ ],
"Entrypoint":[ ],
"Cmd":[ ],
"Volumes":{ },
"WorkingDir":"/home/alice”,
}

15. Image Tag
• A tag serves to map a descriptive, user-given
name to any single image ID.
• An image name suffix (the name component
after :) is often referred to as a tag.
• Acceptable values for a tag suffix are
implementation specific
• SHOULD be limited to
– set of alphanumeric characters [a-zA-z0-9]
– punctuation characters [._-]
– MUST NOT contain a : character.

16. Image Parent
• Most layer metadata structs contain a
parent field which refers to the Image
from which another directly
descends.
• An image contains a separate JSON
metadata file and set of changes
relative to the file system of its parent
image.
• Image Ancestor and Image
Descendant are also common terms.
Image
Image
Parent
Image
Descendant
Image
Descendant