What’s new in Docker 17.06 Community Edition (CE)

Docker 17.06 CE (Community Edition) is the first version of Docker built entirely on the Moby Project. New features include Multi-Stage Build, new Networking features, a new metrics endpoint and more! In this Online Meetup, Sophia Parafina, Docker Developer Relations Engineer, demo’d and reviewed these new features. Check out the recording below and slides.

Learn More about Docker 17.06 CE

Check out the announcement blog post or watch the video summary below.

To find out more about these features and more:

• Download the latest version of Docker CE
• Check out the Docker Documentation
• Play with these features on Play with Docker
• Ask questions in our forums and in the Docker Community Slack

Learn more about what’s new in #Docker 17.06 CE w/ @spara’s online #meetup video
Click To Tweet

The post What’s new in Docker 17.06 Community Edition (CE) appeared first on Docker Blog.

Multi-Stage Builds

• it uses node.js to compile the ReactJs app into storefront
• it uses Spring Boot and Maven to make a standalone jar file
• it is deployed to a standalone JDK container
• the storefront is then included in the jar

Let’s look at the Dockerfile.

The react-app is an extension of create-react-app. From within the react-app directory we run AtSea’s frontend in local development mode.

The first stage of the build uses a Node base image to create a production-ready frontend build directory consisting of static javascript and css files. A Docker best practice is named stages, e.g. “FROM Continue reading

Announcing Docker 17.06 Community Edition (CE)

Today we released Docker CE 17.06  with new features, improvements, and bug fixes. Docker CE 17.06 is the first Docker version built entirely on the Moby Project, which we announced in April at DockerCon. You can see the complete list of changes in the changelog, but let’s take a look at some of the new features.

We also created a video version of this post here:

Multi-stage builds

The biggest feature in 17.06 CE is that multi-stage builds, announced in April at DockerCon, have come to the stable release. Multi-stage builds allow you to build cleaner, smaller Docker images using a single Dockerfile.

Multi-stage builds work by building intermediate images that produce an output. That way you can compile code in an intermediate image and use only the output in the final image. So for instance, Java developers commonly use Apache Maven to compile their apps, but Maven isn’t required to run their app. Multi-stage builds can result in a substantial image size savings:

REPOSITORY          TAG                 IMAGE ID                CREATED              SIZE

maven      Continue reading

Docker at Nutanix .NEXT Conference – Visit us at Booth #S11

Today marks the start of Nutanix .NEXT Conference in Washington, D.C., the annual conference for Nutanix customers and partners. One of the major themes of the conference is hybrid cloud, and Docker will be there to demonstrate how Docker Enterprise Edition delivers application portability across different infrastructure platforms through a complete enterprise-ready Container as a Service (CaaS) solution for IT.

Docker and Nutanix will also be highlighting the Nutanix Docker Volume Plug-in (DVP), a Docker Certified Plugin available in the Docker Store. This plugin connects Docker containers to enterprise-grade persistent storage from Nutanix even as the container is powered on, powered off, or moved to a new host. As part of the certification process, Docker and Nutanix validate that the plugin is built with Docker recommended best practices and passes an additional suite of API compliance testing and vulnerability scanning. Docker EE customers also have access to support from both Docker and Nutanix.

Watch a Demo of Docker EE at Nutanix .NEXT

For those heading to Nutanix .NEXT, be sure to swing by booth #S11 to learn more about this plugin as well as other IT use cases for EE. Watch a demo and Continue reading

Moby Summit June 2017 Recap

On June 19 2017, 90 members of the Moby community gathered at Docker headquarter in San Francisco for the second Moby Summit.  This was an opportunity for the community to discuss the progress and future of the Moby project, two months after it was announced.

We started the day with an introduction by Solomon Hykes, and a look at the website redesign: the Moby project website now has a blog, an event calendar, a list of projects, and a community page with links to various community resources. The website code is open source, issues and PRs to make it better are welcome.

Then each team gave an update on their progress: Linuxkit, containerd, InfraKit, SwarmKit and LibNetwork, as well as the three new Moby Special Interest Groups, Linuxkit Security, Security Scanning & Notary and Orchestration Security. All these talks have been recorded and you can find the videos and slides below.

