Docker in Production

Docker in Production

Use case sessions highlight how companies are using Docker to modernize their infrastructure and build, manage and secure  distributed applications. These sessions are heavy on business value, ROI and production implementation advice, and learnings.

Read More

Designing a Centralized Container Platform for a Multi-Cluster Enterprise Environment

Till Schenk (Bosch)

Deploying, operating and maintaining many independent clusters is always a key challenge for central service providers in large enterprises. The number of customers and different use-cases realized on the provided platform requires an architecture that is highly integrated into the enterprise IT ecosystem. In this talk we highlight the challenges that came up during the development of the “Container as a Service” Platform based on Docker Enterprise Edition. We also address the architectural and operational decisions we made to cope with requirements of different stakeholders. Further we will show the integration of a multi-cluster/multi-tenant Platform into our existing IT factory.

Building your NoSQL ship: How an Enterprise transitioned from a RDBMS to NoSQL DB using Agile and Docker

Jonell Taylor (Metlife)

How do you bring a NoSQL DB into a production Docker Environment? What are key orchestration challenges? How can you design a portable solution that can lift and shift into any environment? What are pro’s and con’s to containerizing your database? By establishing a set of best practices and proper testing you can ensure that your infrastructure design can be resilient in any global environment. The challenge is identifying what works best for your organization. Disruptive testing and partnering with other teams within your company can ensure success when implementing a global application. In this session you will learn from a member of MetLife’s ModSquad innovation team firsthand what challenges MetLife overcame using a NoSQL DB in a Docker environment. You will learn about key decisions impacting orchestration, availability, database replication, and disaster recovery. Additionally, you will understand key differences in classic and swarm mode and how Kubernetes and Docker teaming up will help your Production Design.

How to Accelerate Docker Adoption With a Simple and Powerful User Experience

Franck Davalo (Société Générale), Jérôme Baude (Docker)

Société Générale, a 153-year multi-national bank based in France, firmly believes that technology innovation and enriched customer experiences always go hand-in-hand.

Société Générale started its Docker journey in 2016. It now runs over 1500 containers from hundreds of users and adoption continues to grow. Our new IT platform, based on Docker Enterprise Edition (EE), offers a brand new developer experience with Continuous Integration and Continuous Delivery. Our new CI/CD processes, powered by Docker, are simplified, highly scalable and 10 times faster.

This talk will discuss how the bank built its central IT platform with Docker EE and ecosystem tooling with configurations to specifically take advantage of Docker EE capabilities, including:

  • Analysis and live streaming of logs and events from dev to ops for complete container lifecycle view
  • Continuous compliance checks by running a workflow enforcing security rules
  • Platform governance and multi-tenancy security with seamless UX
  • Defined service offerings from Storage to Compute to match every business need (CI/CD, BigData…)
  • Compose file compatibility with Kubernetes for effortless switch from one scheduler to another

DaVita’s Container Journey in the Healthcare Industry

Jason Richling (DaVita), Harish Jayakumar (Docker)

When DaVita wanted to improve their end to end application lifecycle, they understood that containers were going to be a major part of their strategic approach. The IT team at DaVita began learning and educating themselves on how a container platform could help them improve app isolation and developer productivity. The ability to implement practices like image scanning and policy-based automation was crucial in getting DaVita to the next stage of its technology evolution. In this talk, Jason Richling from DaVita and Harish Jayakumar from Docker will discuss the implementation process, from getting initial buy-in from key internal stakeholders, to key design decisions that enabled the final deployment across the enterprise. They’ll also share some of their learnings and tips that can help you in your own container journey.

Faster, Safer and 100% User Centric Application at Equifax with Docker

Jaya Polumuru (Equifax)

There is a saying to not let your circumstances define you. Issues and incidents are a fact of life in IT. We have all heard of “the incident” at Equifax. The most important part of these situations is the company’s response and mitigation to the issue that ensures a great customer experience. When faced with the task of addressing a this incident, the team at Equifax took a dramatic and aggressive approach. Realizing that changing the application portfolio of a 100+ year old company can be daunting and cumbersome, the team looked into containers and Docker Enterprise Edition. In particular, the built in security in the platform and the secure software supply chain provided the opportunity to architect an automated pipeline that not only tightly locked down the applications but provided clear stages, checks and accountability – like forensics for their applications that was not possible before or with any other system. The new environment, deployed to production and operationalized at a record speed of less than 3 months is not only safer, but dramatically faster to deploy and scale in a way that is seamless to the end user. The Equifax team is also experiencing container economics with lower overall costs and transparency within their platform that allows them to scale secops with containers across the enterprise.

Attend this session to learn more about:

How security, performance and a great customer experience can all co-exist

How to architect Docker EE and Jenkins for pipeline automation

Secure supply chain configurations in Docker EE

What kind of transparency is possible with the system Benefits and results Lessons learned and tips

Disruption from Within - Innovation at Franklin American

Don Bauer, Sharon Frazier (Franklin American)

Franklin American Mortgage is charging towards a future they are creating instead of following the pack in the industry. Like many incumbent companies burdened with the overhead of monolithic applications, they wanted to accelerate the ability to seize opportunities by accelerating the software development shift to a microservices architecture. The company created an Innovation Team to explore all the new ways of building and shipping applications, initially to lay down the foundation on which they could layer innovation. Part of the team’s charter was to “make no assumptions” — other than to to work without the the confines of existing operations. In this session, you’ll learn how Franklin American dockerized over 70 services on a single cluster in less than 18 months, including underlying data services such as Elasticsearch, Kafka, Zookeeper, Cassandra, and the software development stack (Gitlab, Nexus and Sonarqube). The team started small and didn’t have the resources to operate a native Kubernetes environment. Moreover, they anticipated future growth and support needs and as such turned to Docker Enterprise Edition as the solution. That enabled them to create a 27 node cluster running on VMware vSphere for the entire software supply chain, carved into segments for test, QA, staging and production. Franklin American will discuss how they ramped up to running Docker in production quickly with the internal Innovation Team, and how they’ll continue to modernize their applications over the coming year.

Docker on Docker: Leveraging Kubernetes in Docker EE to Power Infrastructure at Docker

Brett Inman, Mehdi Ghazizadeh, Manish Tomar (Docker)

Learn how Docker uses Kubernetes in Docker Enterprise Edition (EE) to power our own internal and SaaS infrastructure. Attend this session for tips on architecture, configuration, transitioning into Kubernetes, developer and operations workflow, and tales from the bleeding edge of Docker, from Docker.

Using Docker

Using Docker

Using Docker sessions are introductory sessions for Docker users, dev and ops alike. Filled with practical advice, learnings, and insight, these sessions will help you get started with Docker or better implement Docker into your workflow.

Read More

Creating Effective Docker Images

Abby Fuller (AWS)

Sick of getting paged at 2am and wondering “where did all my disk space go?” This has actually happened to me, and you can learn from my mistakes! New Docker users often start with a stock image in order to get up and running quickly, but that isn’t always the right answer. Creating efficient images is often overlooked, but important. Beyond saving resources, using minimal images also delivers important security benefits: include only what you need and not a whole runtime that might have security vulnerabilities. In this session, I’ll talk about how to create effective images and lessons I’ve learned from running containers in production at a number of startups. I’ll also cover topics like “how do layers work?” and some things you should think about when creating your images, such as; choosing or creating the right base image; the importance of caching; using RUN statements conservatively; cleaning up as you go. I’ll also address best practices; both at a high level with multi-stage builds; and some language-specific best practices, for example, tips and tricks for creating containers for Node.js vs Go.

To illustrate these points, we’ll cover:

How layers work? Choosing a base image vs. creating your own

The basics of building minimal images and the importance of choosing a base image vs. creating your own

The basics for building minimal images and the importance of caching

High level best practices for Linux containers (in general, and some language specific examples).

High level best practices for Windows container images.

New and improved: multi-stage builds Good vs. not so good

Dockerfile examples Docker Image Scanning, and other friends.

What’s up next? Looking to the future for more optimization.

Building Your Production Tech Stack for Docker Container Platform

Bret Fisher (Independent)

This session will focus on the practicals of building a fully-functional stack of container cluster tools, with different options for stacking those tools from the OS-up.

