Kategorie: Kubernetes

DockerCon LIVE 2021 Recapped: Top 5 Sessions

You came, you participated, you learned. You helped us pull off another DockerCon — and, my fellow developers, it was good. How good? About 80,000 folks registered for the May 27 virtual event — on a par with last year.

We threw a lot at you, from demos and product announcements to company updates and more — all of it focused on modern application delivery in a cloud-native world. But some clear favorites emerged. Here’s a rundown of the top 5 sessions, which zeroed in on some of the everyday issues and challenges facing our developer community.

#1. How Much Kubernetes Do I Need to Learn?

Kubernetes isn’t simple and the learning curve is steep, but the upside to mastering this powerful and flexible system is huge. So it’s natural for developers to ask how much Kubernetes is “just enough” to get productive. Clearly, many of you shared that question, making this the Número Uno session of DockerCon LIVE 2021. Docker Captain Elton Stoneman, a consultant and trainer at Sixeyed Consulting, walks you through the Kubernetes platform, clarifying core concepts around services, deployments, replica sets, pods, config maps and secrets, and sharing demos to show how they all work together. He also shows how simple and complex apps are defined as Kubernetes manifests, and clarifies the line between dev and ops.

#2. A Pragmatic Tour of Docker Filesystems

Mutagen founder Jacob Howard takes on the heroic task of dispelling the mists of confusion that developers often encounter when starting out with containerized development. Sure, container filesystems can seem like an impenetrable mess, but Jacob carefully makes the case for why the relationship between file systems and containers actually makes a lot of sense, even to non-developers. He also provides a pragmatic guide to container filesystem concepts, options and performance that can serve as a rule of thumb for selecting the right solution(s) for your use case.

#3. Top Dockerfile Security Best Practices

In this webinar, Alvaro Iradier Muro, an integrations engineer at Sysdig, goes deep on Dockerfile best practices for image builds to help you prevent security issues and optimize containerized applications. He shows you straightforward ways to avoid unnecessary privileges, reduce the attack surface with multistage builds, prevent confidential data leaks, detect bad practices and more, including how to go beyond image building to harden container security at runtime. It all comes down to building well-crafted Dockerfiles, and Alvaro shows how to do so by removing known risks in advance, so you can reduce security management and operational overhead.

#4. Databases on Containers

Only in the last few years has running high-performance stateful applications inside containers become a reality — a shift made possible by the rise of Kubernetes and performance improvements in Docker. Denis Souza Rosa, a developer advocate at Couchbase, answers many of the common questions that arise in connection with this new normal: Why should I run these applications inside containers in the first place? What are the challenges? Is it production ready? In this demo, Denis deploys a database and operator long with fail nodes, and he shows how to scale up and down with almost no manual intervention using state-of-the-art technology.

#5. A Day in the Life of a Developer: Moving Code from Development to Production Without Losing Control

Learn how to take control of your development process in ways you never thought possible with Nick Chase, director of technical marketing and developer relations at Mirantis. Nick zeroes in on how only a true software development pipeline can prevent serious problems such as security holes, configuration errors, and business issues such as executive approval for promotion of changes. Along the way, he covers what a complete software supply chain looks like, common “weak links” and how to strengthen them, how to integrate your workflow as a developer, and what to do when business concerns affect the pipeline.

If you missed these popular sessions last month, now’s your chance to catch them. Or maybe you just want to see them again. Either way, check out the recordings. They’re informative, practical and free!

We have a complete container solution for you – no matter who you are and where you are on your containerization journey. Get started with Docker today here.
The post DockerCon LIVE 2021 Recapped: Top 5 Sessions appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

Volume Management, Compose v2, Skipping Updates, and more in Docker Desktop 3.4

We are excited to announce the release of Docker Desktop 3.4.

This release includes several improvements to Docker Desktop, including our new Volume Management interface, the Compose v2 roll-out, and changes to how to Skip an update to Docker Desktop based on your feedback.

Volume Management

Have you wanted a way to more easily manage and explore your volumes?

In this release we’re introducing a new capability in Docker Desktop that helps you to create and delete volumes from Desktop’s Dashboard as well as to see which ones are In Use.

