DockerCon is the gathering place of everyone in the container world, from developers, ecosystem partners to IT pros. As per usual, Docker Inc. leaders took the stage to deliver their take on the state of the container industry, and show off what the Docker engineers have been working on.
Welcome Steve Singh, CEO of Docker
— Stephane Bureau (@SBUCloud) October 17, 2017
— Phil Estes (@estesp) October 17, 2017
With the changing of the guard at the CEO level, Steve Singh (@SteveSSingh), of Concur fame, took the stage for the first time at DockerCon EU at the Bella Center in Copenhagen, Denmark. It was probably the first time most people in the room had heard from him extensively in a Docker context. But make no mistake; Singh made it clear that Docker is well positioned to eliminate the tough tradeoffs that come with running an enterprise IT organization. He made the case that you shouldn’t have to choose between maintenance and innovation, even with a limited IT budget. Using the savings from containerizing your workloads and running them with a greater density on virtualized machines, you can free up more of your IT budget for innovation. We couldn’t agree more.
Modernize Traditional Apps (MTA) and Docker App Converter (DAC)
— ManoMarks (@ManoMarks) October 17, 2017
The technical demos opened with Kristie Howard (@kristiehow) and French Ben (@frenchben) highlighting Docker’s Modernize Traditional Apps (MTA) program, where enterprises can engage a Docker professional services partner to help convert traditional apps to Dockerized apps. The new Docker Application Converter (DAC) generate a Dockerfile from an existing VM image, that can be built into a Docker EE container using a single command. On stage, the demo showed that a Java app (an e-commerce store) running on Tomcat could be converted into a Docker image with the necessary base image, ports exposed and commands in one step.
Docker Security: Secrets, Trusted Registries and Encrypted Overlay Networks
With Docker’s overt push into the enterprise, of course security was a focus. Earlier in April at DockerCon US in Austin, Docker encouraged users to eschew storing secrets (e.g. passwords, certs or API keys) on the host and instead, use Docker Secrets. Secrets are available on any machine running in Swarm mode (even single node). The Secrets are stored encrypted on the master node, and mounted into the container(s) that have the privileges to access them using a ramdisk.
In untrusted environments, Docker overlay networks can use IPSec for encryption, just add ‘–opt encrypted’ #DockerCon
— Sebastiaan van Stijn (@thaJeztah) October 16, 2017
Now in addition to Secrets, you can add an encrypted: “true” option to your Docker Stack file to enable encryption of the inter-container traffic on a Docker Overlay Network. In a hypothetical scenario deploying a containerized app to a new cloud provider, all you had to do was build a new image with any customizations, push it to the Docker Trusted Registry, and stack deploy it to the staging environment. With Secrets and encrypted overlay networks out of the box, it’s much easier to comply with the data security requirements that many regulations impose.
Docker Pushes into the Enterprise with Docker EE
— Vivek Saraswat (@theVSaraswat) October 17, 2017
The interesting thing is while Docker, the software has been extremely successful as an open source project, stakeholders have been anxious for the fledging company to show it can become a fixture of the enterprise. With a renewed round of funding devoted to sales & marketing, Docker has attracted big names like MetLife, Intuit and PayPal as major customers of its Docker EE (Enterprise Edition) platform. Docker EE is a technology stack including the Universal Control Plane, Docker Private Registry and a complete CI/CD pipeline allowing enterprises to securely move their apps from dev, test to production. Enterprise-oriented features like vulnerability scanning, image signing, rolling updates and Role Based Access Control (RBAC) are designed to inspire confidence even amongst organizations with the toughest security requirements, such as government, health and financial services.
Anyone who attended DockerCon ‘17 Austin will clearly remember the MetLife case study showing that companies in industries as traditional as insurance can succeed and thrive with containerized infrastructure. Like Steve Singh said in the opening, “all companies are software companies”, whether you’re an airline, in transportation, hospitality or any other industry vertical.
MetLife Achieves 66% Infrastructure Cost Savings, Eliminates 70% VMs & 67% Cores
— DockerCon (@DockerCon) October 17, 2017
When the benefits VASTLY outweigh the costs and risks of disruption it is time to move forward.
