Dockercon 2017 was the first Docker global conference that I attended. The conference was hosted in Austin, Texas. It was a memorable experience and I had lot of fun attending the conference. In this blog, I will share some of my experiences from Dockercon 2017. I have covered details on important announcements, keynote demos, Cool hacks, Sessions that I attended, Security workshop conducted by me and Docker team and key takeaways for me.
Following were key announcements as part of Keynote sessions:
- Moby opensource project – Moby is a framework to assemble specialized container systems. Docker is 1 of the assembled container systems from Moby. There can be other container systems that users can create. For example, 1 of the example demonstrated in keynote is to use Moby to build a container system to run Kubernetes on Mac. Moby is an effort to keep Docker open source projects and Docker product separate.
- Linuxkit – Linuxkit is a toolkit for building custom, minimal and immutable Linux distributions. This is used by Microsoft to run Linux containers in Windows. Linuxkit is 1 of the components of Moby that allows us to build a bootable container system. This system can be run either on bare-metal or on cloud.
- IBM is running Docker in their powerpc and Z systems.
- Oracle enterprise DB is available in Docker store and can be tried free for personal use.
- I am glad to mention the Cisco announcements. Cisco and Docker are partnering on Modernizing traditional applications(MTA) program. Contiv 1.0 is available as GA.
Live demos are a key part of Dockercon. These demos were done as part of keynote sessions from Solomon and Ben.
- Multistage Docker build to reduce Docker image size and desktop to cloud integration for moving applications across Swarms.
- Deploying an application securely with multiple services on Docker swarm cluster. The application was deployed with Docker compose using TLS, Secrets.
- Secure supply chain using DDC, Security scan and Docker secrets
- Deploying 3rd party VM applications with containers using image2docker and Docker datacenter. image2docker can do migration of VMs to Containers and this would be helpful for migrating legacy applications.
Following 2 hacks were done by Docker captains. These were selected from the many hacks submitted for Dockercon.
- PWD – play with Docker
PWD is a great tool for running Docker containers using browser without having to install Docker. This is great for workshops and it is also a good Docker beginner tool. For more details on PWD, please refer to my earlier blog here.
- FaaS – This is a framework for building serverless functions on Docker Swarm. The demo was a cool one with integration with Alexa service.
Following are the sessions that I attended over the Dockercon week:
- Cilium: Network and application security using BPF and XDP –
- Berkeley packet filter(BPF) and extended data processing(XDP) runs in Linux kernel.
- Learnt use cases of BPF where policy can be forced at network layer inside linux kernel using BPF.
- Cilium can be used as Docker networking plugin.
- XDP extends BPF to network drivers which makes packet filtering even faster. Facebook says that XDP is 10 times faster with switching packets.
- Solving the storage problem for cloud-native applications – Portworx
- Portworx is a container storage solution that is trying to solve the big problem of persistent container storage. This is a complex problem to solve and there are many players trying to address this problem.
- Scaling App defense with intent based security – Twistlock
- This session went into details of Twistlock container security platfrom. Dynamic secure policies can be created by Twistlock automatically.
- Docker networking: from application plane to Data plane
- Covered Docker networking from beginning to now including tools to debug common Docker networking issues.
- Infinit’s next generation key value store
- Covered how Infinit’s solution is unique, distributed and scalable. Object store and file system can be on top of key-value store, this is targeted for 4th quarter of this year.
- Journey to Docker production: evolving your infrastructure and processes
- Talk from Docker Captain Bret fisher – Explained the production considerations for small and big Docker clusters.
- Container performance analysis – Netflix
- Netflix tools to debug container performance. Covered tools like Netflix victor, titus, flame graphs.
- From ARM to Z: multi-platform Docker swarm
- Cross-platform containers using manifest tool. Same container image can be used across multiple platforms so that developer don’t need to remember platform details.
- Building a secure app with Docker
- Best practices to be followed for building secure applications
I am eagerly waiting to watch the recording of the other sessions.
I conducted Docker Security workshop along with Nigel, Nass, Matt. Nigel is a Docker captain and Nass and Matt are from Docker team. Around 50 folks attended the session. It was a 3 hr session with presentations and labs on different Docker security topics including Swarm mode, Content trust, Security scan, Networking, Secrets and Linux container security features. The labs were done on AWS cloud. The session was interactive and we got interesting questions from the audience. The labs and the slides are posted here.
What I enjoyed the most
- Meeting the folks in person with whom I have interacted over mails and slack
- Keynote demos
- Interacting with other Docker captains. Docker has an amazing Captains group and I am privileged to be part of the group. From Bangalore, 2 other Docker captains Neependra and Ajeet also attended the conference. Following picture was taken in the Captains summit.
- Captains discussion with Solomon Hykes.
- Presenting and interacting with folks in Docker Security workshop
- Seeing overall Docker excitement with attendees
- Talking to companies in their booth and understanding container ecosystem
- Everyday after conference party…