Docker 1.12 adds the largest and most complex set of features into a single release since the beginning of the Docker project. Dozens of engineers, both Docker employees and external contributors, have made substantial contributions to every aspect of 1.12 orchestration: core algorithms, integration into the Docker Engine, documentation and testing.
- Swarm Mode Simplifies Distributed Application Definition, Deployment and Reliability
With the latest updates to Docker Engine, developers can build more complex applications with multiple services, container-defined networking and powerful security. Docker 1.12 dramatically simplifies the process of creating groups of Docker Engines, also known as Swarms. A Swarm is a decentralized and highly available group of Docker nodes. Each node is a self-contained orchestration subsystem that has all the inherent capabilities needed to create a pool of common resources to schedule Dockerized services. The self-organizing, self-healing capabilities of Swarms are now backed by automated service discovery and a built-in distributed datastore. As a result, it takes just one command to add a Docker Engine and horizontally scale a Swarm.
- Swarm mode is available in every Engine to automatically discover each other and self-organize into decentralized Swarm
o Swarm mode is an option to be switched on; batteries included but swappable
- Built-in, strongly consistent distributed store
- Self-healing Swarm handles node failures to restore desired application state
- Dynamic role promotion and demotion of Engines in the Swarm
- Zero-downtime node management, including maintenance mode and advanced diagnostics
- Robust architecture infrastructure with zero-SPOF (single point of failure) architecture
- Service deployment API to run and scale services : The new service deployment API describes all the resources and components with a single command that allows operations teams to run and scale a service. Through the API, the Swarm is aware of the application defined and will continuously check and reconcile the environment against the requirements of the application when something adverse happens. Unlike other systems, the Swarm itself has no single point of failure. The state of all services is replicated in real time across a group of managers so containers can be rescheduled after any node failure.
- Declarative services API with desired state reconciliation of applications as an abstraction above containers. Declare services, image, scale and ports
- Rolling updates to enable blue/green, canary and other deploy models
- Application-specified health checks
- Powerful Routing mesh – Docker orchestration includes a unique in-memory caching layer that maintains state of the entire Swarm, providing a non-blocking architecture which assures scheduling performance even during peak times. Additionally, the system has a built-in routing mesh technology that addresses the challenge of how to provide container-aware load balancing. The routing mesh ensures that requests are made to the right containers regardless of where they have been scheduled within the Swarm.
- Out of the box multi-host overlay networking
- Automatic service discovery by DNS available out of the box
- Built in container-aware load balancing, through which load balancing and global port definition by service dynamically reroutes traffic to the right container
- Secure by default: Each Engine is automatically assigned a cryptographic identity which ensures that only validated Engines can be accepted into a Swarm. Moreover, Docker Engine comes with mutually authenticated TLS, providing authentication, authorization and end-to-end encrypted communications among every node participating in the Swarm, without the operator having to take any steps to enable it. Specific capabilities include:
- Out of the box TLS configuration ensures all nodes in a Swarm communicate with each other using mutual TLS.
- Cryptographic Node Identity is general purpose framework that allows for trusted workload dispatch. It enables cryptographically secure decisions about which nodes can runs sensitive workloads, or access sensitive networks.
- Seamless PKI with automatic certificate rotation
- Configurable acceptance policies to configure how nodes can join a Swarm: automatic, manual or require a secret.
There are three really important themes in this release:
Fault-tolerant application deployment platform
Modern applications are increasingly designed in a microservices architectural pattern where the process of serving back data to a user may need to invoke several different services. Real world machines fail all the time and these microservices need to continue to be available even in the face of such random failures. Docker 1.12 gives you this power by providing a zero-SPOF design leveraging a quorum of managers, plus a service abstraction that spawns multiple replicas and quickly reschedules them if their host disappears.
Scale and performance
Docker 1.12’s Swarm mode orchestration was designed from the ground up with scale and performance in mind. The internal Raft distributed datastore has been optimized for lightning fast reads from a memory cache, and the cluster management design minimizes writes that would invalidate this cache.
In many systems, security is something you have to “turn on” by generating TLS certificates, running the system on a different port, and figuring out traffic flows to make sure no packets traverse an insecure network unencrypted. With Docker 1.12, all of these things are done for you out of the box. The system is “secure by default,” which means that you don’t need to be a security expert to get a secure application management platform.
- Docker 1.12 Blog – Deep Dive into 1.12 Architecture
- Docker 1.12 Swarm Mode Deep Dive Part 1: Topology
- Docker 1.12 Swarm Mode Deep Dive Part 2: Orchestration
Docker For Mac/Docker for Windows in Production
Docker for Mac/Docker for Windows is an integrated, easy-to-deploy environment for building, assembling, and shipping applications from Mac or Windows. Docker for Mac and Windows contain many improvements over Docker Toolbox. It is fast and more reliable – no more VirtualBox! The Docker engine is running in an Alpine Linux distribution on top of an xhyve Virtual Machine on Mac OS X or on a Hyper-V VM on Windows, and that VM is managed by the Docker application. You don’t need docker-machine to run Docker for Mac and Windows.
There is also tool integration as Docker for Mac is a Mac application and Docker for Windows is a Windows application, including a native user interface and auto-update capability. The Docker tool set comes bundled with it: Docker command line, Docker Compose, and Docker Notary command line.
Since its introduction early this year, tens of thousands of users have tested the solution and provided feedback for further enhancements. Docker for Mac/Docker For Windows offers:
- A faster and more reliable experience – native development environment using hypervisors built into each operating system. (No more VirtualBox!)
- Improved Docker tools integration – all the Docker tools you need to develop locally are bundled in the app.
- Improved development flow – Volume mounting for your code and data, and easy access to running containers on the localhost network. In-container debugging with supported IDEs also help you live debug projects, and iterate code quicker with less effort.
- Enterprise network support that lets Docker for Mac and Windows work easily with VPNs.
- All the new features available in Docker Engine 1.12.
- Automatic updates, with different channels for stable and beta.
With Docker for Mac and Windows maturing and widely adopted, we want make sure that it’s a reliable and dependable tool. But we also want to keep up the rapid pace of innovation and progress that Docker for Mac and Windows beta users have come to know and love over the past months.
Docker for Mac and Windows are available from two channels – stable and beta. New features and bug fixes will go out first in auto-updates to users in the beta channel. Updates to the stable channel are much less frequent and happen in sync with major and minor releases of the Docker engine. Only features that are well-tested and ready for production are added to the stable channel releases.