agenda

The DockerCon Review Committee has been working hard to build a bigger and better program that reflects the diversity of the Docker ecosystem and community. From Docker use cases at large corporations, to advanced technical talks and hands-­on lab tutorials, DockerCon will have sessions adapted to every expertise level and domain of interest. Each conference day will start with a general session in the morning, followed by breakout tracks.

Register Now

Agenda

Docker for Devs

John Zaccone, IBM

In this talk John Zaccone will present tips and best practices for developing dockerized applications. We will start with the simple question: "Why Docker?" Then we will dive into practical knowledge for developers to apply on their own. John will cover best practices concerning Dockerfiles and the best tools to use for developing. We will also talk about the "hand-off" between developer and operations and how the two roles can work together to address broad issues such as CI/CD and security. After John's talk, stay tuned for Scott Coulton's talk that will dive deeper into Docker for Ops.

Docker for Ops

Scott Coulton, Puppet

In this talk, Scott Coulton will take you through Docker's cluster solution Swarm mode with his operations hat on. We will start from the beginning by describing what swarm mode is, what it does, and how it works behind the scenes. From there, we will look at very basic configurations of Swarm mode from the point of view of the operations team as well as a production-ready workflow including deployments of the cluster, logging and CD best practices. Attendees will be able to apply their learnings to their use cases.

Docker for Java Developers

Arun Gupta, Couchbase | Fabiane Nardon, Tail Target |

Docker provides PODA (Package Once Deploy Anywhere) and complements WORA (Write Once Run Anywhere) provided by Java. It also helps you reduce the impedance mismatch between dev, test, and production environment and simplifies Java application deployment. In this talk, Arun Gupta, Java Champion and Docker Captain and Fabiane Nardon, Java Champion, will explain how to run and package your Java application with Docker including sharing your Java application using Docker Hub. In addition, they will cover:

  • Deploy your Java application using Maven
  • Deploy your application using Docker for AWS
  • Scaling Java services with Docker Engine swarm mode
  • Package your multi-container application and use service discovery
  • Monitor your Docker + Java applications
  • Build a deployment pipeline using common tools

Docker for .NET Developers

Michele Bustamonte, Solliance

Millions of developers use .NET to build high-performance apps, from Enterprise to hobbiests. Docker enables .NET developers to build containerized applications that can be deployed natively to Windows or Linux. Windows containers support applications that leverage the full .NET Framework. And with AspNetCore on Linux developers can target both Linux-based Docker containers or Windows containers. In both cases you can develop your applications on Windows using your favorite .NET developer tools - then build Docker images and run them as containers on Windows Server or Linux machines.

In this session, you will learn how to build full .NET Framework applications and deploy them as Windows Containers. Then you will learn to migrate an AspNetCore applications that can target either Windows or Linux containers, without any changes to your code.

Troubleshooting Tips from a Docker Support Engineer

Jeff Anderson, Docker

Docker makes everything easier. But even with the easiest platforms, sometimes you run into problems. In this session, you'll learn first hand from someone whose job is helping customers fix these problems. Using Docker and Docker Data Center, you can keep your apps running smoothly with minimal downtime.

In this session, you'll learn:

  • How to apply your troubleshooting skills in the Docker ecosystem
  • Identification and characterization of the problem
  • Command line tools to inspect networking and namespaces
  • Applying these skills to your workloads on OSS Docker and on DDC

Journey to Docker Production: Evolving Your Infrastructure and Processes

Bret Fisher, Independent Cloud Sysadmin and DevOps Engineer

DevOps in the Real World is far from perfect, and we're all somewhere on the path to one-day writing that "Amazing-Hacker-News-Post about your chat-bot fully-automated micro-service infrastructure." But until then, how can you *really* start using containers today, in meaningful ways that impact yours and your customer's productivity? This session is designed for practitioners who are looking for ways to get started now with Docker and Swarm in production. No Docker 101 here, this is for helping you be successful on your way to Dockerizing your production systems. Attendees will get tactics, example configs, real working infrastructure designs, and see the (sometimes messy) internals of Docker in production today.

Escape From Your VMs with Image2Docker

Elton Stoneman, Docker | Jeff Nickoloff, All in Geek Consulting

Migrating apps out of Virtual Machines is difficult, especially distributed apps with multiple components, and even more so when the components run on different operating systems. But with the Docker platform and the Image2Docker tools - which extract Linux and Windows apps from existing VMs into containers - it's easy.

In this session, we'll take a PHP front-end application running in a Linux VM, which connects to a .NET Web Service running in a Windows VM, and convert the whole stack to Docker automatically. Then we'll run the app on a hybrid Docker Datacenter cluster, where we can manage the Windows and Linux components from a single pane of glass.

Creating Effective Images

Abby Fuller, AWS

Sick of getting paged at 2am and wondering ""where did all my disk space go?"" This has actually happened to me, and you can learn from my mistakes! New Docker users often start with a stock image in order to get up and running quickly, but that isn't always the right answer. Creating efficient images is overlooked, but important. Beyond saving resources, using minimal images also delivers important security benefits: include only what you need, and not a whole runtime that might have security vulnerabilities.

In this session, I'll talk about how to create effective images, and lessons I've learned from running containers in production at a number of startups. I'll also cover topics like ""how do layers work?"", and some things you should think about when creating your images, such as; choosing or creating the right base image; ordering your statements correctly for caching; using RUN statements conservatively; and cleaning up as you install dependencies. I'll also address best practices; both at a high level (like using dual container builds - one to build an artifact, and one to build from base); and some language-specific best practices, for example, tips and tricks for creating containers for Node.js vs Go

What's New in Docker

Victor Vieux, Docker

It’s the first breakout after the keynote and you need to know more about all the latest and greatest Docker announcements. We've got you covered! In this session, Victor Vieux will go deeper, looking into what's new with Docker, demoing the latest features and answering your questions.

Under the Hood with Docker Swarm Mode

Drew Erny, Nishant Totla, Docker

Join SwarmKit maintainers Drew and Nishant as they showcase features that have made Swarm Mode even more powerful, without compromising the operational simplicity it was designed with. They will discuss the implementation of new features that streamline deployments, increase security, and reduce downtime. These substantial additions to Swarm Mode are completely transparent and straightforward to use, and users may not realize they're already benefiting from these improvements under the hood.

Modern Storage Platform for Container Environments

Julien Quintard, Docker

Providing state to applications in Docker requires a backend storage component that is both scalable and resilient in order to cope with a variety of use cases and failure scenarios. The Infinit Storage Platform has been designed to provide Docker applications with a set of interfaces (block, file and object) allowing for different tradeoffs. This talk will go through the design principles behind Infinit and demonstrate how the platform can be used to deploy a storage infrastructure through Docker containers in a few command lines

Secure Substrate: Least Privilege Container Deployment

Diogo Mónica, Riyaz Faizullabhoy, Docker

The popularity of containers has driven the need for distributed systems that can provide a substrate for container deployments. These systems need the ability to provision and manage resources, place workloads, and adapt in the presence of failures. In particular, container orchestrators make it easy for anyone to manage their container workloads using their cloud-based or on-premise infrastructure. Unfortunately, most of these systems have not been architected with security in mind.Compromise of a less-privileged node can allow an attacker to escalate privileges to either gain control of the whole system, or to access resources it shouldn't have access to. In this talk, we will go over how Docker has been working to build secure blocks that allow you to run a least privilege infrastructure - where any participant of the system only has access to the resources that are strictly necessary for its legitimate purpose. No more, no less.

Docker Networking: From Application-Plane to Data-Plane

Madhu Venugopal, Docker

Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment. By default, containers isolate applications from one another and the underlying infrastructure, while providing an added layer of protection for the application.

What if the applications need to communicate with each other, the host, or an external network? How do you design a network to allow for proper connectivity while maintaining application portability, service discovery, load balancing, security, performance, and scalability? In this session, you'll learn about these network design challenges, the latest tools available to you from Docker, and common deployment patterns

Plug-ins: Building, Shipping, Storing, and Running

Anusha Ragunathan, Nandhini Santhanam, Docker

At Docker, we are striving to enable the extensibility of Docker via "Plugins" and make them available for developers and enterprises alike. Come attend this talk to understand what it takes to build, ship, store and run plugins. We will deep dive into plugin lifecycle management on a single engine and across a swarm cluster. We will also demonstrate how you can integrate plugins from other enterprises or developers into your ecosystem. There will be fun demos accompanying this talk!

This will be session will be beneficial to you if you:

  • Are an ops team member trying to integrate Docker with your favorite storage or network vendor
  • Are Interested in extending or customizing Docker; or
  • Want to become a Docker partner, and want to make the technology integration seamless.

Making Docker Datacenter Work For You

Vivek Saraswat, Docker

In this session, we’ll deep dive into some of the latest and upcoming features in Docker Datacenter. We will focus on the internal architecture and configuration of the features in use cases focused on modern app deployment, legacy app containerization, and a secure software delivery pipeline. And stay for some tips on monitoring and troubleshooting to help you prevent your production environment from going sideways.

Automation and Collaboration Across Multiple Swarms Using Docker Cloud

Fernando Mayo, Marcus Martins, Docker

Docker Cloud is the official cloud service for continuously delivering Docker applications. In this session, we'll show you how you can use Docker Cloud to:

  • Easily deploy and manage multiple Swarms across different IaaS providers
  • Automate build and test pipelines for any of your repositories, and
  • Collaborate with your team across repos, builds and Swarms.

Docker Store: The New destination for Enterprise Software

Alfred Landrum, Chinmayee Nirmal, Docker

Docker Store is the place to find trusted community and enterprise content. Independent software vendors, startups and developers alike now have a marketplace to create and distribute Enterprise-ready content through the Store. Join Chinmayee and Alfred from the Docker Store team to learn how ISVs, big and small, are using Docker Store. They will cover:

  • How to publish and distribute high quality, reusable containers and plugins; and
  • How Enterprise customers can simplify procurement and management of their software assets using Docker Store.

What Have Namespaces Done For You Lately?

Liz Rice, Microscaling Systems

Containers are made with namespacing and cgroups, but what does that really mean? In this talk we'll write a container from scratch in Go, using bare system calls, and explore how the different namespaces affect the container's view of the world and the resources it has access to.

Monitoring, the Prometheus Way

Julius Volz, Prometheus

Prometheus is an opinionated metrics collection and monitoring system that is particularly well suited to accommodate modern workloads like containers and micro-services. To achieve these goals, it radically breaks away from existing systems and follows very different design principles. In this talk, Prometheus founder Julius Volz will explain these design principles and how they apply to dockerized applications. This will provide insight useful to newcomers wanting to start on the right foot in the land of container monitoring, but also to veterans wanting to quickly map their existing knowledge to Prometheus concepts. In particular, a demo will show Prometheus in action together with a Docker Swarm cluster.

Everything You Thought You Already Knew About Orchestration

Laura Frank, Codeship

Do you understand how quorum, consensus, leader election, and different scheduling algorithms can impact your running application? Could you explain these concepts to the rest of your team? Come learn about the algorithms that power all modern container orchestration platforms, and walk away with actionable steps to keep your highly available services highly available.

Securing the Software Supply Chain with TUF and Docker

Justin Cappos, New York University

If you want to compromise millions of machines and users, software distribution and software updates are an excellent attack vector. Using public cryptography to sign your packages is a good starting point, but as we will see, it still leaves you open to a variety of attacks. This is why we designed TUF, a secure software update framework. TUF helps to handle key revocation securely, limits the impact a man-in-the-middle attacker may have, and reduces the impact of repository compromise. We will discuss TUF's protections and integration into Docker's Notary software, and demonstrate new techniques that could be added to verify other parts of the software supply chain, including the development, build, and quality assurance processes.

Cilium: Network and Application Security with BPF and XDP

Thomas Graf, Cilium Project

This talk will start with a deep dive and hands on examples of BPF, possibly the most promising low level technology to address challenges in application and network security, tracing, and visibility. We will discuss how BPF evolved from a simple bytecode language to filter raw sockets for tcpdump to the a JITable virtual machine capable of universally extending and instrumenting both the Linux kernel and user space applications. The introduction is followed by a concrete example of how the Cilium open source project applies BPF to solve networking, security, and load balancing for highly distributed applications. We will discuss and demonstrate how Cilium with the help of BPF can be combined with distributed system orchestration such as Docker to simplify security, operations, and troubleshooting of distributed applications.

Container Performance Analysis

Brendan Gregg, Netflix

Containers pose interesting challenges for performance monitoring and analysis, requiring new analysis methodologies and tooling. Resource-oriented analysis, as is common with systems performance tools and GUIs, must now account for both hardware limits and soft limits, as implemented using resource controls including cgroups. The interaction between containers can also be examined, and noisy neighbors either identified of exonerated. Performance tooling can also need special usage or workarounds to function properly from within a container or on the host, to deal with different privilege levels and name spaces. At Netflix, we're using containers for some microservices, and care very much about analyzing and tuning our containers to be as fast and efficient as possible. This talk will show how to successfully analyze performance in a Docker container environment, and navigate differences encountered.

Securing Containers, One Patch at a Time

Michael Crosby, Docker

Responsible disclosure is a key ingredient of any solid security strategy. In this session, Docker maintainer Michael Crosby will explain the ins and outs of CVE-2016-9962: how it was discovered, how it could even happen in the first place, and how it was addressed. A vertiginous abseil at the boundaries of the kernel, in the fascinating land of system calls and randomized address space. You will think twice before leaking a file descriptor again.

containerd Deep Dive

Justin Cormack, Docker |

This talk will be a deep technical dive on how containerd is achieving its mission to manage the container lifecycle on its host system including container execution and supervision, image distribution, low-level local storage and network interfaces and management. Attendees will get tangible insights into the containerd roadmap and a better understanding of how to leverage containerd in other container management and distributed systems.

Deep Dive in Docker Overlay Networks

Laurent Bernaille, D2SI |

The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.

The talk will continue with a demo showing how to build your own simple overlay using these technologies.

0 to 60 with Docker in 5 Months: How a Traditional Fortune 40 Company Turns on a Dime

Tim Tyler, MetLife

Docker and microservices allowed our development teams to create what once was inconceivable; a unified front-end application for our customers, employees and agents connecting them to over 400 legacy back-end systems of record.  On the engineering side, our challenge was identifying the right infrastructure approach to deliver this new solution on a global scale. In our exploration of solutions; we threw out the book on our traditional design approach and brought our first Docker environment and Microservice app to production in 5 months from start to finish. This talk discusses some of the key changes we made to ensure our success, from tossing out waterfall, to quickly establishing design standards, and finally rallying around test driven engineering. We had successes and obstacles to overcome along the way, and want to share a few of them.

Activision's Skypilot: Delivering Amazing Game Experiences Through Containerized Pipelines

Thomas Shaw, Activision

Technologies that are going to affect our lives in the next decade are being tested and developed in the video game sphere. In January 2016 Activision approved a pilot project to build a containerised continuous delivery pipeline using Docker. This project spanned multiple devops teams and would culminate in launching a production title "Skylanders Imaginators" in October 2016.

Our mission is to deliver an amazing build, test and deploy pipeline that aims to be so reliable, effective and easy to use that our product and title departments will end up writing high value gaming services all day long without giving a second thought to how they may reliably deliver these in record time.

This talk will discuss the cultural and technical challenges faced throughout the pilot. Spoiler alert: Not everyone was happy with the decision to use Docker. The talk will cover the concerns and how we handled them. It will cover why it is important, especially in the games industry, to be evaluating and integrating technologies like Docker in order to remain relevant.

Cool Genes: The Search for a Cure Using Genomics, Big Data, and Docker

James Lowey, TGEN

The Translational Genomics Research Institute (TGen) is a non-profit organization dedicated to using genomic and other -omic generated information to provide a greater understanding of the underlying biological defects that cause diseases and disorders.

The bioinformatics industry is undergoing a sea change, driven by advances in biological research and gains in computational power that accelerates the ability to find treatments and cures. While inexpensive compute infrastructure made this work possible, managing those enormous workloads was a massive headache, until science found a cure: Docker!

This talk will describe how TGen uses Docker and the Docker storage plugins API to run a large-scale, big data compute cluster to push the limits of biological science.

Taking Docker From Local To Production at Intuit

JanJaap Lahpor, Intuit

In this talk we will share how a small team at Intuit moved Docker from local to production serving real and critical workloads. We will share how we addressed the organization challenges of running Docker at large enterprises by building a business case for a pilot project to prove the value of containers and its real world application. Next, we will share how we solved the technical challenges that present themselves when taking Docker from local to production in a corporate data center. We will share the blueprint for the business case and the associated pilot which laser focused on running stateless back-end services throughout the entire SDLC. Finally, we will highlight our crawl-walk-run approach that allowed us to make inexpensive mistakes before investing in the right areas as our Docker knowledge increased. We will share the major technical issues we encountered, how we overcame them and the lessons we learned.

The Tale of Two Deployments with One Docker Datacenter: Greenfield and Monolith at Cornell

Shawn Bower, Brett Haranin, Cornell University

Docker use at Cornell University has been increasing steadily over the last 3 years in our central departments and various colleges - particularly as we move more workloads to the cloud. In this talk, we’ll give an overview of our Docker use cases across campus, featuring in detail two specific projects that highlight the versatility of this technology: Containerizing our central financial system (a traditional monolithic system); and building new researcher-focused financial tools natively in Docker (a microservice architecture built with the cloud in mind). We’ll discuss the design and implementation of both projects in detail. We’ll also describe how Docker has enabled us to develop consistent DevOps and CI practices spanning these two very different architectures.

Global Operations with Docker for the Enterprise

Nico Kabar, Docker |

Enterprises often have hundreds or even thousands of applications spread across thousands of development teams, business units and geographies. This presents challenges to IT teams as they architect an environment to run Docker apps on globally distributed hybrid cloud infrastructure, developed by distributed dev teams and consumed by customers around the world. Docker Datacenter provides the technology and framework to implement a global software supply chain. This session will dig into the design considerations, tools and best practices to address this type of environment with Docker Datacenter. And there will be data! Results from various performance tests will be presented in conjunction with recommendations for HA configurations, content cache use cases for faster developer workflow and scheduling strategies for improving application resilience.

Docker?!? But I'm a SysAdmin

Mike Coleman, Docker

Your developers just walked into your cube and said "here's the new app, I built it with Docker, and it's ready to go live". What do you do next? In this session we'll talk about what containers are and what they are not. And we'll step through a series of considerations that need to be examined when deploying containerized workloads - VMs or Container? Bare Metal or Cloud? What about capacity planning? Security? Disaster Recovery? How do I even get started?

Industry Q & A: Media & Analyst Perspective on Docker

Bring your questions and join a panel of top media and analysts covering containers for what is expected to be a truly informative and interesting perspective on Docker, the container ecosystem, and best (and worst) practices when talking containers. You will hear about the present and future of Docker from the perspective of those who have seen many a technology wave, and have heard from hundreds of companies building on, with, or for Docker. The session will also talk about the evolving community, the role of open source, container standards, and what we should prepare for in 2017.

FROM Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm

Christy Perez, IBM | Chris Jones, IBM

We live in a multi-platform world, and who doesn't want their project to run on all of them? The last few DockerCon events have covered the introduction of multi-platform image capabilities into the Docker registry and engine releases. Now it's time to put these features to good use building applications across architectures and running them all in a heterogeneous Docker Swarm!

In this talk we'll cover the new `docker manifest` command for making multi-architecture images; how to emulate architectures in docker containers on your own machine; and give a live demonstration of these capabilities with a Docker Swarm consisting of workers of different CPU architectures, including armhf, ppc64le, s390x, and x86_64. We'll also share some pointers for making sure your project is mulit-platform ready!

Beyond \ - the path to Windows and Linux parity in Docker

Taylor Brown, Microsoft | Dinesh Govindasamy, Microsoft

Bringing Docker to Windows has been an awesome project - while at times challenging or frustrating the overwhelming majority of the times it's just been fun. This talk will focus on the work it took to bring Windows and Docker together, some of the areas where gaps remain between the Windows and Linux platform (specific to Docker) and the roadmap towards convergence.  We will discuss some of the tradeoffs and choices we made as well as some of the lessons we took from the Linux ecosystem and how we applied them as we built out Windows support.