This was presented by Steven Thwaites, Technical Solutions Engineer at Docker at Cloud Expo Asia. Docker is the only Containers-as-a-Service platform for IT that manages and secures diverse applications across disparate infrastructure, both on-premises and in the cloud. It covers topics like:
VMs vs Containers
The Docker Ecosystem
How to Build and Ship your Docker Image
Unique Advantages with Docker EE and more
3. Docker is the only Containers-as-a-Service platform for IT that manages and secures
diverse applications across disparate infrastructure, both on-premises and in the cloud
Multi-Architecture
Operations
Infrastructure Independence
Secure Software
Supply Chain
COST SAVINGS
Linux Mainframe AWS Azure Other Public
Clouds
Windows
ENGINE FOR INNOVATION
DOCKER ENTERPRISE EDITION
4. Evolution of the Docker Platform
A project spun out of a PaaS
2013
Developer
Community
Need to experiment
and innovate with
leading edge tech
5. Evolution of the Docker Platform
Many purposes, users and infrastructure
Today
Developer
Community
Need to experiment
and innovate with
leading edge tech
Ops
Community
Need a predictable
system to deploy
and run apps
Enterprise
Run business
critical apps at
scale anywhere
Partner
Ecosystem
Extend and add
value to a platform
with a shared path
to monetization
7. VMs vs Containers
They’re Different, not mutually exclusive
INFRASTRUCTURE
HOST OS
DOCKER
ENGINE
STACK A
APP A
STACK A
APP B
STACK C
APP C
LIKE VMs
UNLIKE VMs
• Offer isolation between software
• A layer of abstraction between the app and the
metal
• Can be software defined
• Do not start an entire OS for each instance
○ Lighter-weight (often MBs)
○ Start in miliseconds
• Separate the app from everything else
• Explicit, least-privilege security
• Immutable, verifyable content
• Built-in orchestration operations
8. Building a Docker Image
Using a Dockerfile to build a container’s Read-Only Filesystem Layers
FROM ubuntu:15.04
RUN apt-get install
COPY . /app
RUN make /app
Dockerfile Running Container
1
2
3
4
9. Shipping your Docker Image - manually
Building locally, and pushing to a registry for reuse
$ docker build -t reg.corp.com/appteam/corpapp:1.4 .
$ docker push reg.corp.com/appteam/corpapp:1.4
New layers
pushed
Registry
stores
images
New layers
pulled
Other
Devs/Admins
Engines
FROM ubuntu:15.04
RUN apt-get install
COPY . /app
RUN make /app
1
2
3
4
Dev/Admin
Dockerfiles in
VCS
Base layers
pulled
10. Shipping your Docker Image - automatically
Using a pipeline to automate app build, test and deployment
$ git commit -am “FIX #504 fix that thing”
$ git push origin master
Build Cluster Production
- Dockerfiles
- Stack files
- Application code
- Configuration
1
2
3
4
Dev/Admin
Registry
CI
Build Apps Build Images
Dev/UAT
Integration Staging
Push
Pull
11. Building a Docker Service
Using a Compose / Stack File to define Services
services:
web:
image: nginx
port:
- 80:80
network:
- frontend
deploy:
replicas: 5
database:
image: postgres
port:
- 5000
network:
- backend
volume:
- db_store
nginx
ervice
tcp/80
postgres
service
tcp/5000
www.example.com
db_store
volume
stack.yml Deployment
backend network
12. The Docker Editions
Advancing the container industry
with new open source projects
LinuxKit
Toolkit for building secure, lean and
portable Linux subsystems
Moby Project
Library of components and
framework for container ecosystem
Open Source
Small DIY teams to started with
Docker
Free to use and available for
desktop, cloud and community
Linux distros
Includes swarm mode
orchestration, security and
networking.
Community Edition
(CE)
Enterprise IT teams that build and
run critical apps at scale in
production
Subscription (software, support and
certification) for cloud, enterprise
x86, mainframe Linux and Windows
Server 2016
Includes integrated orchestration,
management, security and access
control.
Enterprise Edition
(EE)
13. Image RegistrySecurity scan
& sign
Traditional
Third Party
Microservices
docker store
DEVELOPERS IT OPERATIONS
Control
Plane
Docker EE Workflow
Multi-platform for existing and new apps
14. UNIFORMLY OPERATE, MANAGE, AND SECURE WINDOWS AND LINUX CONTAINERS
Node
Manager
Node
Worker
Node
Manager
Node
Manager
Node
Worker
Node
Worker
Node
Worker
Worker Nodes
docker
universal control plane
trusted registry
KEY FEATURES
BENEFITS
• Extend enterprise security features like image
signing, image scanning, and secrets management
to both Windows and Linux worker nodes
• Leverage the same LDAP/AD integration and
RBAC rules across Windows and Linux nodes
• Visualize all apps in the same environment
• Improve resource utilization and incur less
management overhead with centralized
management across Windows and Linux apps
• Reduce risk with consistent processes and policies
across Windows and Linux apps
Mixed Windows and Linux Clusters
16. Unique Advantages with Docker EE
Secure Hybrid
Orchestration
Infrastructure
Independence
Unified Software
Supply Chain
• Define application-centric
policies and boundaries
• Manage diverse applications
across mixed infrastructure
with secure segmentation
• Improve SDLC across hybrid
apps and infrastructure
through app-centric policies
• Consistently manage all
apps and infrastructure
• Easily “lift and shift” apps
onto new infrastructure
• Support both traditional and
microservice apps on any
infrastructure
17. Methodology: Docker EE Modernizes
Apps and Infrastructure
Existing
Application
Modern
Methodologies
Integrate to CI/CD
and automation
system
Convert to a
container
with Docker EE
The quickest way to cut into that 80%
Modern
Infrastructure
Built on premise, in the
cloud, or as part of a
hybrid environment.
Modern
Microservices
Add new services or
start peeling off
services from monolith
code base
App
18. Get Started
Today
Existing
Application
Convert to a
container
with Docker EE
The quickest way to cut into that 80%
Modern
Infrastructure
Built on premise, in the
cloud, or as part of a
hybrid environment.
App
What’s Included
• 1 week onsite support /3 weeks remote
• Deploy Docker EE to cloud or on prem
infrastructure
• Containerize one application
• End-to-end app deploy using Docker EE
• App operations using Docker EE
In the first week
• Containerize App Components
• Compose App Components
• Deploy App Stack to Docker EE
• Docker EE platform and tools showcase
• Performance testing and tuning
20. The small-scale setup we’ll be showing you today
Node
Manager
Node
Node
Manager
Node
Manager
Node Node W Node W
Worker Nodes
docker
universal control plane
trusted registry
DEMO ENVIRONMENT
• Running in AWS
• Ubuntu Linux workers and managers
• DTR and UCP deployed
• Jenkins CI deployed as containers
Demo Environment
WW
21. Docker Glossary
Docker Engine
Creates & Runs
containers
Docker Registry
Package & Distribution of
Images
Docker Compose
Defines a Service
Docker Swarm
Native Host
Clustering
Image
Series of Read-Only
File System Layers
Container
Efficient, Lightweight,
Self-Contained Systems