In the afternoon, we split into 5 Birds Of Feathers (BOF) sessions: runc/containerd, LinuxKit, InfraKit, Security, and Security Scanning. You can find links to the BOF Notes at the end of this post.

We ended the day with a recap of the BOF sessions, and Continue reading

Your Docker Agenda for Cisco Live 2017 – Booth #2900B

Whether you are containerizing legacy apps to accelerate datacenter refresh or planning your first microservices application, Docker and Cisco deliver integrated solutions that have been tested to perform at scale – up to thousands of containers.

Add these Docker sessions to your schedule:

Tuesday, Jun 27, 1:20 pm – 1:30pm | Cloud Education Zone 
Title: Maximize ROI by Modernizing Traditional Apps with Docker and Cisco 

Tuesday, Jun 27, 3:30 pm – 4:30 pm | Level 3, South Seas A
Title: Containers and Microservices to Accelerate your Digital Business
Session ID: PSOCLD-1225
Learn how the Cisco Datacenter and Cloud portfolio and Docker Enterprise Edition are modernizing traditional apps and delivering new microservices to enable digital transformation in the enterprise.

Thursday, Jun 29, 12:40 pm – 12:50 pm | Datacenter & Cloud Education Zone
Title: Docker Enterprise Edition Continue reading

Build and deploy hybrid applications in Azure using Docker Enterprise Edition

Don’t miss the Azure OpenDev event on June 21 2017 at 9am PDT.

Is your organization asking you to modernize a traditional app that uses old code to make it simpler to deploy and more scalable based on customer demand – what to do?

Scott Johnston, COO and Michael Friis, Product Manager at Docker will highlight two use cases that demonstrate how Docker and Microsoft are working together to help developers and IT-Pros build and deploy hybrid apps using Docker Enterprise Edition that span on-premises and Azure. Scott and Michael will also show how to use Docker to build microservices-based solutions on Azure and create agile software delivery pipelines in the cloud.

Scott Johnston’s session will cover the first use case: “Modernize Traditional Applications (MTA)” – a program that enables IT organizations to modernize legacy applications, transforming them in hybrid cloud deployments while simultaneously realizing substantial savings in their total cost of ownership (TCO). In partnership with companies such as Avanade and Microsoft, Docker is helping organizations containerize existing .NET Windows or Java Linux applications without modifying source code or re-architecting the applications. The applications can then be easily deployed to Azure in minutes.

This, addresses two major realities that Continue reading

Docker and Booz Allen Hamilton Modernize Traditional Apps in Government IT

Existing applications and infrastructure account for the majority of IT spend in maintenance and support. Docker and Booz Allen Hamilton are partnering together to help Federal agencies modernize traditional apps with Docker Enterprise Edition (EE), deploy onto modern infrastructure to save infrastructure and operational costs, increase security and gain workload portability.

This program helps accelerate the path to modern microservices and infrastructure with containers:

1. First by containerizing the app in place and using container architecture to break up the app into smaller services over time
2. The full stack portability provided by Docker EE allows for workload consolidation for greater app density per server, accelerate hardware refresh cycles and cloud migration.
3. Lastly, Docker EE provides new levels of security for the legacy app. Scanning provides binary level visibility into components and their security profile for proactive remediation and configurable isolation properties can greatly reduce the attack surface area

View the webinar on demand here:

Here are some of the top Q&A from the session:

Q: What does Image2Docker exactly capture in the VM?

A: Image2Docker captures the application in the VM and pulls out what can be provided by the base image or the underlying linux/win kernel.

Q: When it Continue reading

Planning Your DockerCon Europe Week

DockerCon week is a busy week with so much information to absorb, people to meet and talks to attend. Here’s a quick agenda summary to make sure you know how to plan your travel and get the most out of your DockerCon Europe experience in Copenhagen.

Register for DockerCon Europe 2017

Monday 16 October

Monday is when the first attendees start arriving for DockerCon. Attendees who have signed up for Paid-Workshops or want to check in and pick up their badge and backpacks early should plan to be in Copenhagen by Monday morning. Monday is also a great day to get a jump start on meeting other attendees. You’ll be able to book Moby Mingles that help you connect with other attendees on topics you are both interested in learning or mentoring about.

