Sep
07

Windows Get Some Love with #Docker EE 17.06

With the new release of Docker 17.06 EE Windows containers gets lots of added features. First up is the ability to run Windows and Linux worker nodes in the same same cluster. This is great because you have centralized security and logging across your whole environment. Your .NET and Java teams can live in peace to consolidate your infrastructure instead of spinning of separate environments.

Continuously scanning for vulnerabilities in Windows images was added if your have Advanced EE license. Not only does it scan images it will also alert when new vulnerabilities are found in existing images.

Bringing everything together you can use the same overlay networks to connect your application in the case of SQL server and web servers running on Linux. Your developers can create a single compose file covering both SQL and web severs.

Other New Windows related features in Docker 17.06:

Windows Server 2016 support
Windows 10586 is marked as deprecated; it will not be supported going forward in stable releases
Integration with Docker Cloud, with the ability to control remote Swarms from the local command line interface (CLI) and view your repositories
Unified login between the Docker CLI and Docker Hub, Docker Cloud.
Sharing a drive can be done on demand, the first time a mount is requested
Add an experimental DNS name for the host: docker.for.win.localhost
Support for client (i.e. “login”) certificates for authenticating registry access (fixes docker/for-win#569)
New installer experience

Sep
04

Multi-stage build support in #Docker EE 17.06

New in Docker EE 17.06 is the ability to have multi-stage builds. This is important because you can now just grab the files(artifacts) you need for the next stage of your build and keep your builds small which leads to faster build times. This change allows you to have mutiple from arguments in your docker file.

Devs have optional give a name the build stage. Then afterward this name can be used in COPY –from=name src dest and FROM name. If a build stage is defined with that name it takes precedence in these commands, if it is not found, an image with that name is attempted to be used instead.

FROM node AS test-env
ADD ./ /app
WORKDIR /app
RUN npm install
RUN npm run build

FROM nginx AS prod
COPY --from=test-env /app /var/www/html

You can run subsets of the dockerfile to get more use of out your work. If you wanted to only run the test-env section you can add a target to the docker build command with –target test-env

Aug
29

VMworld attendees get to the Docker booth to save money & time like Visa.

The Docker booth is right beside the Nutanix booth at VMworld this year so I have seen lots of people there but not 23,000 but there should be. Docker had been apart of all the announcements if you realized it our not. Lots of talk about Google with Kubernetes. Kubernetes still requires Docker as the container engine so whether it’s Swarm or Kubernetes you’re going to be using Docker. If you want Enterprise support Docker is both you want to be visiting and learning what they can do to develop better end to end software while saving you money.

With Docker EE has been in production at Visa for over 6 months and is seeing improvements in a number of ways:

Provisioning time: Visa can now provision in seconds rather than days even while more application teams join the effort. They can also deliver just-in-time infrastructure across multiple datacenters around the world with a standardized format that works across their diverse set of applications.
Patching & maintenance: With Docker, Visa can simply redeploy an application with a new image. This also allows Visa to respond quickly to new threats as they can deploy patches across their entire environment at one time.
Tech Refresh: Once applications are containerized with Docker, developers do not have to worry about the underlying infrastructure; the infrastructure is invisible.
Multi-tenancy: Docker containers provides both space and time division multiplexing by allowing Visa to provision and deprovision microservices quickly as needed. This allows them to strategically place new services into the available infrastructure which has allowed the team to support 10x the scale they could previously.

Visa moved a VM-based environment to containers running on bare metal and saved the time to provision and decommissioned its first containerized app by 50%.By saving time and money on the existing infrastructure and applications, organizations can reinvest the savings — both the time and money — in transforming the business.

BTW Nutanix can do bare-metal or run AHV to provide great experience for containers with our own Docker Volume plugin.

Aug
18

Nutanix Docker volume plugin updated

Last week Nutanix published an update to the Nutanix docker volume plugin with support ubuntu, docker datacenter compatibility and improved logging among other improvements.