We’ve all seen examples of common technologies stacks, like the good ol’ LAMP and MEAN stacks for apps, but what about lower-level infrastructure? And can we get it without cloud vendor lock in please? Oh and pure containers and infrastructure-as-code too?

With Docker, sure thing! This session will cover:

Which OS/Distro and Kernel to use

VM’s or Bare Metal

Recommended Swarm architectures

Tool stacks for “pure open source”, “cloud-service based”, and “Docker EE” scenarios

Demos of these tools working together including InfraKit, Docker, Swarm, Flow-Proxy, ELK, Prometheus, REX-Ray, and more.

5 Patterns for Success for Application Transformation

Elton Stoneman (Docker)

Legacy apps weren’t designed to run in a modern distributed platform like Docker. They have their own ideas about logging, configuration and health which don’t translate to the world of containers and make transformation projects hard.

This session shows you how to bring your old apps into the modern world, and integrate them with Docker – without changing code. We’ll cover patterns for all the core application concerns:

* logging

* configuration

* monitoring

* health

* dependency management

The sample apps will be in .NET and Java, and will show you how to turn your existing apps into good Docker citizens.

Don’t have a Meltdown! Practical Steps for Defending Your Apps

Liz Rice (Aqua), Justin Cormack (Docker)

Security is a key concern for application developers and operations teams, as well as security professionals. Have I done enough? What do I need to do in the face of new threats like Meltdown and Spectre? What happens when the next big issue comes along? What should my priorities be? How do containers help?

In this talk we’ll demonstrate some common attacks live, and show how you can effectively defend your container deployment against them, using a combination of best practices, configuration, and tools.

Taking inspiration from highlights of the OWASP Top 10, and other high profile exploits and attacks, in this talk we will look at risks and preventative measures related to:

– authentication

– injection

– updates

– sensitive data

– configuration

By the end of the talk you should understand the most important security risks in your applications, and how to go about mitigating them.

Message-Based Microservices Architectures Driven With Docker

Michele Leroux Bustamante (Solliance)

Microservices are not for everyone, but there are some incredible benefits to employing microservice architecture principles to enable co-evolution of services and features and reduce friction during the DevOps cycle. The growth of moving parts, however, does require tight DevOps procedures, and visibility into system operations including diagnostics, application events and audit trail. Event streaming can enhance your solution enabling async processing and scale, but also enhancing visibility to the solution as a whole. The good news is that if you are already designing a solution based on microservice principles, you are already positioned to incorporate events with less pain. Services that “fit in your head” lead to a manageable approach to introducing event-based strategies. In this session you’ll learn how to design a microservices solution with Docker, that relies on event streams to produce workflow state, history and full audit. You’ll see patterns for structuring your solutions, managing events and payloads, designing your eventual consistency strategy, and producing full history and audit logs for the solution.

Tips and Tricks of the Docker Captains

Adrian Mouat (Container Solutions)

Docker Captain Adrian Mouat will present a grab bag of tips and tricks for getting the most out of Docker. These tips are aimed at avoiding common pitfalls, addressing common misunderstandings and making common operations easier.

Topics covered will include:

– Build Processes

– Security

– Volumes

– Databases

– Orchestration

– Debugging and Maintenance

– Calling Docker from Docker Whilst aimed primarily at new and intermediate users, even advanced users should pick up some new information. This talk will make your daily life with Docker easier!

Production SecOps With Kubernetes in Docker

Scott Coulton (Puppet)

In this talk, Scott Coulton will walk through how to build a container as a service platform with Docker EE. Starting from scratch he will help you figure out what orchestrator to choose by deep diving into the technical differences between swarm and kubernetes on the EE platform as well as cover some of the practical considerations that could influence your decision. He will also share various automation solutions to deploy your cluster into production. Once the cluster is up and and running, Scott will delve into sec ops and discuss security best practices – including signing images in DTR (Docker Trusted Registry) and CVE scanning to provide a secure supply chain into production. You’ll leave this talk with the knowledge needed to build your own container platform in production. And did I mention it will all be done live, step-by-step?

Proactive Ops for Container Orchestration Environments

John Harris (Docker)

Break -> inspect -> fix is the Ops workflow for infrastructure stacks of the past. Distributed infrastructure and applications claim to be the new generation, but why is it so much more painful to maintain and troubleshoot them? Much of the pain comes from outdated operational models relying on reactive or, worse yet, manual monitoring and Ops.

This talk lays out a proactive Ops model for container infrastructure. By focusing on event monitoring, infrastructure state monitoring, trend analysis, and distributed log collection, a proactive Ops model delivers observability for distributed apps that was not possible before. Using real-world examples from Swarm and Kubernetes, we’ll demonstrate the tools used and how we relieve Ops pain in container orchestration.

Demystifying Container Connectivity with Kubernetes in Docker

Nicola Kabar (Docker), Karthik Prabhakar (Tigera)

The addition of Kubernetes support to Docker Enterprise Platform presents deployments with interesting new abstractions for application connectivity. Users and Operators are often challenged with rationalizing how pod networking (with CNI plugins like Calico or Flannel), Services (via kube-proxy) and Ingress work in concert to enable application connectivity within and outside a cluster. Similarly, given the dynamic and transient nature of containerized microservice workloads, how to leverage scalable and declarative approaches like network policies to express segmentation and security primitives.

This session provides an illustrative walkthrough of these core concepts by going through common deployment architectures providing design, operations, and scale considerations based on experience from numerous production deployments. The session will also showcase how to complement application and operations workflows with policy-driven business, compliance and security controls typically required in enterprise production deployments.

Black Belt

Black Belt

One way to achieve a deep understanding of a complex system is to isolate the various components of that system, as well as those that interact with it, and examine all of them relentlessly. This is what we do in the Black Belt track! It features deeply technical talks covering not only container technology but also related projects.

Read More

Java in a World of Containers

Arun Gupta (AWS), Robert Vandette (Oracle)

Container technologies such as Docker are rapidly becoming the de-facto way to deploy cloud applications, and Java is committed to being a good container citizen. This session will explain how OpenJDK fits into the world of containers, specifically how it fits with Docker images and containers.

The session will focus on the production of optimized Docker images containing a JDK. We will introduce technologies such as jlink, that can be used to reduce the size of the created image. The session will explain Alpine/musl support for an effective image and runtime. The session will also talk about and the inclusion of Class Data Sharing (CDS) archives and Ahead of Time (AOT) shared object libraries for improving startup time.

The attendees will learn about the recent work that has gone into OpenJDK for interacting with container resource limitations.

Windows Container Security

David Lawrence (Docker), Saruhan Karademir (Microsoft)

The majority of the container security discussion revolves around containers on Linux while the security of containers in Windows is left as a mystical black box. In this talk we’ll peel back the curtain and dive in to how Windows containers are secured.

Does Windows have namespaces? How does it compose the layers of a container’s filesystem? How does it limit resource usage of containers? I heard there’s a Hyper-V isolation thing, what’s that about?

We’ll answer all these questions and more!

Container Orchestration from Theory to Practice

Stephen Day, Laura Frank (CloudBees)

Join Laura Frank and Stephen Day as they explain and examine technical concepts behind container orchestration systems, like distributed consensus, object models, and node topology. These concepts build the foundation of every modern orchestration system, and each technical explanation will be illustrated using SwarmKit and Kubernetes as a real-world example. Gain a deeper understanding of how orchestration systems work in practice and walk away with more insights into your production applications.

Kubernetes Extensibility

Tim Hockin, Eric Tune (Google)

Kubernetes is designed to be an extensible system. But what is the vision for Kubernetes Extensibility? Do you know the difference between webhooks and cloud providers, or between CRI, CSI, and CNI? In this talk we will explore what extension points exist, how they have evolved, and how to use them to make the system do new and interesting things. We’ll give our vision for how they will probably evolve in the future, and talk about the sorts of things we expect the broader Kubernetes ecosystem to build with them.

