Docker bolsters networking and security with version 1.10


Docker made several significant improvements to its popular open source container product, including updates to security, networking and orchestration capabilities.

According to Docker, version 1.10 provides DevOps professionals with more flexibility in how they define and move complex containerized apps into production. Based on reports from industry insiders, including a recent interview with Red Hat's Lars Herrmann, containers are graduating from pilot projects and shifting increasingly into production environments.

"It's now much easier to define and run complex distributed apps with Docker Compose. The power that Compose brought to orchestrating containers is now available for setting up networks and volumes," wrote the Docker core engineering team in a blog post.

Docker has in the past received criticism for its networking and security capabilities, but the company's engineering teams have been making strides – in part through acquisition of Docker partners – to close any gaps. They appear to have once again improved the technology in both areas.

Docker added a new networking system in the last version that allowed for the creation of virtual networks and the attachment of containers to them to build a network topology. Now it's supposedly Compose, but the company indicated several other "top requested" features that have been added to version 1.10, including the ability to use links in a network, make containers accessible by multiple hostnames across a network, give containers custom IP addresses and do hostname lookups using a DNS server.

The Docker core engineering team also noted several new and updated features to Engine (now also at version 1.10), including the addition of content-addressable image IDs, an improved event stream, improved push/pull performance and reliability, the ability to do live updates on container resource constraints (no more rebooting) and several incremental improvements to boost performance.

"Docker 1.10 advances our integrated toolset, enabling developers and IT operations to create and manage stateful and stateless distributed applications on any multi-host infrastructure across the entire application lifecycle," said Solomon Hykes, founder and CTO at Docker, in a statement. "With advancements in our orchestration tooling, networking and security, Docker is enabling developers to build more complex applications that can be delivered at scale from the desktop to the cloud, regardless of the underlying infrastructure."

A few other Docker projects also received updates. Swarm 1.1 now provides better node management capabilities and an option to automatically have Swarm reschedule containers when a node fails.

Machine 0.6 was updated to simplify the command line interface. For instance, it's no longer necessary to type "default" when typing commands – at least if they're performing actions against defaults. A new provision command also makes it easier to rerun provisioning on hosts where it failed or the configured has drifted.

There are also several improvements to security and performance in Registry 2.3, which includes a new manifest format and now has the ability to share layers between different images.

For more:
- read the Docker blog

Related Articles:
More complete toolbox leads way to containers in production
Docker Networking and Swarm are now production-ready