This document provides an overview of developing and deploying Java applications on Azure using Docker. It discusses using Docker to build Java applications, running containers, and deploying stacks. It also covers Docker Enterprise Edition, including subscriptions, certifications, and security features. Finally, it demonstrates using Docker on Azure, such as with Azure Container Service, and shows examples of building, running, and deploying Java applications with Docker.

1. Patrick Chanezon, Docker Inc.
@chanezon
Developing and deploying Java & Linux on
Azure with Docker
March 2017

2. French
Polyglot
Platforms
Software Plumber
San Francisco
Developer Relations
@chanezon

3. PublicHybridPrivate
Ops Devops Developers

4. Linux Container Ecosystem
glusterfs
weavecalicomidokuracisconuage
Cloud
OS
Plugins
Orchestration

5. Docker

6. The world needs
tools of mass innovation

7. A programmable Internet would be the ultimate
tool of mass innovation

8. A commercial product,
built on
a development platform,
built on
infrastructure,
built on
standards.
Docker is building a stack to program the Internet

9. Docker Platform

11. Docker Platform constituencies
Many purposes, users and infrastructure
Today
Developer
Community
Need to experiment
and innovate with
leading edge tech
Ops
Community
Enterprise
Partner
Ecosystem
Run business critical
apps at scale
anywhere
Extend and add
value to a platform
with a shared path to
monetization
Need a predictable
system to deploy
and run apps

12. The Docker Platform
Developers Ops Enterprise Ecosystem
ONE PLATFORM
For Developers and IT
For Linux and Windows
On Premises and in the Cloud
Traditional Homegrown, Commercial ISV, Microservices
Docker Community Edition (CE)
Docker Enterprise Edition (EE)
Docker Certified
Docker Store

13. Docker Enterprise Edition (EE) and Community Edition (CE)
• Free Docker platform for “do it
yourself” dev and ops
• Monthly Edge release with latest
features for developers
• Quarterly release with maintenance
for ops
Community Edition (CE)Enterprise Edition (EE)
• CaaS enabled platform subscription
(integrated container orchestration,
management and security)
• Enterprise class support
• Quarterly releases, supported for one
year each with backported patches
and hotfixes.
• Certified Infrastructure, Plugins,
Containers

14. What is a Docker Edition
Making things simple for a great user experience
Virtual Network VMSS
Blob Storage Azure LB ARM
AAD

15. Enterprises need support and assurances
NEW Certification program for Infrastructure, Plugins and Containers
Infrastructure
Platform
Community EditionEnterprise Edition

16. Docker Certified Launch Partners

17. Docker Store
• A commercial marketplace for
partners and customers
• Publishers gain instant access
to Docker users with product
delivery in containers
• Customers gain ability to
search, browse, purchase and
manage from a single UX

18. Docker EE Subscription Tiers
EE Basic EE Standard
(Docker Datacenter)
EE Advanced
CaaS enabled platform x x x
Container engine and built in
orchestration, networking, security
x x x
Docker Certified
Infra, Plugins and ISV Containers
x x x
Image management
With private registry, caching
x x
Integrated container app management x x
Multi-tenancy with RBAC, LDAP/AD x x
Integrated secrets mgmt, image
signing, policy
x x
Image security scanning and
continuous vulnerability monitoring
x
DockerDatacenter

19. CaaS is the modern software supply chain framework

20. Isolation using Linux kernel features
namespaces
 pid
 mnt
 net
 uts
 ipc
 user
cgroups
 memory
 cpu
 blkio
 devices

21. Union File Systems & Image Layers

22. Swarm mode
Service API
Cryptographic node identity
Built-in routing mesh
Docker built-in orchestration

23. What’s New in Docker 17.03
• Docker EE and CE
• Compose file support for Swarm mode service deployment
• docker stack deploy --compose-file=docker-compose.yml my_stack
• Secrets Management
• System commands
• docker system df, prune
• Monitoring
• docker service logs
• Prometheus experiment endpoint
• Build
• docker build —squash
• CPU management —cpus 2.5
• Docker for AWS & Azure GA