For developers with Pro and Team Docker subscriptions, we’ll be bringing a richer experience to managing your volumes. 

You’ll be able to explore the contents of the volumes so that you can more easily get an understanding of what’s taking up space within the volume.

You’ll also be able to easily see which specific containers are using any particular volume.

We’re also looking to add additional capabilities in the future, such as being able to easily download files from the volume, read-only view for text files, and more. We’d love to hear more about what you’d like to see us prioritize and focus on in improving the way you can manage your volumes.  Please chime in with your use cases on our public roadmap if this is an area you’d like us to continue focusing on improving.

Compose V2 Roll out begins

We are very excited to launch the beta of Compose V2, which supports the compose command as part of the Docker CLI, and which we have affectionately promoted into the ‘first-class citizen in the Docker CLI’.  Compose V2 seamlessly integrates the compose functions into the Docker CLI, while still supporting most of the previous docker-compose features and flags.  Compose V2 includes two new options – 

docker compose ls, to list all your compose apps

docker compose cp, to copy files/folders between your service container and your local filesystem

The simplest way to test this new functionality is to run the docker compose command, instead of docker-compose, and see what happens.  

10% of compose users are already using docker compose, and we are hearing all sorts of good things.

But we want to make it even simpler, and launch Compose v2 as a drop-in replacement, so that you do not need to change any of your scripts, to take advantage of this new functionality.  

Beginning with Docker Desktop 3.4, you will be able to explicitly opt-in to run Compose v2 with docker-compose,by running docker-compose enable-v2 command.  Or you can opt into Compose v2 by updating your Docker Desktop’s Experimental Features settings.  

With the release of 3.4, we’ll also start to change the docker-compose command to run as Compose V2, without the explicit opt-in.  We’ll roll this out gradually, to a small percentage of users at a time.  If we upgrade your docker-compose, we will notify you that you are running the compose upgrade.  

If you do run into any issues using Compose V2, simply run docker-compose disable-v2 command, or via Docker Desktop’s Experimental Features, to revert to the initial docker-compose functionality.  And please help us resolve your problems by submitting an issue here.  

Skipping Docker Desktop Updates

We’ve heard your feedback regarding how the “Skip this update” behavior introduced in Docker Desktop 3.3 was confusing and missed the mark.  

It was trying to provide additional flexibility for Pro/Team users who needed to stay on an older version of Docker Desktop by allowing them to dismiss additional reminders about a particular update. 

There were many folks who took this to mean that you needed to be a Pro/Team subscriber to not have to update their version of Docker Desktop, which was not the case.

Based on your feedback, in Docker Desktop 3.4, we will be removing the requirement to be a Pro/Team subscriber to skip reminder notifications about individual Docker Desktop releases. 

To summarize what the experience will be like once you’ve upgraded to Docker Desktop 3.4:

When a new update becomes available, the whale icon will change to indicate that there’s an update available and you’ll be able to choose when to download and install the update.

Two weeks after an update first becomes available, a reminder notification, like below, will appear.

If you click on “Skip this update”, you won’t get any additional reminders for this particular update.

If you click on “Snooze” or dismiss the dialog, you’ll get a reminder to update on the following day.

For developers in larger organizations, who don’t have administrative access to install updates to Docker Desktop, or are only allowed to upgrade to IT-approved versions, there continues to be an option in the Settings menu to opt out of notifications altogether for Docker Desktop updates if your Docker ID is part of a Team subscription.

It’s your positive feedback that helps us continue to improve the Docker experience. We truly appreciate it. Please keep that feedback coming by raising tickets on our Public Roadmap.

See the release notes for Docker Desktop for Mac and Docker Desktop for Windows for the complete set of changes in Docker Desktop 3.4.Interested in learning more about what else is included with a Pro or Team subscription? Check out our pricing page for a detailed breakdown.
The post Volume Management, Compose v2, Skipping Updates, and more in Docker Desktop 3.4 appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

Bringing “docker scan” to Linux

At the end of last year we launched vulnerability scanning options as part of the Docker platform. We worked together with our partner Snyk to include security testing options along multiple points of your inner loop.  We incorporated scanning options into the Hub, so that you can configure your repositories to automatically scan all the pushed images. We also added a scanning command to the Docker CLI on Docker Desktop for Mac and Windows, so that you can run vulnerability scans for images on your local machine. The earlier in your development that you find these vulnerabilities, the easier and cheaper it is to fix them.  Vulnerability scan results also provide remediation guidance on things that you can do to remove the reported vulnerabilities. Some of the examples of remediation include recommendations for alternative base images with lower vulnerability counts, or package upgrades that have already resolved the specified vulnerabilities.  