Overview of Monday:

• Paid Workshops (these are not included in your Full Conference Pass)
• Registration Check-in
• Moby Mingle
• Evening Welcome reception in the Ecosystem Expo

Tuesday 17 October – Wednesday 18 October

Tuesday and Wednesday are full conference days. Each morning starts with a General Session presented by the Docker team and guest speakers to present the latest product announcements and use cases. Following the general sessions Continue reading

Docker Enterprise Edition enters FIPS certification process

Security is a key pillar of the Docker Enterprise Edition (EE)  platform. From built in features automatically configured out of the box to a new secure supply chain and flexible yet secure configurations that are portable with the app from one environment to another – enabling the most secure infrastructure and applications is paramount.

In addition to all the security features, ensuring that the Docker platform is validated against widely-accepted standards and best practices is a critical aspect of our product development as this enables companies and agencies across all industries to adopt Docker containers. The most notable of these standards is that of the Federal Information Processing Standard (FIPS) Publication 140-2, which validates and approves the use of various security encryption modules within a software system.

Today, we’re pleased to announce that the Docker EE cryptography libraries are at the “in-process” phase of the FIPS 140-2 Level 1 Cryptographic Module Validation Program.

This is just one of the many initiatives Docker is driving to support agencies in the adoption of Docker and deployment of container applications in a secure and compliant manner.  In addition to starting the FIPS certification process, below are the other compliance initiatives to date:

• Introduce Continue reading

Docker Enterprise Edition Now on G-Cloud 9 Framework

Docker Enterprise Edition (EE) has been accepted to G-Cloud 9, further exemplifying Docker’s commitment to delivering tools for application modernization and innovation across the UK public sector.

G-Cloud 9 is the UK government’s latest framework that is designed to simplify and accelerate adoption of cloud-based services within the public sector. The inclusion of Docker Enterprise Edition subscriptions, training and Professional Services Organization (PSO) within HM Government Crown Commercial Service’s (CCS) G-Cloud 9 Framework gives UK public sector organizations the opportunity to procure the de facto container solution through the online store known as the “Digital Marketplace” without needing to run a full tender, competition or lengthy procurement process.

Docker’s meteoric rise within enterprise-class business has been built on its ability to be agnostic, agile and secure – whether for hybrid cloud migration, modernizing the application stack or adopting a DevOps methodology.

Bringing application modernization to the public sector

With the UK government’s shift to cloud and DevOps, and move away from locked-down IT contracts in favor of smaller suppliers, Docker perfectly addresses these needs by giving  UK public sector organizations the ability to innovate, transform, define, select and control their infrastructure. Additionally, these organization can retain staff who now feel engaged as they can run their programs Continue reading

Webinar Q&A: Docker Enterprise Edition Demo

Docker Enterprise Edition (EE) is designed for enterprise development and IT teams who build, ship and run business critical applications in production at scale. Docker EE provides a fully integrated solution that includes the container engine, built-in orchestration, a private registry, and container lifecycle management to help you build a secure software supply chain. As an enterprise-grade offering with access to SLA-backed technical support and validated integrations to leading 3rd party images, plug-ins, and infrastructure, Docker EE can help organizations deliver Containers as a Service (CaaS) to improve IT efficiency, make applications more portable for the public cloud, and more secure through a smaller attack surface and image signing and scanning.

Watch the following webinar as Moni Sallam and I highlight some key use cases for Docker Enterprise Edition and how it differs from Community Edition. Moni also provides a demo of how end-to-end container lifecycle management can be securely controlled through Docker EE.

Here are some of the top questions from the live session:

Q: Can we Dockerize Windows apps?