24. Docker & Microsoft: a great Open Source collaboration

25. Docker & Microsoft: collaboration on all fronts
• Build
• Docker for Windows
• Docker EE for Windows Servers
• Visual Studio Tools for Docker
• Visual Studio Code Docker extension
• Ship
• Visual Studio team Services Docker Integration
• Azure Container Registry
• Run
• Azure Docker agent
• Azure Container Service Swarm and Swarm Mode
• Docker EE in Azure MarketPlace

26. Docker for Developers

27. Docker for Mac Docker for Windows

28. spring-doge.jar
Example: Spring Boot App using MongoDB
https://github.com/chanezon/docker-tips/
spring-doge
spring-doge-web
spring-doge-photo
API: Spring Boot, Spring Data
UI: AngularJS
Business Logic: java.awt
java -Dserver.port=8080
-Dspring.data.mongodb.uri=mongodb://mongo:27017/test
-jar spring-doge.jar

29. Dockerfile
FROM java:8
MAINTAINER Patrick Chanezon <patrick@chanezon.com>
EXPOSE 8080
COPY spring-doge/target/*.jar /usr/src/spring-doge/spring-
doge.jar
WORKDIR /usr/src/spring-doge
CMD java -Dserver.port=8080 -
Dspring.data.mongodb.uri=$MONGODB_URI -jar spring-doge.jar
HEALTHCHECK --interval=5m --timeout=3s --retries=3
CMD curl -f http://localhost:8080/ || exit 1

30. Using Docker to compile your jar/war
https://registry.hub.docker.com/_/maven/
docker run -it --rm
-v $PWD:/usr/src/spring-doge
-v maven:/root/.m2
-w /usr/src/spring-doge
maven:3.3-jdk-8
mvn package

31. Build an image
docker build -t chanezon/spring-doge .
FROM java:8
MAINTAINER Patrick Chanezon <patrick@chanezon.com>
EXPOSE 8080
COPY spring-doge/target/*.jar /usr/src/spring-doge/spring-
doge.jar
WORKDIR /usr/src/spring-doge
CMD java -Dserver.port=8080 -
Dspring.data.mongodb.uri=$MONGODB_URI -jar spring-doge.jar
HEALTHCHECK --interval=5m --timeout=3s --retries=3
CMD curl -f http://localhost:8080/ || exit 1

32. Run a container
docker run
—env MONGODB_URI=mongodb://mongo:27017/test
-p 8090:8080
chanezon/spring-doge

33. docker-compose: running multiple containers
 Run your stack with one command: docker-compose up
 Describe your stack with one file: docker-compose.yml
version: '3'
services:
web:
image: chanezon/spring-doge
ports:
- "8080:8080"
environment:
- MONGODB_URI=mongodb://mongo:27017/test
mongo:
image: mongo

34. Demo

35. Docker Java Labs
https://github.com/docker/labs/tree/master/developer-tools/
• Wildfly and Couchbase J2EE App
• Debugging a Java app in Docker using Eclipse

36. Docker for Ops

37. Docker for Azure

38. Azure Container Service
SLA-backed Azure service
az acs create…

39. ACS Engine
open-source project that enables power users to customize the cluster configuration
Where Docker can work directly with Microsoft on newer versions of both Docker & ACS
https://github.com/Azure/acs-engine/blob/master/docs/swarmmode.md

40. Azure Container Service Swarm Mode
https://github.com/Azure/acs-engine/blob/master/docs/swarmmode.md
acs-engine ARM template generator
acs-engine swarmmode.json
cd _output/SwarmMode...
az group create --name "pat_az_5" --location "westus"
az group deployment create -g pat_az_5 -n pat_acs_5
--template-file=azuredeploy.json
--parameters=@azuredeploy.parameters.json

41. docker stack deploy
 Deploy your stack with one command: docker stack deploy
 Describe your stack with one file: docker-compose.yml
version: '3'
services:
web:
image: chanezon/spring-doge
ports:
- "8004:8080"
environment:
- MONGODB_URI=mongodb://mongo:27017/test
deploy:
replicas: 2
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
mongo:
image: mongo