— Mike Coleman (@mikegcoleman) October 17, 2017
MetLife, represented by Jeff Murr (@jeffreymurr) who heads up containers at the company, returned to DockerCon Copenhagen to vouch for the ROI of modernizing their apps with Docker EE. They are running a hybrid cloud environment split between on-premise and Azure instances. The first app they tried to containerize when they began their Docker journey was a “do not call” database, and to their delight, it only took one day to get a small cluster of 4 application and database nodes up and running. They are now moving ahead with a plan to containerize the rest of their infrastructure, involving over 500 apps in their North American portfolio alone. According to their projections, the move will increase their CPU utilization by 10X and reduce infrastructure costs by 66%, eliminating 70% of VMs and 67% of cores. For any company at MetLife’s scale, this is literally tens, if not hundreds of millions of dollars. The best thing this case study proves is that risk-sensitive companies can get their feet wet with containerizing a few apps, and roll it out at a larger scale when they are ready.
Core Values of Docker Platform: Independence, Openness, Simplicity
— Karl Fischer (@kmf) October 17, 2017
Later in the keynote, founder and CTO Solomon Hykes (@solomonstre) came on stage to underscore the tangible benefits of reorganizing the Docker open source projects into Moby project “assemblies” and reiterate the core values of the Docker platform: Independence, Openness and Simplicity. Hykes pledges that Docker will never lock you into a cloud provider or proprietary software, and is designed to be accessible as a “tool of mass innovation” by being simple, yet powerful to use.
The modularization of the Docker software features into Moby project components (e.g. containerd and linuxkit) has allowed other open source communities, such as Kubernetes and other CNCF projects, to reuse technologies developed and open-sourced by Docker, the company.
Kubernetes to Ship with Docker EE, Docker for Windows, Docker for Mac
— DockerCon (@DockerCon) October 17, 2017
— chanezon (@chanezon) October 17, 2017
Then Solomon dropped the bombshell of an announcement that stole the spotlight of the entire keynote. Docker EE, Docker for Windows and Docker for Mac will support Kubernetes natively as an orchestrator using existing Docker CLI commands and Compose syntax. Docker for Windows and Mac will come bundled with a single-node Kubernetes cluster for testing and development, with Compose files converted to Kubernetes service definitions on-the-fly by Docker. And make no mistake, Docker has not forked Kubernetes; it is distributing pure, upstream Kubernetes as part of the official Docker package. Even Swarm users without knowledge of kubectl and Kubernetes primitives can easily develop containerized apps to be deployed on a Kubernetes cluster in production.
— chanezon (@chanezon) October 17, 2017
Interested users can sign up for the beta of Kubernetes on Docker at https://beta.docker.com/ with General Release expected in Q1 2018. Like everyone else in the room, the Autoize team cannot wait to try it out.
To show that Docker is not making this move in isolation, they invited Kubernetes co-founder, Brenda Burns (@brendnburns) and Google Kubernetes lead (@thockin), Tim Hockin to make this announcement together. With Kubernetes now a first class citizen in the Docker ecosystem, a much deeper collaboration between the two communities is inevitable. We expect this development to set a new tone a KubeCon/CloudNativeCon in Austin this December, where in the past the attendee base has lesser extent of overlap with DockerCon attendees.
— Borja Burgos (@borja_burgos) October 17, 2017
For observant watchers in the container community, the integration of Kubernetes with Docker was not completely a surprise. Many third-party tools, such as Rancher with their version 2.0 announcement, had hitched their wheels to Kubernetes first, with Docker Swarm and Mesos as alternatives for container orchestration. Like the rest of the Docker stack, Swarm really shined with its simplicity and ease-of-use, but most enterprises going to production with containers were going with Kubernetes due to its versatility. The new direction brings the best aspects of the formerly competing orchestrators to each other, allowing Swarm users to grow into confident Kubernetes administrators at their own pace.
We are bullish about the rising star of Docker and the entire container industry, and will follow the rest of the announcements closely in DockerCon and beyond. With the steady hands steering the ship at Docker Inc. and an enthusiastic community behind all-things-containers (Kubernetes is in the top 3 most active projects on GitHub), it has never been a better time to be in IT, whether you’re a developer or operator.