Docker Spearheads OCI Release of v1.0 Runtime and Image Format Specifications

Today marks an important milestone for the Open Container Initiative (OCI) with the release of the OCI v1.0 runtime and image specifications – a journey that Docker has been central in driving and navigating over the last two years. It has been our goal to provide low-level standards as building blocks for the community, customers and the broader industry. To understand the significance of this milestone, let’s take a look at the history of Docker’s growth and progress in developing industry-standard container technologies.

The History of Docker Runtime and Image Donations to the OCI

Docker’s image format and container runtime quickly emerged as the de facto standard following its release as an open source project in 2013. We recognized the importance of turning it over to a neutral governance body to fuel innovation and prevent fragmentation in the industry. Working together with a broad group of container technologists and industry leaders, the Open Container Project was formed to create a set of container standards and was launched under the auspices of the Linux Foundation in June 2015 at DockerCon. It became the Open Container Initiative (OCI) as the project evolved that Summer.

Docker contributed runc, a reference implementation for the Continue reading

Demystifying the Open Container Initiative (OCI) Specifications

The Open Container Initiative (OCI) announced the completion of the first versions of the container runtime and image specifications this week. The OCI is an effort under the auspices of the Linux Foundation to develop specifications and standards to support container solutions. A lot of effort has gone into the building of these specifications over the past two years. With that in mind, let’s take a look at some of the myths that have arisen over the past two years.

Myth #1: The OCI is a replacement for Docker

Standards are important, but they are far from a complete production platform. Take for example, the World Wide Web. It  has evolved over the last 25 years and was built on core dependable standards like TCP/IP, HTTP and HTML. Using TCP/IP as an example, when enterprises coalesced around TCP/IP as a common protocol, it fueled the growth of routers and in particular – Cisco. However, Cisco became a leader in its market by focusing on differentiated features on its routing platform. We believe the parallel exists with the OCI specifications and Docker.

Docker is a complete production platform for developing, distributing, securing and orchestrating container-based solutions. The OCI specification is used Continue reading

Docker on Windows Webinar Q&A

Recently I presented Docker on Windows: from 101 to Modernizing .NET Apps, a live webinar on using Docker with Windows, and running .NET Framework apps in containers. The session was recorded and you can watch it on the Docker YouTube channel:

I start with the basics of Windows Docker containers, showing how to you can run containers from public images, and write Dockerfiles to package your own apps to run in containers.

Then I move onto Dockerizing a traditional ASP.NET WebForms app, showing you how to take existing apps and run them in Docker with no code changes, and then use the Docker platform to modernize the app – breaking features out of the monolithic codebase, running them in separate containers and using Docker to connect them.

I maxed out the session time (just like Mike with his Docker for the Sysadmin webinar), so here are the answers to questions raised in the session.

Q:  We have several servers hosting our frontend, some as middle tier hosting the services and we have some for the database. Shall we have a container for each service?

A: Docker doesn’t mandate any particular design, you can architect your move to Continue reading

The best way to learn Docker for Free: Play-With-Docker (PWD)

Last year at the Distributed System Summit in Berlin, Docker captains Marcos Nils and Jonathan Leibiusky started hacking on an in-browser solution to help people learn Docker. A few days later, Play-with-docker (PWD) was born. 

PWD is a Docker playground which allows users to run Docker commands in a matter of seconds. It gives the experience of having a free Alpine Linux Virtual Machine in browser, where you can build and run Docker containers and even create clusters in Docker Swarm Mode. Under the hood Docker-in-Docker (DinD) is used to give the effect of multiple VMs/PCs. In addition to the playground, PWD also includes a training site composed of a large set of Docker labs and quizzes from beginner to advanced level available at training.play-with-docker.com.

In case you missed it, Marcos and Jonathan presented PWD during the last DockerCon Moby Cool Hack session. Watch the video below for a deep dive into the infrastructure and roadmaps.

Over the past few months, the Docker team has been working closely with Marcos, Jonathan and other active members of the Docker community to add new features to the project and Docker labs to the training section.

PWD: the Playground

Here Continue reading

Ten Years of Spousetivities

A long time ago in a galaxy far, far away (OK, so it was 2008 and it was here in this galaxy—on this very planet, in fact), I posted an article about bringing your spouse to VMworld. That one post sparked a fire that, kindled by my wife’s passion and creativity, culminates this year in ten years of Spousetivities! Yes, Spousetivities is back at VMworld (both US and Europe) this year, and Crystal has some pretty nice events planned for this year’s participants.

Registration is here, and here’s a quick look at some of the activities planned for VMworld US in Las Vegas:

• On Monday, August 28, Spousetivities will kick the week off with a “Welcome Breakfast”, including—as usual!—the opportunity to win some great prizes. iPads, Apple Watches, VR headsets, GoPro cameras, and more have all been prizes in previous years. (What? You expected me to spill the beans on what’s being given away this year?)
• The breakfast is followed by a scavenger hunt, including a visit to an ice bar and the chance for more prizes. Veeam is sponsoring the scavenger hunt.
• On Tuesday, August 29, there is an option for a very cool helicopter tour Continue reading

Ten Years of Spousetivities

A long time ago in a galaxy far, far away (OK, so it was 2008 and it was here in this galaxy—on this very planet, in fact), I posted an article about bringing your spouse to VMworld. That one post sparked a fire that, kindled by my wife’s passion and creativity, culminates this year in ten years of Spousetivities! Yes, Spousetivities is back at VMworld (both US and Europe) this year, and Crystal has some pretty nice events planned for this year’s participants.

Registration is here, and here’s a quick look at some of the activities planned for VMworld US in Las Vegas:

• On Monday, August 28, Spousetivities will kick the week off with a “Welcome Breakfast”, including—as usual!—the opportunity to win some great prizes. iPads, Apple Watches, VR headsets, GoPro cameras, and more have all been prizes in previous years. (What? You expected me to spill the beans on what’s being given away this year?)
• The breakfast is followed by a scavenger hunt, including a visit to an ice bar and the chance for more prizes. Veeam is sponsoring the scavenger hunt.
• On Tuesday, August 29, there is an option for a very cool helicopter tour Continue reading

Ten Years of Spousetivities

A long time ago in a galaxy far, far away (OK, so it was 2008 and it was here in this galaxy—on this very planet, in fact), I posted an article about bringing your spouse to VMworld. That one post sparked a fire that, kindled by my wife’s passion and creativity, culminates this year in ten years of Spousetivities! Yes, Spousetivities is back at VMworld (both US and Europe) this year, and Crystal has some pretty nice events planned for this year’s participants.

Registration is here, and here’s a quick look at some of the activities planned for VMworld US in Las Vegas:

• On Monday, August 28, Spousetivities will kick the week off with a “Welcome Breakfast”, including—as usual!—the opportunity to win some great prizes. iPads, Apple Watches, VR headsets, GoPro cameras, and more have all been prizes in previous years. (What? You expected me to spill the beans on what’s being given away this year?)
• The breakfast is followed by a scavenger hunt, including a visit to an ice bar and the chance for more prizes. Veeam is sponsoring the scavenger hunt.
• On Tuesday, August 29, there is an option for a very cool helicopter tour Continue reading

Moby Summit alongside Open Source Summit North America

Since the Moby Project introduction at DockerCon 2017 in Austin last April, the Moby Community has been hard at work to further define the Moby project, improve its components (runC, containerd, LinuxKit, InfraKit, SwarmKit, Libnetwork and Notary) and fine processes and clear communication channels.

All project maintainers are developing these aspects in the open with the support of the community. Contributors are getting involved on GitHub, giving feedback on the Moby Project Discourse forum and asking questions on Slack. Special Interest Groups (SIGs) for the Moby Project components have been formed based on the Kubernetes model for Open Source collaboration. These SIGs ensure a high level of transparency and synchronization between project maintainers and a community of heterogeneous contributors.

In addition to these online channels and meetings, the Moby community hosts regular meetups and summits. Check out the videos and slides from the last DockerCon Moby May Summit and June Moby Summit to catch up on the latest project updates. The Moby Summit page on the Moby website contains the agenda and registration link for next Moby summit, as well as recaps of previous summit. 

The next Moby Summit will take Continue reading

Securing the AtSea App with Docker Secrets

Passing application configuration information as environmental variables was once considered best practice in 12 factor applications. However, this practice can expose information in logs, can be difficult to track how and when information is exposed, third party applications can access this information. Instead of environmental variables, Docker implements secrets to manage configuration and confidential information.

Secrets are a way to keep information such as passwords and credentials secure in a Docker CE or EE with swarm mode. Docker manages secrets and securely transmits it to only those nodes in the swarm that need access to it. Secrets are encrypted during transit and at rest in a Docker swarm. A secret is only accessible to those services which have been granted explicit access to it, and only while those service tasks are running.

The AtSea Shop is an example storefront application that can be deployed on different operating systems and can be customized to both your enterprise development and operational environments. The previous post showed how to use multi-stage builds to create small and efficient images. In this post, I’ll demonstrate how secrets are implemented in the application.

Creating Secrets

Secrets can be created using the command line or with a Compose file. The AtSea Continue reading

Docker for the SysAdmin Webinar Q&A

On June 27th I presented a webinar on “Docker for the SysAdmin”.  The webinar was driven by a common scenario I’m seeing: A sysadmin is sitting at her desk minding her own business when a developer walks in and says “here’s the the new app, it’s in a Docker image. Please deploy it ASAP”. This session is designed to help provides some guidance on how sysadmins should think about managing Dockerized applications in production.