42. Demo

43. Docker for Enterprise

44. Goals
+ +
Agility Portability Control

45. Docker EE Subscription Tiers
EE Basic EE Standard
(Docker Datacenter)
EE Advanced
CaaS enabled platform x x x
Container engine and built in
orchestration, networking, security
x x x
Docker Certified
Infra, Plugins and ISV Containers
x x x
Image management
With private registry, caching
x x
Integrated container app management x x
Multi-tenancy with RBAC, LDAP/AD x x
Integrated secrets mgmt, image
signing, policy
x x
Image security scanning and
continuous vulnerability monitoring
x
DockerDatacenter
Docker 2017 - Confidential

46. Docker Universal Control Plane
Integrated
Security
Docker Engine
Container runtime, orchestration, networking, volumes, plugins
Docker Trusted Registry
Operating
Systems Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes
VirtualizationPublic Cloud Physical
Docker Datacenter
Docker EE Platform

47. Usable
Security
Secure defaults with tooling that is native to both dev
and ops
The Key Components of Container Security
47
Infrastructure
Independent
Trusted
Delivery
Safer Apps
Everything needed for a full functioning app is delivered
safely and guaranteed to not be tampered with
All of these things in your system are in the app
platform and can move across infrastructure without
disrupting the app
+
+
=

48. Usable
Security
Integrated Security with Docker EE
48
Infrastructure
Independent
Trusted
Delivery
Safer Apps
Image Scanning
TLS Encryption
Encryption at
Rest
App Secrets
Image Signing
& Verification
Public CloudVirtualizationPhysical
Users & RBAC
Dev/Ops
Workflow
+
+
=
Secure by
default runtime

49. Docker Universal Control Plane

50. UCP Permission Model

51. What’s New in Docker Datacenter

52. What’s New in Docker EE 17.03
Application Services
Content Trust and
Distribution
Platform Enhancements
• Secrets Management
• HTTP Routing Mesh (GA)
• Docker Compose for
Services
• Access control for Secrets
and Volumes
• Image Content Cache
• On premises image security
scanning and vulnerability
monitoring
• Registry Webhooks
• DTR install command from
UI
• UI Enhancements
• Additional LDAP configs
• Templates for AWS, Azure

53. Integrated Secrets Management
53
WorkerWorker
Manager
Internal Distributed Store
Raft Consensus Group
ManagerManager
Worker
External
App
Web UI
• Management
– Admins can add/remove/list/update
secrets in the cluster
– Exposed to a container via a ”/secrets”
tmpfs volume
• Authorization
– Tag secrets to a specific service
– Admins can authorize secrets access
to users/teams via RBAC
• Rotation
– Use GUI to update a secret to all
containers in a service
• Auditing
– Each user request for secret access
logged in cluster for auditing

54. Security Scanning:
Get a full BOM for a Docker Image

55. 55
Security Scanning:
Vulnerabilities and Licensing for Each Component

56. Security Scanning:
Set Automated Policy for Scanning

57. Security Scanning:
Online and Offline Updates

58. Compose for Services
• Deploy stacks (services, volumes, networks, secrets) using new
Compose file v3.1 format
• Manage and monitor stacks directly from UCP UI

59. Built in HTTP Routing Mesh (Now GA!)
• Extend TCP routing mesh to HTTP
hostname routing for services
• HTTPS support via SNI protocol
• Support for multiple HRM networks for
enhanced app isolation
• External LB routes hostnames to
nodes
• Can add hostname routing via UI
• Non-service containers continue to
use Interlock ref arch
WorkerWorkerWorker
External Load Balancer
Traffic via DNS
(http to port 80 or other)
Foo.com Bar.com Qux.com
R RR

60. Docker EE on Azure

61. Docker EE on Azure
Free 30 Days Test Drive from Docker Store

62. Docker EE on Azure

63. Demo

64. • Software
• https://www.docker.com/get-docker
• Slides
• https://www.slideshare.net/chanezon
• Samples
• https://github.com/chanezon/docker-tips
• https://github.com/docker/labs
Resources

65. THANK YOU