Monday, November 16, 2015

DockerCon EU Day 1 Keynote "Live Blog"

Going to try something new here on The Cloudcast. It's been a long time since I did a blog, I'm at Dockercon EU this week and there was some interest on Twitter to get more info out about the keynote. Wireless was down during the show so this is a "semi-Live Blog". Might be some typos in here and this is a brain dump as things happened during the keynote.

- About 1500 attendees at the event
- Ben (CEO) on stage:
- Ben talking about Docker public image and that it is perceived as “just a developer tool”, they are much more
- Docker is about building tools of mass innovation - quote by Solomon

Stats Time:
- Docker has nearly 2000 contributors to the Docker project, over 10,000 pull requests
- global metope communities highlighted - 215 groups, 63 countries
- Over 60,000 project on GitHub have Docker in the title
- State of the Project:
- 240k dockerized applications, 1.3billion Docker Hub pulls, 5.6M Docker Hub pulls per day
- Docker has evolved from a container technology into an entire ecosystem of tools
- Open Container Initiative - 35+ members, 253 github forks, 130 contributors
- Docker used for stateful as well as stateless apps - really started as stateless and is growing into the other
- Docker in production - (see the DataDog study, a lot of stats used from that) - 8 surprising facts about Docker Adoption (google it)
- Docker in Production means making Docker much better and more robust. Must be portable and good for dev as well as ops, Secure and Extensible

Docker Stack:
- Solomon (Founder/CTO) up on stage now:
- Solomon talking about the Internet (lots of upgrades, doesn’t go down, ultimate at scale system)
- The biggest obstacle right now is software walled gardens, it stands between an eager developer and the Internet
- Docker is building an open software layer to make the Internet programmable
- Solomon talking about the Docker Stack - 4 layers in a building is the example
- Layer 1 = Standards. Let’s get everyone to agree on a way to interoperate
- Layer 2 = Infrastructure. The “plumbing” that enables everything to happen
- Layer 3 = Dev Tools. A collection of tools to help developer experience the best it can be
- Layer 4 = Solutions. How do you solve real word problems? What is the final answer? This is solutions

Docker Quality:
What is left after you ship a feature, Quality is making a feature work every time, for every user - Quality is security, reliability, handling failures gracefully
- What has Docker been up to? Quality tools for developers...
- first up, usability of tools, Solomon admits they have been working on usability of tools. Talking about docker compose right now, it is the “developer entry point” into the ecosystem. It is the must use tool for developers. As of the last release, can now do “magical” service discovery, can now use a micro-service architecture without rewriting code, and can now build persistent services with volume management
- Working on making the “little things” better for developers (virtual box integration issues, UI glitches, low priority bugs, better error messages) - lots of unglamorous work
- Working up to a story and a demo. Story of a developer on the first day of work. How soon could be developing an application? - Simple as download the Docker Toolbox and run one command.

Docker Security:
- Solomon talking about “usable security” - developers care about usability, not security. They care about security, as long as it doesn’t affect usability, otherwise they will just find a way around it
- How to give developers usable security? How do we move beyond Docker Content Trust and Notary?
- Docker Content Trust + hardare crypto = the ability to survive almost any key compromise (double layer of protection provided so you can rotate keys and replace as needed as long as the root key is kept safe)
- Announcement: Docker and yubico - hardware crypto key for Docker Content Trust
(Demo of the product) - plug the hardware key into the laptop, enable Docker Content Trust, docker push to Docker Hub, touch the key (physically) to prove you are a human and this isn’t a “bot” or something malicious, enter a password, done.
- LOL - made a backup copy of his keys and then published to github public - not a good thing
- Security team rotated the private key to prevent a compromise, tried the demo again and of course it failed because of key rotation. Was actually a very entertaining demo
- Take Away: With the right tools, any developer can become a secure software publisher
- Isolation of a container in Linux was difficult because so many things “make” a container. Over time this has improved. The last two left are really seccomp and user namespace
- The last two have been tackled in the Swarm/Engine experimental builds
- Huge question with a lot of different answers - “Am I running vulnerable containers?"
- Announcement: Introducing Project Nautilus - Built-in container security analysis in Docker Hub - trigger an automated scan anytime a container is pushed to Docker Hub
- soft launch 2 months ago, over 74 millions pulls to date already scanned, self service coming soon
- Benefits of this approach - Detect vulnerabilities regardless of the Linux Distribution, discovery of new vulnerabilities in Linux distributions and collaborate with communities to fix them, developers can use their favorite package manger (probably not the one that shipped with the distro)
- Take away: You can be secure without lock in to a specific distro

Docker at Scale:
- Next topic and Demo - Swam at scale
- Took the demo (Day 1 app and scaled this up to 1000 nodes in Swarm) - Now using swarm bench to scale this up to 50k containers across 1000 nodes. Once they are up and running, Swarm scheduler balances them across the cluster - real time this was done in less than an hour.
Note: Swarm tested to 50k containers but that was a limitation of EC2 right now. They expect to have better numbers in the future. Docker is dedicated to making Swarm the most scalable and usable system in the industry

Disclaimer: The Cloudcast was a media sponsor of Dockercon EU