We are now making another update in our security journey, by bringing “docker scan” to the  Docker CLI on Linux. The experience of scanning on Linux is identical to what we have already launched for Desktop CLI, with scanning support for linux/amd64 (x86-64) Docker images. The CLI command is the same  docker scan,  supporting all of the same flags. These flags include the options to add Dockerfiles with images submitted for scanning and to specify the minimum severity level for the reported vulnerabilities.  

Information about the docker scan command, with all the details about the supported flags, is provided in the Vulnerability Scanning for Docker Local Images section in the Docker documentation. Vulnerability reports are also the same, listing for each vulnerability, information about severity levels, the image layers where vulnerabilities are manifested, the exploit maturity and remediation suggestions.  

The major difference with scanning on Linux is that instead of upgrading your Docker Desktop, you will need to install or upgrade your Docker Engine. Directions for installing the Engine are provided in the Install Docker Engine section of Docker documentation, including instructions for several different distros, including CentOS, Debian, Fedora and Ubuntu. And because this is  Linux, we have open sourced the scanning CLI plugin…  Go ahead, give it a try, or take a look at this page for other Docker open source projects that may help you to build, share and run your applications

If you want to learn more about application vulnerabilities, and you missed DockerCon 21, you can go here for a recording of the DockerCon LIVE panel on Security, or watch a great session called ‘My Container Image Has 500 Vulnerabilities.  Now What?’.  Or, look for any other DockerCon recording…  There were all sorts of great sessions on things that you can do to build, share and run your applications.  Or, for more information about the Docker partnership with Snyk, and plans for future partnership collaborations, please check out this blog post by Snyk’s Sarah Conway

The post Bringing “docker scan” to Linux appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

Changes to Docker Hub Autobuilds

As many of you are aware, it has been a difficult period for companies offering free cloud compute [1]. Unfortunately, Docker’s Autobuild service has been targeted by the same bad actors, so today we are disappointed to announce that we will be discontinuing Autobuilds on the free tier starting from June 18, 2021. 

In the last few months we have seen a massive growth in the number of bad actors who are taking advantage of this service with the goal of abusing it for crypto mining. For the last 7 years we have been proud to offer our Autobuild service to all our users as the simplest way to set up CI for containerized projects. As well as the increased cost of running the service, this type of abuse periodically impacts performance for paying Autobuild users and induces many sleepless nights for our team

In April we saw the number of build hours spike 2X our usual load and by the end of the month we had already deactivated ~10,000 accounts due to mining abuse The following week we had another ~2200 miners spin up.

As a result of this we have made the hard choice to remove Autobuilds from our free plan as a mitigation for this abuse. While making these changes is never an easy choice, we’ve also continued to focus on making meaningful improvements to the performance of Autobuilds, including:

Increasing the number of parallel builds to 5 for Pro and 15 for Team.Increase the build instance types, so you get a beefier machine to build on!Changed Autobuild to take advantage of BuildKit by default for improved build performance.

All of these improvements should see a faster and more stable build experience with lower queue times. If that sounds good and you are a free user who <3’s their Autobuilds, we are offering 20% off Docker Pro and Team for new and returning subscriptions through June 18, 2021 so you can continue using that Autobuild goodness.

If you’re part of the Docker Open Source program, and currently leveraging Autobuilds as part of a Free plan, we want to continue supporting you and we will be reaching out to make sure you will not be impacted by this change.   

We really appreciate your support and the community’s understanding as the whole industry battles against these abusive few. We want to keep providing awesome and magical services and hope we can find a better solution with everyone going forward.
The post Changes to Docker Hub Autobuilds appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/