Kubernetes with Docker

Alex Mavrogiannis, Guillaume Tardif (Docker)

Since last DockerCon, Kubernetes has been integrated into both the Desktop and Enterprise editions of the Docker Platform. In this deep dive session, we’ll showcase live demos and explore where Kubernetes fits in the architecture of both the Desktop and the Enterprise editions and which community tools make this integration possible. We’ll be covering topics ranging from hypervisor control, storage and networking all the way to the integration of a custom RBAC system, native Compose file support and providing a rich user interface for Kubernetes.

Istio: Managing, Securing, and Observing Microservices

Lin Sun (IBM), Zack Butcher (Tetrate)

With the rapid adoption of microservices, Istio has become the de facto framework to load-balance, route, secure and monitor the traffic that flows between microservices. Istio provides a common networking, security, policy and telemetry substrate for services that we call a ‘Service-Mesh’. Come learn how the service-mesh helps with the transition to microservices, to empower operations teams, to adopt security best-practices and much more. We’ll also cover the state and ecosystem of the project, where it’s headed and how you can get involved.

A Vision of Persistence

Justin Cormack (Docker), Luke Marsden (DotMesh)

Pull, push, clone, it is all in your daily workflow. But what if this wasn’t your source code or your container, but the state of your whole computer? Push your production database over to another machine? No problem!

This talk shows how you can use Dotmesh with LinuxKit to work with persistent data on your server as simply as you work with git. This workflow helps unleash new ways of working with servers and data. Immutable infrastructure from LinuxKit meets controlled and manageable data storage from Dotmesh. Combining these two open source projects allows new possibilities in how to manage your infrastructure.

Deep Dive in Container Service Discovery

Laurent Bernaille (DataDog)

Service discovery and traffic load-balancing in the container ecosystem relies on different technologies, such as IPVS and iptables, and container orchestrators use different approaches. This talk will present in details how Docker Swarm and Kubernetes achieve this. The talk will continue with a demo showing how applications that are not managed by Kubernetes can take advantage of its native load-balancing. Finally, it will compare these approaches to service-mesh solutions.

Docker Platform Internals (Containerd / BuildKit) Talk

Michael Crosby, Tonis Tiigi (Docker)

In this session, we’ll go into details about the latest developments around some of the components behind the core features of the Docker Platform. We’ll cover the containerd runtime that was built to serve as an underlying daemon for Docker and Kubernetes, and BuildKit, a toolkit that builds on containerd to provide next-generation capabilities for building software with the help of containers. You will learn about the architecture and design choices of these projects, for example, the power of containerd’s rich client library and BuildKit’s frontend model that allows introducing new build languages or Dockerfile features. You can discover how you can use these projects directly and how they are being integrated into the Docker Platform.

Docker Docker Docker

Docker Docker Docker

Docker Docker Docker sessions provide a deeper dive into Docker tooling, implementation, and real world production use recommendations. If you are ready to get to the next level with your Docker usage, join this track for product updates and best practices from the Docker team.

Read More

How To Build Your Containerization Strategy

Lee Namba (Docker)

The Docker Enterprise Edition platform helps customers deploy and manage applications faster and it secures the application pipeline at a lower cost than traditional application delivery models. But it takes more than just great technology to achieve the desired results. The organization and culture of your enterprise directly impacts what you transform, how it’s done, and who does it. Success requires a strategy for how you will govern the Docker EE container platform, how to assess your application estate, what your delivery pipeline will look like, and how to ensure developers, operators, security teams and others play nicely together.

In this talk I will cover topics such as different types of workloads (legacy, microservices, FaaS, big data, …), how your org chart can influence whether you deploy a CaaS (Containers as a Service) vs CLaaS (Clusters as a Service), how “shifting left” can determine if you can outsource, centralized vs distributed CI/CD and how containers play a role, transforming your pets into cattle, how giant whale balloons are used for onboarding, and a prescriptive and comprehensive methodology for successfully deploying Docker in your enterprise.

Docker for Developers on Mac and Windows

Gareth Rushgrove (Docker)

The whole Docker ecosystem exists today because of every single developer who found ways of using Docker to improve how they build software; whether streamlining production deployments, speeding up continuous integration systems or standing up an application on your laptop to hack on. In this talk we want to take a step back and look at where Docker sits today from the software developers point of view – and then jump ahead and talk about where it might go in the future. In this talk, we’ll discuss:

* Making Docker an everyday part of the developing software on the desktop, with Docker for Windows and Docker for Mac

* Docker Compose, and the future of describing applications as code

* How Docker provides the best tools for developing applications destined to run on any Kubernetes cluster

This session should be of interest to anyone who writes software; from people who want to hack on a few personal projects, to polyglot open source programmers and to professional developers working in tightly controlled environments. Everyone deserves a better developer experience.

Docker Enterprise Edition: An Architecture and Operations Overview

Ryan Kennedy, David Chung (Docker)

Docker Enterprise Edition (EE) is much more than just an application packaging format and run-time. It is an enterprise-ready container platform that automates the delivery of applications using an agile operating model with integrated security. Join members of the Docker product team as we walk through how you can leverage Docker EE to construct a pipeline to create new apps on Docker Desktop or modernize traditional apps using Docker Application Converter, move apps through a secure supply chain with Docker Trusted Registry, and deploy and monitor the apps at scale in Universal Control Plane.

* Overview and architecture of Docker EE technical solution

* Locking down a multi-tenant deployment by limiting user access to specific cluster nodes and API/CLI/UI permissions

* Using Compose to simplify Dev app creation while leveraging both Swarm and Kubernetes for maximum Ops flexibility

* Creating a secure supply chain that scans your apps for vulnerabilities and cryptographically signs them for verification

Stick around for tips and tricks running Docker at scale, and demos of new features!

Continuous Compliance with Docker Container Platform and OSCAL

Andrew Weiss (Docker), Anil Karmel (C2 Labs)

Highly regulated industries such as the financial, healthcare, and Government sectors present a number of unique challenges in the realm of IT compliance. While Docker Enterprise Edition is already being used to facilitate agile and secure development workflows in these environments, it has been notoriously difficult to correlate various standards and catalogs like PCI DSS, HIPAA and NIST 800-53 to containerized workflows and ensure compliance with the same.

In this session, you’ll learn about NIST’s new Open Security Controls Assessment Language (OSCAL) specification, the problems it addresses, and how it has been embedded into Docker EE to support the notion of continuous compliance. This session will also highlight how Docker, Inc., in partnership with C2 Labs, extended the platform to give compliance professionals a concise window into the complete state of their Docker environment.

Troubleshooting Tips from Docker Support Engineers

Ada Machini, Eiichi Kitagawa (Docker)

Docker makes everything easier. But even with the easiest platforms, sometimes you run into problems. In this session, you’ll learn first-hand from someone whose job is helping customers fix these problems. In this session, you’ll learn how to:

  • Ask better questions & identify the real problems you want to solve
  • Use command line tools to inspect internal Swarm and Kubernetes components
  • Debug and troubleshoot interactions between Enterprise Edition components
  • Troubleshoot Docker Enterprise Edition Windows nodes
  • Apply these skills to troubleshooting Docker Enterprise Edition

Modernizing Traditional Applications with Docker

Jeff Murr (MetLife), Brian Walker (Docker)

Modernizing Traditional Apps with a Docker is a great way to start your containerization strategy and to prove to your leadership there is value. MetLife has outlined the early stages of their journey at past DockerCons, but have now moved past the POC stage and are in the process of transforming our technology portfolio globally. We are driving change on multiple levels in many ways, and now we’ve created a long-term strategy outlining how we will reach our technology goals using containers. At MetLife, we realized that once a PoC is complete, incorporating an entire application portfolio can be challenging: Where do you focus for the largest benefit to the organization? How and what do I spend the savings on if I want to ensure maximum value? How should people & processes change to align to match our transformation goals?

In this session you’ll hear more about how MetLife has built their strategy to go forward, and you’ll learn how Docker’s strategic approach to containerization and transformation can be applied in your company, too.

Considerations for Operating Docker at Scale

Andrew Hromis (Docker), Sujay Pillai (Jabil)

“Scale” happens along 3 different aspects: (1) applications and their services scale up and down leading to (2) the infrastructure scaling up to meet the needs of the applications, and finally (3) sites scale across multiple locations, including movement to public cloud. In this session, we will talk about how Docker EE scales along all three of these dimensions to give you a consistent platform for running your applications:

1. At the application level: how do you manage application state & health along with resource and security constraints to scale containers up and down up in a controlled fashion?

