2. Dockercon: Announcements
• Docker in Production
• Security
• Networking and Plugins
• RunC
• Docker Release 1.7
• OpenContainer Project
3. Docker in Production
• Tremendous Community & Partner Ecosystem
• Extensible and Pluggable
• Roadmap
• Security
• Orchestration
• Networking and Storage
• Deployment and Management Workflows
4. Security
• Least Privilege Microservices
• Service Profiles: access to only resources needed (API, etc)
• Process Monitoring
• Fine-grained Access Control
• Namespaces
• Cgroups
• Linux Security Modules (AppArmor, SELinux)
• Per container ulimit
• User namespaces (remap root coming in 1.8)
• Seccomp: syscall filtering (coming)
7. Networking
• Multi-host networking out of the box
• Builtin Micro Segmentation
• Create Virtual Networks of any Topology
• Enforce Security Policies
• Probes and Firewalls
• Built on industry standards
• Standardized Service Discovery
• API (coming)
10. RunC
• Universal Container Runtime
• Docker’s Container Management; nothing else
• Lightweight
• Battle Tested and Production Ready
• Supports selinux, apparmor, cgroups, seccomp,
namespaces
• User namespaces
• Live Migration
• Microsoft contributing Windows support
• Arm support coming
• https://runc.io
16. Docker Compose 1.3.0
• Performance and stability
• More config option support for Engine
• New feature (experimental): Smart Recreate
• Only recreate containers whose configuration has changed
• docker-compose up -x-smart-recreate
• Will become default
18. OpenContainer Project
• OCF: universal intermediary format for OS containers
• Docker dontated RunC to Open Container Project
• RunC is the OCF reference implementation
• Founding Members: