[Docker] Docker Use Cases and Future Development, Docker Hub Services, Environment Security

preamble

Docker is aOpen source application container engineThe first step in this process is to create a portable container that allows developers to package their application and its dependencies into a portable container and then publish it to any of the popularLinux or WindowsOperating system on the machine, you can also achieve virtualization, containers are completely using the sandbox mechanism, there will not be any interface between each other.

---

Author Bio:Hengchuan who loves running, a blogger dedicated to multiple programming languages such as C/C++, Java, Python, etc., who loves running and music. This article is included inHengchuan’s Daily ReportSeries, for everyone who is interested Related ColumnsC Beginner、C Advancedseries, etc., for everyone who is interested 📙Getting Started with PythonSeries.Getting Started with JavaThe series is in development, so if you like Python and Java, keep an eye out for it!

1. Use cases

Docker is a command line tool that provides all the tools needed for a centralized "docker" execution.. This makes Docker very simple to operate. Some examples to check the state of a running container: Or check the list of available mirrors and their versions: Another example is to show the history of a mirror image: The above command shows how easy and fast it is to operate from the command line interface. You only need to specify the first few characters of the mirror ID. You can see that you only need “d95” to display all the history of the d95238078ab0 mirror. One might notice that the image is very small. This is because Docker builds incremental images from the parent image, storing only the changes for each container. So if there is a 300MB parent image, the container and the resulting image may only be 50MB if an additional application or service of 50MB is installed in the container. You can automate the Docker container creation process with Dockerfiles. Dockerfiles are files that contain performance specifications for individual containers. For example, you can create a Dockerfiles to set up an Ubuntu container, run some commands, install software, or perform other tasks inside the new container, and then start the container. container network Networking in earlier versions of Docker was based on host bridging, but Docker 1.0 includes a new form of networking that allows containers to connect directly to host Ethernet interfaces. By default, a container has a loop as well as an interface that connects to the default internal bridge, but it can be formulated for direct access if desired.Typically, direct access is faster than bridging。 However, the bridging method can be very useful in many situations. Bridging is done by the host automatically creating an internal network adapter and assigning it a subnet that the host itself is not yet using. Then, when new containers connect to this bridge, their addresses are automatically assigned. Containers can be connected to host interfaces or ports when they start up, so a container running Apache might start up and connect to TCP port 8080 (or a random port) on the host.Using scripts and administrative controls, Docker can be started anywhere, connecting to ports and reaching out to applications or other parts of the service stack that need to use the service。 Docker host backup method on Hyper-V server To create a Docker host on a Hyper-V server, you need to download and install theOpenSSH and the Windows version of Docker Machine. The OpenSSH binaries should also be added to the Hyper-V server path so that Docker Machine can find them. Once the required components are in place, creating a Docker host is as easy as running a command line. Open a command prompt window, locate the folder containing the Docker Machine, and enter the name of the executable file (Docker-machine_windows-amd64.exe), followed by the -d switch, the name of the driver (in this case, Hyper-V), and the name of the virtual machine (VM) being created. For example, the command might look like the following: Docker-machine_windows-amd64.exe -d hyper-v Docker When running this command, Docker Machine accomplishes several different tasks. Some of the more important tasks (from a backup perspective) include: Create a virtual hard disk (VHD) with the name specified on the command line; Download the DVD image called Boot2Docker.ISO; Create a virtual machine; Associate the Boot2Docker.ISO file with the newly created VM as a virtual DVD drive； Associate the VHD with the VM; Start the VM; Assign an IP address and port number to the VM.

2. Problems solved by Docker

The rapid development of cloud computing, big data, and mobile technology, coupled with the changing business needs of enterprises, has led to the need to change the enterprise architecture at any time in order to suit the business needs and keep up with the pace of technological updates. Undoubtedly, these burdens will be pressed on the enterprise developers; how to efficiently coordinate between teams, rapid delivery of products, rapid deployment of applications, as well as to meet the business needs of the enterprise, is the problem that developers need to solve.Docker technology can help developers solve exactly these problems。 To address the collaborative relationship between developers and operations staff and speed up application delivery, more and more organizations are introducing the concept of DevOps. However.In the traditional development process, development, testing, operation and maintenance are three independent teams, poor communication between the teams and conflicts between development, operation and maintenance occur from time to time, resulting in inefficient collaboration and delayed delivery of products, which affects the business operation of the enterprise.. Docker technology packages and delivers applications in containers, allowing applications to be shared among different teams, and through mirroring applications can be deployed in any environment. This avoids the emergence of collaboration problems between teams and becomes an important tool for organizations to achieve their DevOps goals. Docker technology delivered in containers supports continuous development iterations, greatly improving the speed of product development and delivery. In addition.Unlike virtual machines that virtualize the underlying devices through a Hypervisor, Docker is ported directly on top of the Linux kernel and runs Linux processes to isolate the underlying devices virtually, so that the system performance loss is much lower than that of a virtual machine, which is almost negligible.. At the same time, Docker application containers are very efficient in starting and stopping, and can support horizontal scaling of large-scale distributed systems, which really brings a boon to enterprise development. As Yankee Liu, Chief Expert of Cloud Integration Technology at HP China, said, “The development of any technology and its popularity is due to its ability to solve the problems that plague people,” and Docker is just such a technology.