2. The infrastructure level: as your application estate grows on the Docker EE platform you will need to scale across more nodes. How do automate the provisioning of these new nodes and how do you integrate the Docker EE platform layer with your existing infrastructure systems and tools.

3. Finally, we’ll talk about distributed scale: how do you take what works for applications in one data center and spread it across multiple sites, in an integrated fashion so you can operate seamlessly?

Networking in Docker Enterprise Edition With Kubernetes and Swarm

Flavio Crisciani, Abhi Prativadi (Docker)

Now that Docker Enterprise Edition has added Kubernetes there are two models for networking in the platform. In this talk, we will review the pros and cons of each approach and how they co-exist in the Docker container platform. We will then show you how to achieve your application networking design goals under either model in the Docker platform, including segmentation, multi-tenancy, isolation and security. Whether you choose to go with Docker Swarm or Kubernetes (or both) for orchestration, you will walk away from this session knowing what effect that will have on your network design and how to accomplish your desired result.

Docker Storage: Designing a Platform for Persistent Data

Dan Finneran (Docker)

Docker containers have popularised the concept of read-only/immutable infrastructure and lead to changes in system and application architecture across the IT industry. However nearly every application generates some data that will need to persist long after the life-span of the container that generated it. This talk will look at the best practices around persistent storage with containers, from providing design advice around the construction of your application/container to the functionality provided from storage vendors through the Docker Volume driver plugins.

Innovation

Innovation

The Innovation Track shows how containers are redefining our technology toolbox, from solving old problems in a new way to pushing the boundaries of what we can accomplish with software. Sessions in this track provide a glimpse into the new container frontier as it relates to IoT, Machine Learning and distributed systems.

Read More

Accelerating Development Velocity of Production ML Systems with Docker

Kinnary Jangla, Ekrem Kocaguneli (Pinterest)

The rise of microservices has allowed ML systems to grow in complexity, but has also introduced new challenges when things inevitably go wrong. This talk dives into why and how Pinterest Dockerized the array of microservices that produces the Pinterest Home Feed to accelerate development and decrease operational complexity and outlines benefits we gained from this change that may be applicable to other microservice based ML systems.

Most companies provide isolated development environments for engineers to work within. While a necessity once a team reaches even a small size, this same organizational choice introduces potentially frustrating dependencies when those individual environments inevitably drift. This project was initially motivated by challenges arising from the difficulty of testing individual changes in a reproducible way – without having standardized environments, pre-deployment testing often yielded non-representative results, causing downtime and confusion for those responsible for keeping the service up.

The Docker solution that was eventually deployed pre-packages all dependencies found in each microservice, allowing developers to quickly set up large portions of the Home Feed stack, and always test on the current team-wide configs. This architecture enabled the team to debug latency issues, expand our testing suite to include connecting to simulated databases, and more quickly do development on our thrift APIs.

This talk will feature tips and tricks for Dockerizing a large scale legacy production service and discuss how an architectural change like this can change how an ML team works.

Automated Hardware Testing Using Docker for Space

Christopher Heistand (Johns Hopkins Applied Physics Lab)

Two things are for certain – space is hard, and Docker is not just for web content! Space software development traditionally lags behind state of the art software process for good reason – our missions are long (7+ years), we run on highly constrained embedded hardware, and the software cannot fail. Docker, along with a devops mentality, has helped us create a scalable, parallelizable and rapidly deployable test infrastructure for DART, NASA’s mission to hit an asteroid at 6 km/s.

During the presentation, we will walk through how our dev cycle has changed from a human based testing system to an automated one. We will outline how we are using Docker (and NASA Goddard’s Core Flight Executive) for both our embedded development environment and our scalable test environment. Next, we will discuss what deployment means to us (and how different it is from web deployment). Lastly, we will explore lessons learned on how our hardware-centric testing approach was adapted into a software-based approach: what worked, what didn’t, what we wish we could do someday.

How can you help? We are new to Docker. We are excited to share our experiences and hear from the Docker community on our use cases, technological hurdles that we faced, our solutions to these problems, and how we can harness Docker to the fullest extent.

Packaging Software for the Distribution on the Edge with Docker and Windows Server

Peter Ngai (GE Digital)

At GE Digital, in the Asset Performance Management space, we need to supply an edge solution that impacts both on-premise and data transmission to the cloud. Our current edge solutions are relatively simplistic, but as our technologies mature along with our customers’ needs, we’re finding that we need to grasp a more fog computing-based approach where we include more intelligence, more computing power, at the edge. Along with this computative power, we need to better remotely manage these systems – to be able to monitor progress and diagnose problems – a technology that would enable us to containerize, to better manage, our software bundlings and deployments.

We found that Windows Docker seemed to fit the bill — much of the technologies that live at our edge solutions are Windows OS based (as the customers’ main platforms are Windows OS based). This presentation reviews the approach that we took to repackage one of our main APM on-premise solutions using Windows Docker. We’ve created a prototype which we’re looking forward to productize and enable the capability of remote management to thousands of deployments.

The presentation also contains a video demo of the running system. The on-prem APM system will demonstrate the usage of Docker networking along with docker volumes and three (3) docker containers – will discuss the construction of the images, and nuances, of execution of the running docker containers.

Docker, Microservices, and the Service Mesh

Tony Pujals (AWS)

The nature of containerized, cloud-native applications is rapidly advancing with a fundamentally different architecture that will rely on service meshes with smarter proxies, traffic management, and enhanced observability for cooperating microservices, serverless functions, and complex workflows. In this session we will highlight the features that characterize this architectural transformation in the Docker cloud-native ecosystem.

Democratizing Machine Learning on Kubernetes

Joy Qiao, Lachlan Evenson (Microsoft)

One of the largest challenges facing the machine learning community today is understanding how to build a platform to run common open-source machine learning libraries such as Tensorflow. Both Joy and Lachie are both passionate about making machine learning accessible to the masses using Kubernetes. In this session they’ll share how to deploy a distributed Tensorflow training cluster complete with GPU scheduling on Kubernetes. We’ll also share how distributed Tensorflow training works, various options for distributed training, and when to choose what option. We’ll also share some best practices on using distributed Tensorflow on top of Kubernetes, based on our latest performance tests performed on public cloud providers. All work presented in this session will be accessible via a public Github repository.

Docker and IoT: Controlling "Things" with Containers

Brian Christner, Darragh Grealish (56k Cloud)

Internet and Things are all around us. Industry 4.0 promises to propel companies forward with automation and big data but in all honesty, the internet is still lacking on many devices. Docker in combination with DevOps automation enables companies to incrementally add IoT to their “Things” and infrastructure. Learn how we deliver IoT solutions (monitoring, software updates, and security) to locations around the world and enable new capabilities never seen before in these industries.

Accessible High Performance Computing for Everyone with Docker and Containers

Christian Kniep, Christine Lovett (Docker)

This session will introduce High Performance Computing and outline the challenges when trying to fit those workloads into containers. Afterwards the community solutions are touched on before an approach based on proper Docker is shown. The talk will wrap-up with an outlook how containers can foster scientific discoveries by allowing HPC to be used by everyone.

Serverless Panel

Anthony Skipper (Galactic Fog), Chad Arimura (Fn), Yaron Haviv (Nuclio), Michael Behrendt (OpenWhisk) Alex Ellis (OpenFaas), Idit Levine (Solo.io), Patrick Chanezon (Docker)

Serverless introduces a new way to architect and operate applications, based on functions responding to events or triggered by an API gateway, as well as a new economic model for consuming compute resources. Among the options to adopt serverless are using a cloud provider proprietary serverless platform, or adopting one of the open source portable serverless frameworks running on top of a container platform, to avoid lock-in.
This panel will feature leaders from the top 5 container based serverless frameworks, Galactic Fog, Nuclio, Fn, OpenWhisk and OpenFaaS, and from the Gloo project which aims at gluing together all serverless applications with legacy and cloud workloads to discuss the state of portable serverless frameworks on container platforms.

Transform

Transform

The transform track focuses on the impact of change – both for organizations and ourselves as individuals and communities. Filled with inspiration, insights and new perspectives, these stories will leave you energized and equipped to drive innovation.

Read More

#bigwhale: An Unexpected Journey into Containerization @ Lockheed Martin - Part 1

Arjuna Rivera (Lockheed Martin)

2017 was a banner year for change and disruption at Lockheed Martin. Specifically Enterprise IT, moving to cloud and taking a chance on Containerization as a Service with Docker. As innovation accelerates and customer needs rapidly evolve, Lockheed Martin must become increasingly agile. Rapidly responding to customer requirements is key, and to facilitate overall business goals, Enterprise IT needs to be agile. We are experiencing software development lifecycles moving from waterfall to agile models of development. These changes are moving downstream toward Enterprise IT operations with the evolution of DevOps.

In order to meet the demands of the customer and make significant progress on our cloud journey, we needed to look at changing how we manage infrastructure, how we change our IT culture and ultimately how we innovate at scale. That’s where the story of i2 labs begins.

This presentation will focus on the creation of i2 labs at Lockheed Martin, which inspired and enabled people and processes to invest in Docker as a company, Containerization as a technology and DevOps as a methodology. How we went from labs testing to building Agile Development Teams to preparing to enter our BETA phase of our Enterprise Containerization as a Service to deploy applications in a consistent, repeatable, and reliable manner.

Diversity is not only about Ethnicity and Gender

Chloe Condon (Sentry)

If you work in tech, it’s likely your company has a Diversity initiative… but what does that even mean?
If you are a “diverse” candidate, have you noticed a difference? If you are a manager, how have you changed your practices to support diversity? How many fantastic SW developers have you met that came from a non-traditional background? Did they all have a CS degree? Should a CS degree be a prerequisite for all SW engineering roles? With the rise of coding bootcamps and self-taught programmers around the world, perhaps it’s time we start changing our hiring processes.

In this talk, we’ll dive into how to approach ways to evolve your current recruiting practices to encourage more diverse candidates through your door, take a critical look at current interviewing procedures and processes (hint: you may be blocking the door to many candidates), explore the benefits of hiring bootcamp grads (as well as discuss the bandwidth needed to train one), highlight success stories, and I’ll share some funny (and cringe-worthy) stories from my time as a junior developer interviewing without a CS degree. Join Chloe Condon – Theater/TV/Movie actress turned Software Developer, as she tells her story and shares her expertise.

Building a Docker Center of Excellence: Panel Discussion with MetLife, PayPal, and Splunk

Mark Church (Docker), Tim Tyler (MetLife), Meghdoot Bhattacharya (PayPal), Mike Dickey (Splunk)

As with many new technologies, the adoption of containerization is as much cultural change as it is technological change.. The Docker container platform unlocks many advantages in software delivery but can also challenge traditional development and IT operations paradigms. Companies should consider the potential impact and opportunity the organization, culture and processes as part of the technology implementation.

This panel led by Meghdoot Bhattacharya, Director of Cloud Engineering at PayPal, Tim Tyler, Principal Solutions Engineer at MetLife, and Mike Dickey, Senior Director, Engineering at Splunk will feature their experience in rolling out Docker Enterprise Edition across legacy codebases and multiple application teams with minimal disruption to the business. A successful pattern common across all three companies is the formation of a Center of Excellence (COE) to build expertise and focus the execution of the containerization strategy. Gain valuable insights into the intangibles such as how to find the right mix of skills for the team, how to find quick wins that solidify the strategy, and how to roll out Docker in phases to reduce disruption.

Shaving my Head Made me a Better Programmer

Alex Qin (GAKKO)

How do perceptions and stereotypes affect those in the programming community?This talk tells the true story of my physical transformation, and the surprising and drastic ways in which it affected how I was perceived and treated as a programmer. This new perspective allowed me to take a hard look at our community, and how it can at times be less welcoming and inclusive than we all intend it to be. This talk also covers the effects of unconscious bias, micro-aggressions, and stereotype threat within our community, and how to make engineering teams and our entire field more inclusive to all, and thusly more successful.

10 Practices for Better, Cheaper, Faster Service Delivery

Rob Schoening, Ashley Sun (LendingClub)

As a disruptive force in the trillion dollar personal loan market, Lending Club built an online platform for peer-to-peer lending that embraces DevOps. Throughout this 10-year experience, Lending Club has dealt with changing business needs, new technology trends like the cloud, and embracing new technologies like containers.

In this session, Rob Schoening, VP of TechOps for Lending Club, and Ashley Sun, Senior Software Engineer, will outline some of the guiding principles that they’ve instilled in his organization to be able to embrace DevOps. These principles have allowed the company to grow from $1B in loans issued by 2012 to $33.6B of loans issued by the end of 2017. They’ll cover some of the decisions the organization had to make along the way and how they approach DevOps today, including where Docker fits into this.

The Complexity to “Yes” in Analytics Software and the Possibilities with Docker and Containers

Andrea Gallego (The Boston Consulting Group)

When you have to say “YES” to everything, what does that really mean?

The Boston Consulting Group (BCG) is a global management consulting firm that advises industry leading companies on value creation strategies, innovation, transformation, supply chain management and much more. BCG provides recommendations and analytics that are custom tailored to the needs of each client. To do this BCG is transforming what used to be presentations and manual models into software that is prototyped and distributed to their client to run on their infrastructure – in effect changing the way BCG delivers value.

However the productization process poses unique challenges and opportunities. Their clients have every type of infrastructure and application stack within their IT environments, how can BCG ensure that the custom built analytics applications will operate well at scale in their client’s production environment – especially when it is an environment that they don’t control? The bespoke nature of the BCG business led the team to embark on an engineering led journey to containerization with Docker. Attend this session to learn more about the approach, challenges and how BCG is enabling transformation with Docker Enterprise Edition.

Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles Black Friday and 100K Deployments Per Year

Srikanth Bulusu, Sanjoy Mukherjee (JCPenney)

At JCPenney, Black Friday is one of our most critical shopping periods, both in stores and increasingly online. Hundreds of millions of dollars are on the line for us in a narrow shopping window so scaling to handle the traffic and being able to deploy promotions and fix issues without disruption to the website and our business are critical. Our prior way of delivering applications was built on a waterfall model, locked in to a set of ISV vendor dependencies, with rigid silos. It was too slow and expensive to deploy changes and keep pace with our business. We needed an application delivery platform that can handle the scale of Black Friday, and allow us to adapt our systems as our business continues to evolve.

In our DockerCon session, we will tell you how we are transforming JCPenney’s omni-channel business with Docker and open solutions like Jenkins, Spring cloud, Netflix OSS and Ansible. We went live in our first iteration in just two months, and then on-boarded over 30 services in the first 6 months. We learned quite a bit along the way and you’ll hear why we made an important decision to switch from Docker Community Edition to Docker Enterprise Edition. Our new cloud-native, Dockerized systems handle over 100,000 deployments per year and can scale to handle events like Black Friday with zero issues.

Depend on Docker (DoD) - Imagine a world where the only dependency you need is Docker!

Alex Iankoulski, Arun Subramaniyan (Baker Huhges, a GE Company)

Software development is hard, too hard for today’s fast-paced world. There are too many distractions, and obstacles that block us on our way from an idea to a working software product. It is not surprising that many great ideas never see the light of day. How can we make software development easier? How do we make software build, ship, and run on Mac, Windows, Linux, on-prem, and on any cloud? Over the past three years we have learned that where there is a whale, there is a way.

Join this session to be inspired by the story of scientists and software professionals who will share their transformational journey to accelerate ideas to production software. We will provide usecases that needed a polyglot infrastructure with highly diverse groups from scientists, aerospace and petroleum engineers to software architects to co-create a production application. In the spirit of DockerCon, this session will include a live demo. The presentation materials and a starter project will be open-sourced at the end of the talk. You will leave inspired to enter a world where the only dependency you need is Docker!

A Strong Belief, Loosely Held: Bringing Empathy to IT

Nirmal Mehta (Booz Allen Hamilton)

In this talk, the conversation centers around how to use behavioral economics and other processes to assist in getting IT organizations to adopt DevOps practices. Technology is easy but, people are hard. How can we use game theory to encourage empathy in an organization? How can you, as an individual contributor, help drive positive change in your team, company, and community? This talk fosters thought and dialogue on how to address the people and IT cultural needs as organizations transform.

Community Theater

Community Theater

Located in the main conference hall, the Community Theater will feature lightning talks and cool hacks from the Docker community and ecosystem. Don’t miss out on these sessions from one of our most popular tracks at DockerCon!

Read More

How MIT's AI Competition runs on 2,000 Docker Containers

Joshua Gruenstein (MIT Battlecode)

Battlecode is MIT’s 17 year old AI competition, where players submit bots that compete against each other in a real time strategy game. In order to run such a competition with thousands of competitors, Battlecode must be able to securely sandbox untrusted player code, guarantee a consistent execution environment, and scale to run hundreds of matches in seconds. We achieve this through a unique usage of Docker; to this date, we have deployed our container to hundreds of match-running servers and thousands of competitors.

Some of the interesting challenges we have faced when using Docker for Battlecode are, in no particular order, 1) using docker in docker to ensure players don’t tamper with match running software, 2) deploying software to competitors with Docker, and 3) managing a distributed horde of containers.

What's a Cat Doing in my Cluster?

Christopher Liljenstolpe (Tigera)

You’ve spun up Kubernetes in your DockerEE cluster, but what are all these new components? Where’s Libnetwork? What is this cute Calico cat doing here? I just turned on this “network policy thing” and now nothing is talking – What is going on? In 15 minutes, I will explain Kubernetes networking basics, how it works in DockerEE, what network policy is and what you can use it for, a real-world use-case from the front lines of containerized network security, and even who that insufferably cute kitten is, and what it’s doing in your cluster.

Frequently Answered Queries on StackOverflow

Brandon Mitchell (BoxBoat)

Jump start your adoption of Docker by avoiding some of the most common issues encountered. This talk aims to clarify many of the common points of confusion around docker, leveraging countless questions on StackOverflow and hands on experience implementing Docker in production environments.

Topics include pitfalls of treating containers like virtual machines, why you should not define a volume in a Dockerfile, how host volumes and a named bind mount are different, the easy way to debug networking issues inside your containers, the difference between exposing and publishing a port, and how RUN, CMD, and ENTRYPOINT may not behave as you expect.

Containers for Beer - An Edge Appliance Enables Operational Improvements for Craft Brewers

Huck Bales (Stone Technologies)

The state of the art for information management in the craft brewery is the clipboard. Enabling real-time and historical visibility of the process will result in better beer and clearly make the world a better place to live. Using containers running on a low-cost industrial edge device, process and lab data are sent to a cloud database where visualization and analysis are performed.

The goal of this proof-of-concept is to deploy a prototype edge appliance and demonstrate a business case for a cloud-based subscription service. Containers on the edge device are key to delivering configurable solution that will meet varying requirements of breweries. On-premise user functionality includes real-time monitoring and display of the brewing and fermentation processes. Cloud-based functionality includes managing recipes, tracking batches, comparing batch performance, and machine learning to predict fermentation results.

5 Years Later: Is Docker Still Delivering? Confessions of a Docker-Holic

Thomas Shaw (Demonware)

My name is Tom and I’m a self-confessed Docker-holic. This is my story.

I first encountered Docker on August 19th 2013. One of our internal customers at Activision was growing weary of VMs and requested “fast, simple to build and reproducible” test environments to be used in the Continuous Integration pipeline. Docker was suggested and within 2 months we were running builds and tests in containers.

What started as a single container test environment quickly escalated into test stacks using docker compose. 5 years later and we are using Docker to create scalable, multi-cloud Build and Test environments. The more we used Docker the more use cases we found.

This talk will look at how the Build Engineering team evangelised container adoption, the change to the developer workflow, where did we fail and how did we recover. I’ll also talk about some tips, tricks and anecdotes picked up along the way. The talk will conclude with “5 things I wish I’d known 5 years ago”.

Dockerizing StarCraft 2 Learning Environment

Elaine Yeung (Sentry)

In August 2017, Blizzard Entertainment and Deep Mind released a StarCraft 2 Learning Environment (SC2LE) designed to take machine learning to the next level. The initial set up of the SC2LE development environment (without Docker) took over a day to troubleshoot and install. In this session, Elaine will share how Docker containers allowed her to cut the time needed to set up SC2LE from over 18 hours to under 30 minutes.

Distributed systems for big data processing on Kubernetes: algorithms, architecture and implementation

Alena Hall (Microsoft)

Data is growing quickly and generates events at an ever-increasing rate. Building a flexible, fast, and reliable solution to ingest, process and manage that data can be challenging. How can we make it easier? To form better understanding, in this talk we’ll explore underlying concepts and algorithms used in practical real-world distributed systems. We will also take a look at Kubernetes features, such as Stateful Sets, that help in implementation of big data processing architectures, covering Cassandra, Kafka and beyond.

Self-upgrading Servers with Docker

Francesc Campoy Flores (source{d})

Discover how we implemented a server that doesn’t require any downtime to be extended with new features.

Babelfish (bblf.sh) is an open source project created at source{d} that provides language parsing for *any* programming language.

Each parser is written in its own language, so we can’t just simply put everything in a binary.

So how does this work?

We are able to update and upgrade the API server by running Moby inside of Moby (we need to go deeper!) and using the Docker hub as our repository for parsers.

In addition to this, each container image for parsers needs to follow some quite strict specifications: and in order to do so we build a set of images via Makefile and multi-stage builds.

All in all creates an efficient system that although is architecturally complex provides a simple developer experience.

This talk covers all the juicy details of the architecture and the lessons we learned while developing it.

Docker for Python Developers

Michael Herman (ClickFox)

This talk looks at how to configure a Python-based development environment for both web development and data science. We’ll look at how to configure Docker in your local development environment, set up Docker Compose to manage multiple containers, and utilize multi-stage builds to produce lean, production-ready images.

Improve Community Project Engagement with Docker

Stanley Zheng (Cloudreach)

America Brigade meetup, our small team of engaged citizens has been working on local civic issues with web technology for over five years. As the number of volunteers and code projects grew, we used Docker and Docker Compose to not only scale our infrastructure but also our volunteers through rapid project onboarding. All in the open.

At Code for Hampton Roads, we are technical people who volunteer our time to build free apps and tools to help our local communities and change the way we engage with our government. With a few core developers, we were able to use Docker to scale our efforts to maintain applications used by thousands of local citizens and built in different technologies; all while onboarding new developers and bootstrapping them quickly. It has unlocked our ability to collaborate and iterate quickly from development to productions across our organization and local government. It also empowers our volunteers to jump in quickly, removing the “environment setup” challenge. This session will share how adopting Docker can help unlock productivity and collaboration to any organization, technical or not. We’ll share how Docker has improved our community and transformed our organization over the past five years.

Otto the DBS - Docker and the 12th Factor

Michael Dodge (Liberty Mutual)

While Docker naturally leads us to many of the 12-factor principles like Dev-Prod parity and Port Binding, others aren’t as obvious or top-of-mind. One item that we’ve found incredibly useful in our journey that we hadn’t expected when we started off has been the 12th factor – one-off admin processes should be run in an identical environment as the regular long-running processes of the app. All too often, we focus on the application runtime itself, but lose sight of the end-to-end process and how it impacts support and security.

With the ability to package and run a variety of utilities and not just “typical” applications, as well as the ability to invoke transient tasks without the overhead of infrastructure provisioning, Docker is a natural lift for these types of tasks. Our original needs stemmed from traditional “DBA” type activities – following old practices tended to challenge security practices as well as traceability and consistency. By migrating these activities into containers, we were able to remove human access, improve audit and consistency, and keep network access tight. Once this pattern had started, we found it more useful than just DBA tasks – many other “operational support” activities were well suited to this pattern, allowing for unplanned/difficult work while still maintaining consistency and security.