Supported scopes for the plugin are global and local. Any other value in Scope will be ignored, and local is used. Scope allows cluster managers to handle the volume in different ways. For instance, a scope of global, signals to the cluster manager that it only needs to create the volume once instead of on each Docker host.
https://docs.docker.com/engine/extend/plugins_volume/#volumedrivercapabilities

Apr
23

Operations Getting Down With DJ RunC & ContainerD

Rundmc_2

runC and containerd does sound like some rappers from the 80’s. While in the land of hip hop Run–D.M.C. was legendary in creating new school rap, Docker has thrown it’s interia behind runC and containerD to pave the way for future success. runC is an implementation of the Open Container Initiative (OCI) spec which Docker has donated a huge chunk of their own work to the project. runC is a standalone binary that allows you run a single OCI container. This is big because now everyone has a standard way to run a container which creates better portability and creates good code hygiene.

containerD is a new piece of infrastructure plumbing that allows you to run multiple containers using runC. It’s kinda like a simple init system. containterD takes care of the simple CRUD operations against containers but image management still lives with the Docker Engine. containerD is also event driven so you can build untop of it.

2016-04-22_23-31-30

With the release of Docker 1.11 runC and contianerD is fully integrated. I think this important because if your going to pick a horse in the container race you have a company in Docker that is leading with committers for OCI which is essentially helping to set direction for containers. On the operations side of the house if I have to upgrade the Docker Engine, there is now a road map to have an upgrade without affecting your running containers. It’s great containers can run and die but it’s even better if they never fail 🙂

Docker 1.11 also added DNS round robin load balancing. While may it seems crude to the likes of a F5 or Netscaler engineer I always find simple wins and see it used in lots of places. If you give multiple containers the same alias, Docker’s service discovery will return the addresses of all of the containers for round-robin DNS.

I think the the 1.11 release of Docker will continue to build great things. Let’s just hope it doesn’t lead to over played Run–D.M.C spoof shirts.

Mar
29

Docker Machine for Windows By Pictures

A native Mac and Windows app, Docker can now be be installed, launched and utilized from a system toolbar like any other packaged app. As with Docker for Linux, Docker for Windows brings a deeper integration with each of these platforms, leveraging the native virtualization features of respective platforms.

You in need to turn on hyper-v for windows. The docker bits will run in MobyLinux VM.

You in need to turn on hyper-v for windows. The docker bits will run in MobyLinux VM.

Every install needs the whale. It makes the EULA fun.

Every install needs the whale. It makes the EULA fun.

Starting up the VM.

Starting up the VM.

I think this might move out after the beta

I think this might move out after the beta

Making the magic happen  from the system try.

Making the magic happen from the system try.

After the installation you'll see DockerNAT. It's used to talk been your desktop/laptop and the MobyLinux

After the installation you’ll see DockerNAT. It’s used to talk been your desktop/laptop and the MobyLinux

Now you can run all your docker commands right from your desktop. A Windows named pipe is used on Windows to talk to the MobyLinux VM

Now you can run all your docker commands right from your desktop. A Windows named pipe is used on Windows to talk to the MobyLinux VM

Benefits

Ease of use and performance
Leverage native hypervisor support on both platforms
Fewer steps by leveraging native capabilities (virtualization, networking, filesystems) increases performance and reliability

Resolves Dependency Issues
No need to install app framework or runtime
Integrated products which include Docker Compose and offer a streamlined installation process that no longer requires non-system third-party software like VirtualBox
Use any version control manager

In-container development accelerates development
Devs can simply use a single text editor or IDE to code their application.
Faster Docker-driven iteration cycles because code changes can be tested instantaneously on the laptop without the need to build the Docker application image first.

Advanced Networking capabilities
Docker for Mac and Windows includes a DNS server for containers, and is integrated with the Mac OS X and Windows networking system
Use Docker more easily over a VPN.