A: Yes! Docker has partnered with Microsoft to deliver a native Docker container platform with Windows Server 2016. Docker containers can also be run on Windows Server and Windows Continue reading

Docker for AWS and Azure: Secure By Default Container Platform

Docker for AWS and Docker for Azure are much more than a simple way to setup Docker in the cloud. In fact they provision by default an infrastructure with security in mind to give you a secure platform to build, ship and run Docker apps in the cloud. Available for free in Community Edition and as a subscription with support and integrated management in Enterprise Edition, Docker for AWS and Docker for Azure allow you to leverage pre-configured security features for your apps today – without having to be a cloud infrastructure expert.

You don’t have to take our word for it – in February 2017, we engaged NCC Group, an independent security firm, to conduct a security assessment of Docker for AWS and Docker for Azure. Included in this assessment is Docker for AWS and Docker for Azure Community Edition and Enterprise Edition Basic. This assessment took place from February 6-17. NCC Group was tasked with assessing whether these Docker Editions not only provisioned secure infrastructure with sensible defaults, but also leveraged and integrated the best security features of each cloud. We’d like to openly share their findings with you today.

NCC Group evaluated our security model and defaults, including:

• Cloud-specific Continue reading

Online meetup recap: Introduction to LinuxKit

At DockerCon 2017 we introduced LinuxKit: A toolkit for building secure, lean and portable Linux subsystems. Here are the key principles and motivations behind the project:

• Secure defaults without compromising usability
• Everything is replaceable and customizable
• Immutable infrastructure applied to building Linux distributions
• Completely stateless, but persistent storage can be attached
• Easy tooling, with easy iteration
• Built with containers, for running containers
• Designed for building and running clustered applications, including but not limited to container orchestration such as Docker or Kubernetes
• Designed from the experience of building Docker Editions, but redesigned as a general-purpose toolkit
• Designed to be managed by external tooling, such as Infrakit or similar tools
• Includes a set of longer-term collaborative projects in various stages of development to innovate on kernel and userspace changes, particularly around security

For this Online Meetup, Docker Technical Staff member Rolf Neugebauer gave an introduction to LinuxKit, explained the rationale behind its development and gave a demo on how to get started using it.

Watch the recording and slides

You’ll find below a list of additional questions asked by attendees at the end of the online meetups:

You said the ONBOOT containers are run sequentially, does it wait for one to finish before it Continue reading

Announcing the Docker Student Developer Kit & Campus Ambassador Program!

For quite some time now we have been receiving daily requests from students all over the world, asking for our help learning Docker, using Docker and teaching their peers how to use Docker. We love their enthusiasm, so we decided it was time to reach out to the student community and give them the helping hand they need!

Understanding how to use Docker is now a must have skill for students. Here are 5 reasons why:

1. Understanding how to use Docker is one of the most important skills to learn if you want to advance in a career in tech, according to Business Insider.
2. You can just start coding instead of spending time setting up your environment.
3. You can collaborate easily with your peers and enable seamless group work: Docker eliminates any ‘works on my machine’ issues.
4. Docker allows you to easily build applications with a modern microservices architecture.
5. Using Docker will greatly enhance the security of your applications.

Getting Started with Docker

Are you a student who is excited about the prospect of using Docker but still don’t know exactly what Docker is or where to start learning? Now that your finals are over and you have all Continue reading

Docker Security at PyCon: Threat Modeling & State Machines

The Docker Security Team was out in force at PyCon 2017 in Portland, OR, giving two talks focussed on helping the Python Community to achieve better security. First up was David Lawrence and Ying Li with their “Introduction to Threat Modelling talk”.

Threat Modelling is a structured process that aids an engineer in uncovering security vulnerabilities in an application design or implemented software. The great majority of software grows organically, gaining new features as some critical mass of users requests them. These features are often implemented without full consideration of how they may impact every facet of the system they are augmenting.

Threat modelling aims to increase awareness of how a system operates, and in doing so, identify potential vulnerabilities. The process is broken up into three steps: data collection, analysis, and remediation. An effective way to run the process is to have a security engineer sit with the engineers responsible for design or implementation and guide a structured discussion through the three steps.

For the purpose of this article, we’re going to consider how we would  threat model a house, as the process can be applied to both real world scenarios in addition to software.

Data Collection

Five categories of Continue reading

Get involved with the Moby Project by attending upcoming Moby Summits!