Community Leaders to the Rescue

Wellington Figueira da Silva (EasyTaxi), Franzwagner Ternus (Universidade Federal de Goiás)

Are you running local meetups, conferences, summits? Have you ever think about it? You may have a lot of reasons to be worried but it is not that hard as you may think. In this talk we will explain what is a Docker Community Leader, detailing the good and the bad. We will also show the reality of two different cities in Brazil, one with a huge number of attendees, and how we lead the efforts in each group. We also have been collecting insights from other community leaders around the world and we will share the common issues so you can improve your skills for your next meetups, conferences and summits.

Contribute & Collaborate

Contribute & Collaborate

The Contribute and Collaborate track aims to raise awareness and educate users around the upstream components of the Docker Platform, provide a path for new contributors and unleash new opportunities for innovation and collaboration within the broader Cloud Native and Open Source communities.

Ecosystem Track

Ecosystem Track

Ecosystem Track showcases work done by sponsoring partners at DockerCon. Ecosystem sessions include a diverse range of topics and opportunity to learn more about the variety of solutions available in the Docker ecosystem.

Read More

Skip the Anxiety Attack - Build Secure Apps with Docker & Kubernetes

Jason McGee (IBM)

Software development today is more rapid, more distributed and more dynamic. As a developer you really want to be able to focus your time on creating new solutions. But as much as you might want to ignore it, you still have to ensure the apps you build scale, stay up and stay secure. Developers still need to understand and control the software supply chain: you still need to know who built what. You need to understand if your software is vulnerable, compliant with your processes and regulations, and secure. And you need to know what is running right now, where it is running, and to be able to control when it changes. So the trick is how to spend as little time as possible on these issues so you can focus on building your app. The combination of Docker, Kubernetes and Cloud can make that happen for you.

At IBM we are focused on helping you focus. The IBM Cloud Container Service, which leverages Kubernetes, provides advance capabilities for building cloud-native apps, adding DevOps to existing apps, and ultimately relieves the pain around security, scale and infrastructure management.

Learn more about the session here.

Securing Your Container Environment with Open Source

Michael Ducy (Sysdig)

Cloud Native platforms such as Kubernetes and Cloud Foundry help developers to easily get started deploying and running their applications at scale. But as this access to compute starts to become ubiquitous, how you secure and maintain compliance standards in these environments becomes extremely important.

In this talk we’ll cover the basics of securing Cloud Native platforms such as Kubernetes. We will also cover open source tools – such as Clair, Anchore, and Sysdig Falco – that can be used to maintain secure computing environment. Attendees will walk away with a good understanding of the challenges of securing a Cloud Native platform and practical advice on using open source tools as part of their security strategy.

Docker Containers make Cloud Transformation cheaper, better and faster

Rob Leach (Avande), Oscar Renalias (Accenture)

Your cloud transformation starts with that first step, optimizing your existing applications. Many companies have used Docker containers to migrate existing applications to Azure and done it in less than five days with a total cost savings of 50% or more!

Docker containers are ideal for projects that require upgrading off old versions of Windows Server, consolidation of data centers, or if you are just looking for opportunities to streamline your budget. These cost savings can then be rolled back into the execution of your journey to cloud creating a snow-ball effect that allows you to gain momentum and achieve your overall cloud goals faster.

Join us to learn how Docker containers make cloud transformation cheaper, better and faster.

Docker Adoption Trends and Best Practices

Ilan Rabinovitch (Datadog)

Join us at DockerCon as Datadog shares findings from our 2018 Docker and Orchestrator Adoption study. As a SaaS monitoring solution specializing in containers and cloud, Datadog has a unique vantage point into the world of Docker, orchestration, and containers. Join us as we open up the data and discuss surprising facts about real world Docker usage. Is Docker usage making it into production or are we all dabblers? Which deployment patterns most often lead to successful rollouts? Are containers really short lived? Join us as we bust myths, review usage statistics, and make a few predictions.

Developer Productivity with Google Container Tools

David Gageot (Google)

Visualizing Containers and Analyzing Performance

Kevin Crawley (Instana)

As organizations transition from monolithic applications to using microservices and containers they must be able to observe and holistically monitor their distributed environments. Instana uses AI to not only discover, map and visualize all workloads, but also automatically provide insights into container, platform and application performance. In this discussion, we will showcase Instana’s ability to create three-dimensional infrastructure, container and application maps – and how you can use those visualizations to gain new insights. We will show you how Instana monitors and understands orchestrated systems and the interdependencies within your legacy and microservice ecosystems.

Understanding the developer experience with Azure​

Shayne Boyer (Brian Liston)

Azure offers great experiences for building anything from simple to very complex applications using Docker and containers. If its modernizing a .NET application for migration to the cloud, using containers to process workloads on demand with Container Instances, or using open source tools like Helm and Draft to create and deploy apps; Azure has it covered. In this session, stop by and see how you can take advantage of Azure’s offerings alongside open source tools to get your app into the cloud and your organization more productive.

 

Service Mesh made Docker Simple

Darren Shepherd (Rancher Labs)

Darren has been writing software since he got his first 286 when he was 10, and is happiest when he’s stuffed in a closet banging away in anything but Java. Darren specializes in building systems to reliably control completely unreliable systems. Darren has a B.S. from California State University, Northridge. Prior to Rancher, Darren was Sr. Principal Engineer at Citrix where he worked on CloudStack, OpenStack, Docker and building the next generation of infrastructure orchestration technology. Prior to joining Citrix, Darren worked at GoDaddy, where he designed and lead a team that implemented both public and private IaaS clouds.

Leveraging the Machine Data Exhaust of Your Containerized Environment

Ben Newton (Sumo Logic)

Today’s hyper-competitive environment leaves little room for error as you try to take advantage of the latest best practices like microservices and containerization. Learn how to design a comprehensive, real-time data analytics strategy for operational and security insights into your application. The machine data exhaust of your cloud platforms, micro-services, and containerized architectures is a gold mine of insights for improving your application and making a great user experience – don’t let it go to waste!

In this session, we will cover:

  • How machine data analytics with built-in machine learning capabilities can help DevOps, DevSecOps, and IT Operations teams monitor the health of their applications
  • How to monitor Kubernetes and Docker-based applications
  • Share insights into how our customers are using the Sumo Logic solution to get real-time and proactive visibility into their application and user activity, enabling further optimization of the experience for their users

Holy Grail: Impenetrable Applications- Enforce Immutability and Protect the Data

Kevin Stultz, Ashok Banerjee (Symantec)

From Design Time to Run Time: Integrating Security into your Continuous Delivery Pipeline.

Bryan Webster (Trend Micro)

Join Trend Micro security architects to see how DevOps teams can secure applications while maintaining fast time to value with continuous delivery.

From image creation to runtime deployment, this session will explore detailed demonstrations and use cases for building security into the build and deployment of applications deployed to a Kubernetes cluster. Learn how vulnerability and malware detection can be integrated to your container build process, securing images as they move through the CI/CD pipeline with tools like Jenkins. We will also show examples of how automated agent provisioning and runtime controls deliver ongoing container and host level protection for your Docker environments.


Our detailed use cases will provide a better understanding of how you can ensure application integrity with properly integrated security that meets compliance and mission-control requirements for better business outcomes.</p>

Containers are fast, lightweight and portable, but what about your platform?

Kenny Coleman, Kaiting Chen (VMware)

Containers are the preferred way for developers to package and deploy their applications. With the frequency of deploys in Agile software development, you need more than a container runtime to keep up with the high rate of change.

Automation is the cornerstone of Agile and operators are increasingly turning to Kubernetes for container scheduling and service creation. Looking for a platform that treats infrastructure like software that can be programmable?

In this session, Kenny and Kaiting will re-enact their real job roles and show you how to operationalize Kubernetes, support Agile software developers and make infrastructure changes easily, rapidly and securely.

Partner Theater

Partner Theater

The Partner Theater highlights 20-minute lightning talks from DockerCon sponsoring partners. The sessions focus on a broad range of topics and provide an opportunity for you to learn about Docker ecosystem partners and their solutions.

Read More

Defending Against the Unexpected: Immutability to the Rescue!

Liz Rice (Aqua)

A lot of (justified) attention has been given to managing vulnerabilities and securing the build pipeline. While avoiding known vulnerabilities and ensuring that only trusted images are used are necessary building blocks of any secure Docker deployment, this is not where security ends. Malicious code can be introduced in other ways, and unknown vulnerabilities (zero days) might be exploited. Rather than looking for complex patterns or trying to guess what an attacker might do, there is a relatively simple way of protecting containers against many such attacks – enforcing immutability.