3. Future development of Docker

The emergence of any new technology requires a development process, for example, cloud computing for enterprises to accept the use of nearly five years or so.It also took two or three years for OpenStack technology to gain acceptance. Therefore, although Docker technology is developing rapidly, the technology is not mature enough, and there are still limitations in the flexible support for storage, network overhead and compatibility, which is one of the main reasons why Docker has not been used by enterprises on a large scale. Another reason is whether the enterprise culture is consistent with the DevOps movement. Only if the enterprise supports DevOps can the value of Docker be more fully realized. The last reason is the security issue, Docker for Linux this layer of security isolation still needs to be improved, in order to be further recognized by the enterprise. Hewlett-Packard Yankee Liu believes that this is an aspect of Docker that needs to be improved in the next step. Docker's value is maximized by its support for enterprise DevOps and massive horizontal scaling of native cloud applications... The HP Helion cloud strategy includes support for DevOps services and native cloud applications, and the concrete implementation of this strategy is closely related to Docker technology. Therefore, the HP team has been actively involved in development activities related to the Docker project in the OpenStack community, trying to improve the deficiencies in Docker technology. At the same time, Docker is also integrated into HP products, for example, HP development platform products are integrated with Docker, using Docker as the application container; and HP’s newly released CloudSystem 9.0 also adds support for Docker, so that users can choose Docker as the application bearer container just as they do with other virtualization resources. Yankee Liu believes that HP very much recognizes some of the value that Docker brings to users, that alsoI hope that through my own efforts, more users will be able to use such advanced technology as Docker!。

4. Docker Hub service

The two companies work together on open source container technology and development direction, and provide localized Docker services.Docker has selected the Aliyun platform as the foundation service for its DockerHub operations in China. Aliyun has also acquired the rights to operate DockerEngine Commercial Edition and DockerDataCenter, and to provide enterprise-level support and consulting services to Docker customers. At the same time, Aliyun will become an official Docker-supported cloud service provider. Hu Xiaoming, President of AliCloud, said that through the strategic cooperation with Docker, AliCloud will better provide enterprise-level customers with complete cloud services, enable customers, and realize the transformation of the times.

5. Technical limitations

Network Restrictions:Docker Network makes it easy to network containers under the same host.. Together with some other work, it is possible to use the overlay network feature across hosts. However, that’s as far as it goes. Network configuration operations are restricted, and as of docker 0.7 it can be argued that these means are manual. While container scripting can scale, the necessity to add pre-allocated instances to the network definition, and the additional steps required each time a container is provisioned, are error prone. Library control is limited:Libraries have become the centerpiece of any container session. The public library is the most valuable because he contributes a large number of pre-built containers, saving a lot of configuration time. However, using it in a sandbox is risky. Without knowing who and how to create an image, there can be any number of intentional or unintentional stability and security risks. For enterprises, it is necessary to create and maintain a private repository that is less of a challenge to set up but a problem to manage.Docker provides a limited metadata model for image management of large repositories, ensuring that future implementations are limited in their expected capabilities and that there is no overlay functionality. There is no clear audit trail:Providing containers is easy, but knowing when, why, how, and by whom they are provided is not. As a result, users do not possess much history for auditing purposes after it has been made available. Low visibility of running instances: without thoughtful action, it’s hard to reach the objects of the running container after the instance is provided, and it’s hard to know what should go out there and what shouldn’t.

6. Docker environment security

Docker's momentum has been hot over the past 12 months, with many saying they've rarely seen an emerging technology that has captured the industry's interest so well. However, when excitement translates into actual deployments, organizations need to be aware of Docker’s security. Anyone who knows Docker knows that Docker utilizes containers to isolate resources effectively. Containers therefore amount to almost the same level of secure operations management and configuration management as Linux OS and hypervisor. But when it comes to secure O&M and support for common controls with confidentiality, integrity, and availability, Docker can be a disappointment. Docker security becomes more complex when Docker runs on a cloud provider platform. Need to know what the cloud provider is doing, perhaps the user is sharing a machine with someone else. Docker While containers don’t have built-in security factors and it’s difficult for emerging technologies like Docker to have more comprehensive security measures, that doesn’t mean they won’t be available in the future as well.

7. Container deployment security

Some experts have also framed the essence of the Docker security problem as configuration security, arguing that the problem with Docker is that it is difficult to configure a secure container. While Docker developers have reduced the attack surface by creating very small containers, the problem is that employees within large organizations running Docker containers in production environments need to have more visibility and control. When organizations are deploying thousands or tens of thousands of Docker containers, it is critical to be able to ensure that these Docker containers are configured to adhere to the corporate security policy。 Docker’s solution to this problem requires increasing the real-time visibility of Docker container deployments while enforcing the security policies set by the organization. There are also vendors that have introduced solutions for this purpose, giving operators real-time visibility and helping them enforce security policies for virtual infrastructure at the container level.