Docker Meetup with AWS Elastic Beanstalk - @docker– 05/06/2014 What’s new in the latest Docker release and Docker Hub Victor Vieux, Docker Inc. @vieux 

Some numbers Date   06/09/2014   07/24/2014   Docker  version   1.0   1.1.2   #  of  pulls   2,943,991   5,907,724   +100%   #  of  pushes   105,663   169,589   +60%   #  of  repositories   15,437   23,345   +50%   

What’s new in the Docker Engine ? 

We finally moved dotcloud/docker => docker/docker 

docker pause & docker unpause •  We added the ability to pause a container (freeze the process inside it). •  So it’s now safe to commit a running container because it’ll be paused automatically. 

Networking strategies •  --net=bridge : default behavior, the container gets an IP on a bridge shared by all the containers 

Networking strategies •  --net=host : the container access the host interfaces directly 

docker run --net=container:c1 ubuntu sh \ -c “echo test | nc 127.0.0.1 80” Networking strategies •  --net=container: : share the network stack of another container docker run --name c1 ubuntu nc –l 127.0.0.1 80 

Networking strategies •  --net=none : disable networking completely, the container only gets a loopback interface. https://docs.docker.com/reference/run/#network-settings 

.dockerignore •  Exclude some directories when sending the context the daemon during a build •  For example most of the time you could add the .git folder to the .dockerignore https://docs.docker.com/reference/builder/#dockerignore 

COPY instruction •  ADD without download and untar •  Please use COPY if it’s only what you need! https://docs.docker.com/reference/builder/#copy 

..and tons of other improvements! •  Overall performance and stability •  Logs tailing with docker logs --tail •  Ability to bind mount your whole host fs into a container: docker run –v /:/some/path •  Filter client output with docker image –filter •  --force-rm to remove containers, even after a fail build. •  Testing framework and code coverage https://github.com/docker/docker/blob/master/CHANGELOG.md 

What’s new in the Docker Hub? 

Organizations and groups 

Organizations and groups 

Bitbucket support (hg and git) 

Private repositories and private automated builds One free private repository when you sign up at http://hub.docker.com 

Official repositories 

The console 

The console 

The console 

What’s next in the Docker Engine? 

Fine grain control over capabilities •  Docker defines a whitelist of capabilities, all the other are dropped. •  --privileged was introduced to grant access to all the capabilities. •  In the release we will introduce --cap-add and --cap-drop 

--cap-add/--cap-drop examples •  Change the status of the container’s interfaces: •  Prevent any chown in the container: •  Allow all capabilities but mknod: docker run --cap-add=NET_ADMIN ubuntu sh –c “ip link eth0 down” docker run --cap-drop=CAP_CHOWN ... docker run --cap-add=ALL --cap-drop=MKNOD ... 

Adding host devices to a container •  You could use add devices by using a bind mount and --privileged . •  In the next release we will introduce the --device flag. •  To use your sound card without requiring privileged mode: docker run --device=/dev/snd:/dev/snd ... 

Remote volumes •  docker run -v /host/path:/container/path on a remote machine, like OSX & boot2docker! •  At first using fuse, but could be another “driver” later. https://github.com/bradfitz/docker/tree/fuse 

Thank you! Questions? http://docker.com http://hub.docker.com @docker - @vieux