In this talk, Liz will demonstrate how Aqua can block attacks by preventing image-container drift and ensuring that containers only perform their intended functions.

How Atlassian Protects Your Code Running in Pipelines Containers

Ben Walther (Atlassian)

Atlassian’s CI/CD product, Pipelines, runs a Docker container of your own construction on our Kubernetes cluster. Find out how we safeguard your code even as others have the ability to run arbitrary code of their own. This talk will be heavily security focused.

Exploring Containers: Real-life Use Cases

Pat Cimprich (Avanade), John Foreman, (Accenture)

Join us as we share real-world examples of the most common container use cases, including Cloud Native or greenfield, modern DevOps environments for innovative new applications and legacy application migration to the cloud.

Container Security at Scale: Ensuring Trust in Container Deployments

Tim Mackey (Black Duck Software)

DevOps organizations are increasing turning to container environments to meet the demand for faster, more agile software delivery. Container orchestration platforms like Kubernetes present the most effective way to manage the operational challenges as these production environments scale. However, large-scale container deployments present a new array of security challenges, including how to properly manage open source security risk. A 2017 451 research report recently identified security as the single biggest hurdle to container adoption.

The challenges of managing security risk increase in scope and complexity with the size of your deployment and the number of open source software components that are a part of your application code base. In 2017, dozens of new CVEs were reported every day, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present.

Black Duck open source and container management expert Tim Mackey shares the latest insights and recommendations for securing open source in your containers, including:

  • The role of containers in addressing some of the problems faced by teams moving to DevOps
  • How Kubernetes enhances that solution by answering questions of networking, image registries, deployment automation, application lifecycle, etc.
  • Why container environments present new application security challenges, including those posed by open source
  • How to scan applications running in containers to identify open source and map against known vulnerabilities
  • Best practices and methodologies for deploying secure containers with trust

Are your Microservices Ready for Production? How Do You Know?

Dave Karow (BlazeMeter), Marc Chipouras (FreshTracks.io)

Tooling investment is paramount to successfully running production microservice architectures at scale. Preparation prior to launch is paramount to success. Knowing the interactions of your microservices at runtime under load will prevent surprises when you deploy to production. Load testing will not only show how the services perform in isolation, but how they perform when deployed along with their dependent services.

Additionally, when load testing microservices, interaction with system components like the scheduler and auto-scaler will be important to your success. Visibility of your microservices in a load testing environment should be exactly the same as your production environment. Prometheus is the leading open-source monitoring tool for Kubernetes and should be a part of any Kubernetes-based load testing environment.

The combination of load testing and Prometheus metrics will give you the confidence to take your microservices to production knowing it will scale while running in an orchestrated environment.

Lessons Learned Running Docker at Extreme Scale

Rob Zuber (CircleCI)

The ascendance of Docker has helped bring about about a new focus on some software development values that are dear to our heart at CircleCI—consistency, automation, and continuity; that is, developing software within a consistent build environment, testing it in an automated fashion, and deploying it with a focus on continuous delivery of new code.

We released CircleCI 2.0 with these values in mind, placing Docker at the core of our Continuous Integration platform and allowing customers to build projects on CircleCI using any combination of Docker images as build environments.

CircleCI’s images for popular languages + frameworks have over 38M+ pulls on DockerHub. Docker images are an incredible asset for ensuring that your dev and production environments are mirrors. But, with every new technology comes added complexity and management overhead.

In this session, Rob Zuber, CTO, CircleCi will share some lessons learned in running Docker at scale, across thousands of customers, their language + technology choices, and their environments. With over 350,000 users and 10M+ jobs per month, we’ve seen up close how customers can succeed with Docker, and how to avoid potential issues.

Deploy Faster! Become a Hero! And More Reasons why Docker Users Prefer HPE

Said Syed, Ka Wai Leung (HPE)

Where the Helm are Your Binaries?

Baruch Sadogursky (JFrog)

In this talk, we will show you how to build a reliable and transparent pipeline from code to cluster using Git, Artifactory, Docker, Kubernetes, and Helm.

We’ll show how you such a pipeline can help you answer the three big questions:

  • What to deploy?
  • What is deployed? 
  • What is this artifact that I am looking for.

This kind of transparency is critical for today’s environments, and Kubernetes with Helm shouldn’t be an exception.

Control and Automate your Container Journey with Nutanix

Chris Brown (Nutanix)

Managing a production environment is always a balancing act between technologies; choosing a containerizing strategy for your applications is no different. Do you move over the easy parts of an application and leave the rest for later or do you wait until the entire app is ready? How can you keep track of changes and troubleshoot issues across containers and VMs during conversion?

With the Nutanix Enterprise Cloud OS these problems melt away. In this technical deep dive we will explore how applications can be defined end-to-end in Nutanix Calm across pods, VMs, and clouds in a blueprint. With this unified view, you can easily define operations across these disparate stacks giving you full visibility and control across the entire application and reuse these orchestrations as you move more apps and services to containers. Combined with the enterprise-grade container storage provided through the Nutanix Volume Plugin, Nutanix can help no matter where you are on your container journey.

From Build to Runtime: Operational Container Security for DevOps and Security Teams in the Hybrid World

Hari Srinivasan (Qualys)

How to Develop Multi-cloud Application Without Multi-API Headaches

Stefano Maffulli (Scality)

For engineers and sysadmins, multi-cloud strategies usually imply complexity: multiple APIs, multiple endpoints, opaque workflows, data scattered across services with increased security threats. These are all issues Zenko tries to address by providing a unified API endpoint compatible with S3, support for multiple storage backends, full metadata search and a workflow engine.

Zenko gives users the freedom to manage data across all the main public clouds (including Azure and Google) and private clouds using a single endpoint and the S3 API. Zenko also lets you replicate data across all these backends based on programmable logic and do metadata search across all of them. All the data managed by Zenko is not mangled in any way and remains accessible natively. Developers save headaches, gain freedom of choice and users keep control of their data.

This talk will assess the current state of multi-cloud, the enterprises need for more transparency on how their data is managed, and the solutions brought to them by Zenko. We will also touch on business challenges of using Docker in production at large customer, and on our own deployment process with Kubernetes on bare metal. It will include a live demo of Zenko’s replication capabilities.

Making Modernization Magical

Dan Jones (Skytap)

Dan will demonstrate how development and test teams are using Skytap Cloud, Docker, and DevOps to accelerate modernizing traditional applications.

As cloud buzz continues to proliferate in all directions, we’re hosting a session to cut through the chatter. This demonstration will focus on the technology developers, system administrators, and architects leverage to get organizations into the cloud – and use it effectively.

While some on-premises applications easily migrate to containers, many applications that power enterprises today are complex, monolithic applications running on older operating systems, like AIX. Modernizing these applications requires more than magic, but with Skytap Cloud, it’s achievable and realistic.

Dan will detail how you can combine Skytap Cloud, automation tools including Jenkins, Chef, Puppet, and UrbanCode, and the magic of Docker containers plus Kubernetes, to release more frequently, increase test coverage, and make the most of cloud’s benefits.

After Dan’s magic act, please join us at the Skytap booth for more fun and carnival games!

StorageOS: A software defined storage solution for Docker

Alex Chircop (StorageOS)

Learn how StorageOS integrates natively with Docker to provide Persistent Volumes for containers. Cheryl Hung, Product Manager at StorageOS, discusses how any application or database can be containerized and deployed on a Docker cluster on-premises or in the cloud.

Spilling the beans: Monitoring Java Apps in Containers

Jorge Salamero Sanz (Sysdig)

Monitoring Java apps running inside containers can be hard:

  • What are the system metrics that matter?
  • How does JVM behave inside Docker and why are JVMs killed by the OOM killer?
  • Can we collect all the metrics we care about like heap, stack, garbage collection, threads or JMX custom metrics more easily than exporting ports all the time?

In this session, we will reveal all our monitoring secrets on how to collect and use these metrics to resolve common issues.

Get updates about DockerCon