In any case, I was a bit long-winded (as usual), and didn’t have time to answer all the Q&A during the webinar (and there were quite a few).

So, as promised, here are all the questions from that session, along with my answers.  If you need more info, hit me up on Twitter: @mikegcoleman

————

Q: I am planning an application deployment and want to use Docker. What cloud would you recommend at the moment? I have GCP, Azure, AWS under my belt. 1) TCO 2) Performance ?

A: Answering that would require me to understand your application on a pretty deep level, so I can’t really provide a specific response. I will say that if you choose one cloud provider today, and realize that Continue reading

The Linux Migration: July 2017 Progress Report

I’m now roughly six months into using Linux as my primary laptop OS, and it’s been a few months since my last progress report. If you’re just now picking up this thread, I encourage you to go back and read my initial progress report, see which Linux distribution I selected, or check how I chose to handle corporate collaboration (see here, here, and here). In this post, I’ll share where things currently stand.

My configuration is unchanged from the last progress report. I’m still running Fedora 25, and may consider upgrading to Fedora 26 when it releases (due to be released tomorrow, I believe). I’m still using the Dell Latitude E7370, which continues—from a hardware perspective—to perform admirably. CPU power is a bit limited, but that’s to be expected from a mobile-focused chip. My line-up of applications also remains largely unchanged as well.

Some things are working really well:

• Sublime Text runs really well and is quite fast, making it easy to continue using Markdown as my primary content format. Sublime Text’s performance and stability have been unparalleled.
• I’ve had no performance or stability issues with Firefox (for browsing) or Enpass (for password management).
• ODrive, Continue reading

The Linux Migration: July 2017 Progress Report

I’m now roughly six months into using Linux as my primary laptop OS, and it’s been a few months since my last progress report. If you’re just now picking up this thread, I encourage you to go back and read my initial progress report, see which Linux distribution I selected, or check how I chose to handle corporate collaboration (see here, here, and here). In this post, I’ll share where things currently stand.

My configuration is unchanged from the last progress report. I’m still running Fedora 25, and may consider upgrading to Fedora 26 when it releases (due to be released tomorrow, I believe). I’m still using the Dell Latitude E7370, which continues—from a hardware perspective—to perform admirably. CPU power is a bit limited, but that’s to be expected from a mobile-focused chip. My line-up of applications also remains largely unchanged as well.

Some things are working really well:

• Sublime Text runs really well and is quite fast, making it easy to continue using Markdown as my primary content format. Sublime Text’s performance and stability have been unparalleled.
• I’ve had no performance or stability issues with Firefox (for browsing) or Enpass (for password management).
• ODrive, Continue reading

The Linux Migration: July 2017 Progress Report

I’m now roughly six months into using Linux as my primary laptop OS, and it’s been a few months since my last progress report. If you’re just now picking up this thread, I encourage you to go back and read my initial progress report, see which Linux distribution I selected, or check how I chose to handle corporate collaboration (see here, here, and here). In this post, I’ll share where things currently stand.

My configuration is unchanged from the last progress report. I’m still running Fedora 25, and may consider upgrading to Fedora 26 when it releases (due to be released tomorrow, I believe). I’m still using the Dell Latitude E7370, which continues—from a hardware perspective—to perform admirably. CPU power is a bit limited, but that’s to be expected from a mobile-focused chip. My line-up of applications also remains largely unchanged as well.

Some things are working really well:

• Sublime Text runs really well and is quite fast, making it easy to continue using Markdown as my primary content format. Sublime Text’s performance and stability have been unparalleled.
• I’ve had no performance or stability issues with Firefox (for browsing) or Enpass (for password management).
• ODrive, Continue reading

What’s new in Docker 17.06 Community Edition (CE)

Docker 17.06 CE (Community Edition) is the first version of Docker built entirely on the Moby Project. New features include Multi-Stage Build, new Networking features, a new metrics endpoint and more! In this Online Meetup, Sophia Parafina, Docker Developer Relations Engineer, demo’d and reviewed these new features. Check out the recording below and slides.

Learn More about Docker 17.06 CE

Check out the announcement blog post or watch the video summary below.

To find out more about these features and more:

• Download the latest version of Docker CE
• Check out the Docker Documentation
• Play with these features on Play with Docker
• Ask questions in our forums and in the Docker Community Slack

Learn more about what’s new in #Docker 17.06 CE w/ @spara’s online #meetup video
Click To Tweet

The post What’s new in Docker 17.06 Community Edition (CE) appeared first on Docker Blog.

British Army Talks DevOps at AnsibleFest London 2017

AnsibleFest London on June 22 turned out to be our largest AnsibleFest to date with over 800 people from 25 countries. Thank you to everyone who attended.

Watch their talk below and stay tuned for the rest of the AnsibleFest London 2017 presentations. We will have all of them available for you soon!