Last month at DockerCon, we introduced the Moby Project: an open-source project sponsored by Docker to advance the software containerization movement. The idea behind the project is to help the ecosystem take containers mainstream by providing a library of components, a framework for assembling them into custom container-based systems and a place for all container enthusiasts to experiment and exchange ideas. Going forward, Docker will be assembled using Moby, see Moby and Docker or the diagram below for more details.

Moby Summit at DockerCon 2017

Knowing that that a good number of maintainers, contributors and advanced Docker users would be attending DockerCon, we decided to organize the first Moby Summit in collaboration with the Cloud Native Computing Foundation (CNCF). The summit was a small collaborative event for container hackers who are actively maintaining, contributing or generally involved or interested in the design and development of components of the Moby project library in particular: LinuxKit, containerd, Infrakit, SwarmKit, libnetwork and Notary.

Here’s what we covered during the first part of the summit:

• 0:05 – Opening words by Patrick Chanezon
• 9:05 – Moby Project Q&A with Solomon Hykes and Justin Cormack
• 60:14 – Quick update on containerd by Michael Continue reading

Spring Boot Development with Docker

The AtSea Shop is an example storefront application that can be deployed on different operating systems and can be customized to both your enterprise development and operational environments. In my last post, I discussed the architecture of the app. In this post, I will cover how to setup your development environment to debug the Java REST backend that runs in a container.

Building the REST Application

I used the Spring Boot framework to rapidly develop the REST backend that manages products, customers and orders tables used in the AtSea Shop. The application takes advantage of Spring Boot’s built-in application server, support for REST interfaces and ability to define multiple data sources. Because it was written in Java, it is agnostic to the base operating system and runs in either Windows or Linux containers. This allows developers to build against a heterogenous architecture.

Project setup

The AtSea project uses multi-stage builds, a new Docker feature, which allows me to use multiple images to build a single Docker image that includes all the components needed for the application. The multi-stage build uses a Maven container to build the the application jar file. The jar file is then copied to a Java Development Kit image. This Continue reading

Docker Federal Summit Recap and videos

On May 2nd, Docker returned to the Newseum to host the second annual Docker Federal Summit.  This one day event is designed to bring government agency developers, IT ops, program leaders and the ecosystem together to share and learn about the trends driving change in IT from containers, cloud and devops.  We expanded the agenda this year two tracks, with presentations from Docker, ecosystem partners, agency and community leaders to drive discussions, technology deep dives and hands on tutorials.

View the general session replay here:

General session table of content and slides

• 13:05 Iain Gray, SVP Customer Success discusses how Docker delivers a unique secure supply chain for all applications and infrastructure
• 33:35 Nathan McCauley, Director Security Engineering discusses the principles of least privilege design on which Docker is built
• 55:30 Modernize Traditional Apps to gain portability, security and efficiency without changing source code
• 59:13 Banjot Chanana, Senior Director Products delivers an overview and demo of Docker Enterprise Edition

In addition, the following breakout sessions dove deeper into pragmatic advice, security, development, cloud and compliance.

• Lessons Learned from Deploying Containers in Production featuring a panel discussion with Booz Allen Hamilton, JIDO, GSA and USCIS
• Scaling and Securing Applications on Your Continue reading

Developing a Spring Boot app on Docker: The AtSea Demo App

This is the first of a series of blog posts that demonstrates using Docker to develop a typical web application and deploying it in production. For DockerCon 2017, we wanted to build a new demo application that would demonstrate the flexibility of using Docker in development as well as showcase the features of Docker in a production environment. The result was the AtSea Shop, a storefront application that can be deployed on different operating systems and can be customized to both your enterprise development and operational environment.

A Hybrid Architecture

The team decided on a few ground rules. First, we wanted to use modern components commonly used in enterprise applications. We decided to build a Java application using the Spring Boot framework. The web client is a javascript application written using React as a framework.  Second, the application should be able to use any relational database and that it could be deployed on a Linux or Windows environment or cluster. Finally, the team wanted to show the process from development to deployment including building the application, implementing security, and deploying the application.

The application combines a typical Java n-tier architecture that uses Spring Boot’s web MVC framework for the REST API Continue reading