The Docker Project delivers a complete open source platform to “build, ship, and run” any application, anywhere, using containers. The Docker Engine and the other main components (Compose, Machine,
and the SwarmKit orchestration system) are free; but Docker Inc. (the company who started the Docker Project) also has a complete commercial offering named “Docker EE” (for Enterprise Edition) that adds an extra set of features geared at larger organizations, as well as an extended support and release cycle.
In this talk, I will explain (and show with demos) what you can do using exclusively Docker CE (community, free edition) and which features are added by Docker EE. This talk is for you if you are in the process of selecting a container platform; or if you’re just curious, and want to know exactly what you can do (and cannot do) with Docker CE and EE.
5. Why this talk?
• Dispelling a few myths
• MYTH #1: “Docker Inc. doesn’t have a business model!”
• Docker Inc. sells commercial products, support, SAAS offerings
• Docker Inc. generates significant revenue & has customers like Visa, PayPal…
• This has been going on for a few years now
• MYTH #2: “Docker is only for development, not production!”
• People have been using Docker in production since 2013
• Using any kind of software in production is challenging
• To help, Docker Inc. has commercial products, support, ... you get the idea
• Helping you to decide if Docker is good for your app
14. Inspecting our application
• We want to:
• list deployed services and their status
• view container logs
• get a shell in a container
• Docker CE: we will use Docker’s CLI and API
• Docker EE: we will use UCP (Universal Control Plane)
There are also 3rd-party interfaces like Portainer, using the Docker API:
https://github.com/portainer/portainer
21. Security (CE & EE)
• Docker native clustering (“Swarm Mode”) uses the SwarmKit library
• SwarmKit has very strong security foundations:
• automatic TLS keying and signing
• full encryption of the control plane
• automatic cert and key rotation
• optional encryption of the data plane
(leveraging hardware crypto where available)
• least privilege architecture
(single-node compromise ≠ cluster compromise)
• on-disk encryption with optional passphrase
36. There is more …
• Run Docker anywhere
• on virtual or physical machines
• on embedded or energy-efficient platforms like ARM
• Run Windows applications
• Docker can run Linux and Windows containers
• Swarm can manage mixed clusters
• Run monolithic/legacy applications
• image2docker helps to “dockerize” existing apps
(similar to P2V programs)
• look for Docker’s “MTA” (modernize traditional apps) program!