Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What's new in the latest Docker release and Docker Hub @ braintree

What's new in the latest Docker release and Docker Hub @ braintree

Small presentation about what's new in the Docker Platform

Victor Vieux

August 19, 2014
Tweet

More Decks by Victor Vieux

Other Decks in Technology

Transcript

  1. Docker Meetup - @braintree – 08/19/2014 What’s new in the

    latest Docker release and Docker Hub Victor Vieux, Docker Inc. @vieux
  2. Some numbers Date   06/09/2014   08/19/2014   Docker  version

      1.0   1.1.2   #  of  pulls   2,943,991   13,198,885   +350%   #  of  pushes   105,663   262,435   +150%   #  of  repositories   15,437   29,666   +100%  
  3. docker pause & docker unpause •  We added the ability

    to pause a container (freeze the process inside it). •  So it’s now safe to commit a running container because it’ll be paused automatically.
  4. docker run --net=container:c1 ubuntu sh \ -c “echo test |

    nc 127.0.0.1 80” Networking strategies •  --net=container:<container_id> : share the network stack of another container docker run --name c1 ubuntu nc –l 127.0.0.1 80
  5. Networking strategies •  --net=none : disable networking completely, the container

    only gets a loopback interface. https://docs.docker.com/reference/run/#network-settings
  6. .dockerignore •  Exclude some directories when sending the context the

    daemon during a build •  For example most of the time you could add the .git folder to the .dockerignore https://docs.docker.com/reference/builder/#dockerignore
  7. COPY instruction •  ADD without download and untar •  Please

    use COPY if it’s only what you need! https://docs.docker.com/reference/builder/#copy
  8. ..and tons of other improvements! •  Overall performance and stability

    •  Logs tailing with docker logs --tail •  IPv6 support in --dns •  Filter client output with docker ps –-filter •  docker rm -f now kills container before removal instead of stop. •  Testing framework and code coverage https://github.com/docker/docker/blob/master/CHANGELOG.md
  9. Fine grain control over capabilities •  Docker defines a whitelist

    of capabilities, all the other are dropped. •  --privileged was introduced to grant access to all the capabilities. •  In the release we will introduce --cap-add and --cap-drop
  10. --cap-add/--cap-drop examples •  Change the status of the container’s interfaces:

    •  Prevent any chown in the container: •  Allow all capabilities but mknod: docker run --cap-add=NET_ADMIN ubuntu sh –c “ip link eth0 down” docker run --cap-drop=CAP_CHOWN ... docker run --cap-add=ALL --cap-drop=MKNOD ...
  11. Adding host devices to a container •  You could use

    add devices by using a bind mount and --privileged . •  In the next release we will introduce the --device flag. •  To use your sound card without requiring privileged mode: docker run --device=/dev/snd:/dev/snd ...
  12. Restart policies •  Restart the container as soon as it

    exits: docker run --restart=always redis •  Restart the container only when it fails, up to 5 times: docker run --restart=on-failure:5 redis •  Default if no restart (as today)
  13. Remote volumes •  docker run -v /host/path:/container/path on a remote

    machine, like OSX & boot2docker! •  At first using fuse, but could be another “driver” later. https://github.com/bradfitz/docker/tree/fuse
  14. Spawning multiple commands •  Spawn a redis server docker run

    --name redis-master redis •  Spawn a bash docker exec -it redis-master bash •  Trigger save of the dataset docker exec redis-master redis-cli “save” https://github.com/docker/docker/pull/7409
  15. Improved logging •  New logging drivers: –  none –  default

    –  syslog •  Configuration via --logging-opt https://github.com/docker/docker/issues/7195 docker -d --logging default \ --logging-opt truncation=20mb \ --logging-opt rotation=1gb