Want to learn more about how the British Army is migrating its cloud infrastructure to Red Hat solutions? Read the latest press release.

Multi-Stage Builds

• it uses node.js to compile the ReactJs app into storefront
• it uses Spring Boot and Maven to make a standalone jar file
• it is deployed to a standalone JDK container
• the storefront is then included in the jar

Let’s look at the Dockerfile.

The react-app is an extension of create-react-app. From within the react-app directory we run AtSea’s frontend in local development mode.

The first stage of the build uses a Node base image to create a production-ready frontend build directory consisting of static javascript and css files. A Docker best practice is named stages, e.g. “FROM Continue reading

Five Questions: Windows Automation

For #AskAnsible posts, we interview Ansible experts on IT automation topics and ask them to share their direct experiences building automation solutions.

In this post, I’ve asked Matt Davis five questions about Ansible for Windows automation.

Matt Davis is a Senior Principal Software Engineer for Ansible, focused on Ansible's Windows support. He has over 20 years experience in software engineering, architecture and operations at companies large and small. An avid musician, maker and home hacker, Matt lives with his wife and daughter in Beaverton, Oregon. You can follow him on Twitter at @mattdavispdx.

1. How is Ansible for Windows different than System Center Configuration Manager (SCCM) or Powershell Desired State Configuration (DSC)?

Matt: SCCM is generally considered a legacy workstation-flavored management technology, dating from the mid 1990s (though many places use it for server management, too). It requires agents on the managed hosts, which must be installed, configured and kept up-to-date. SCCM executes many operations locally and asynchronously from the server, so it's often difficult to orchestrate interdependent changes across hosts, and to reason about the overall system state at any point in time as part of larger deployments.

DSC is a much more modern management technology, supporting both an Continue reading

Announcing Docker 17.06 Community Edition (CE)

Today we released Docker CE 17.06  with new features, improvements, and bug fixes. Docker CE 17.06 is the first Docker version built entirely on the Moby Project, which we announced in April at DockerCon. You can see the complete list of changes in the changelog, but let’s take a look at some of the new features.

We also created a video version of this post here:

Multi-stage builds

The biggest feature in 17.06 CE is that multi-stage builds, announced in April at DockerCon, have come to the stable release. Multi-stage builds allow you to build cleaner, smaller Docker images using a single Dockerfile.

Multi-stage builds work by building intermediate images that produce an output. That way you can compile code in an intermediate image and use only the output in the final image. So for instance, Java developers commonly use Apache Maven to compile their apps, but Maven isn’t required to run their app. Multi-stage builds can result in a substantial image size savings:

REPOSITORY          TAG                 IMAGE ID                CREATED              SIZE

maven      Continue reading

Docker at Nutanix .NEXT Conference – Visit us at Booth #S11

Today marks the start of Nutanix .NEXT Conference in Washington, D.C., the annual conference for Nutanix customers and partners. One of the major themes of the conference is hybrid cloud, and Docker will be there to demonstrate how Docker Enterprise Edition delivers application portability across different infrastructure platforms through a complete enterprise-ready Container as a Service (CaaS) solution for IT.

Docker and Nutanix will also be highlighting the Nutanix Docker Volume Plug-in (DVP), a Docker Certified Plugin available in the Docker Store. This plugin connects Docker containers to enterprise-grade persistent storage from Nutanix even as the container is powered on, powered off, or moved to a new host. As part of the certification process, Docker and Nutanix validate that the plugin is built with Docker recommended best practices and passes an additional suite of API compliance testing and vulnerability scanning. Docker EE customers also have access to support from both Docker and Nutanix.

Watch a Demo of Docker EE at Nutanix .NEXT

For those heading to Nutanix .NEXT, be sure to swing by booth #S11 to learn more about this plugin as well as other IT use cases for EE. Watch a demo and Continue reading

Moby Summit June 2017 Recap

On June 19 2017, 90 members of the Moby community gathered at Docker headquarter in San Francisco for the second Moby Summit.  This was an opportunity for the community to discuss the progress and future of the Moby project, two months after it was announced.

We started the day with an introduction by Solomon Hykes, and a look at the website redesign: the Moby project website now has a blog, an event calendar, a list of projects, and a community page with links to various community resources. The website code is open source, issues and PRs to make it better are welcome.

Then each team gave an update on their progress: Linuxkit, containerd, InfraKit, SwarmKit and LibNetwork, as well as the three new Moby Special Interest Groups, Linuxkit Security, Security Scanning & Notary and Orchestration Security. All these talks have been recorded and you can find the videos and slides below.

In the afternoon, we split into 5 Birds Of Feathers (BOF) sessions: runc/containerd, LinuxKit, InfraKit, Security, and Security Scanning. You can find links to the BOF Notes at the end of this post.

We ended the day with a recap of the BOF sessions, and Continue reading