Today we released Docker CE 17.06 with new features, improvements, and bug fixes. Docker CE 17.06 is the first Docker version built entirely on the Moby Project, which we announced in April at DockerCon. You can see the complete list of changes in the changelog, but let’s take a look at some of the new features.
We also created a video version of this post here:
The biggest feature in 17.06 CE is that multi-stage builds, announced in April at DockerCon, have come to the stable release. Multi-stage builds allow you to build cleaner, smaller Docker images using a single Dockerfile.
Multi-stage builds work by building intermediate images that produce an output. That way you can compile code in an intermediate image and use only the output in the final image. So for instance, Java developers commonly use Apache Maven to compile their apps, but Maven isn’t required to run their app. Multi-stage builds can result in a substantial image size savings:
REPOSITORY TAG IMAGE ID CREATED SIZE maven latest 66091267e43d 2 weeks ago 620MB java 8-jdk-alpine 3fd9dd82815c 3 months ago 145MB
Let’s take a look at our AtSea sample app which creates a sample storefront application.
AtSea uses multi-stage build with two intermediate stages: a node.js base image to build a ReactJS app, and a Maven base image to compile a Spring Boot app into a single image.
The final image is only 209MB, and doesn’t have Maven or node.js.
There are other builder improvements as well, including allowing use of build time arguments in the FROM instruction.
Logs and Metrics
We currently support metrics through an API endpoint in the daemon. You can now expose docker’s /metrics endpoint to plugins.
$ docker plugin install --grant-all-permissions cpuguy83/docker-metrics-plugin-test:latest $ curl http://127.0.0.1:19393/metrics
This plugin is for example only. It runs reverse proxy on the host’s network which forwards requests to the local metrics socket in the plugin. In real scenarios you would likely either push the collected metrics to an external service or make the metrics available for collection by a service such as Prometheus.
Note that while metrics plugins are available on non-experimental daemons, the metric labels are still considered experimental and may change in future versions of Docker.
Log Driver Plugins
We have added support for log driver plugins.
Docker service logs has moved out of the Edge release and into Stable, so you can easily get consolidated logs for an entire service running on a Swarm. We’ve added an endpoint for logs from individual tasks within a service as well.
Node-local network support for Services
Docker supports a variety of networking options. With Docker 17.06 CE, you can now attach services to node-local networks. This includes networks like Host, Macvlan, IPVlan, Bridge, and local-scope plugins. So for instance for a Macvlan network you can create a node specific network configurations on the worker nodes and then create a network on a manager node that brings in those configurations:
[Wrk-node1]$ docker network create —config-only —subnet=10.1.0.0/16 local-config [Wrk-node2]$ docker network create —config-only —subnet=10.2.0.0/16 local-config [Mgr-node2]$ docker network create —scope=swarm —config-from=local-config -d macvlan mynet [Mgr-node2]$ docker service create —network=mynet my_new_service
We have a number of new features in swarm mode. Here’s just a few of them:
We’ve created a new configuration object for swarm mode that allows you to securely pass along configuration information in the same way you pass along secrets.
$ echo "This is a config" | docker config create test_config - $ docker service create --name=my-srv —config=test_config … $ docker exec -it 37d7cfdff6d5 cat test_config This is a config
Certificate Rotation Improvements
The swarm mode public key infrastructure (PKI) system built into Docker makes it simple to securely deploy a container orchestration system. The nodes in a swarm use mutual Transport Layer Security (TLS) to authenticate, authorize, and encrypt the communications between themselves and other nodes in the swarm. Since this relies on certificates, it’s important to rotate those frequently. Since swarm mode launched with Docker 1.12, you’ve been able to schedule certificate rotation as frequently as every hour. With Docker CE 17.06 we’ve added the ability to immediately force certificate rotation on a one-time basis.
docker swarm ca --rotate
Swarm Mode Events
You can use docker events to get real-time event information from Docker. This is really useful when writing automation and monitoring applications that work with Docker. But until Docker CE 17.06 CE we didn’t have support for events for swarm mode. Now you docker events will return information on services, nodes, networks, and secrets.
The new –datapath-addr flag on docker swarm init allows you to isolate the swarm mode management tasks from the data passed around by the application. That helps save the cluster from IO greedy applications. For instance in you initiate your cluster:
docker swarm init —advertise-addr=eth0 —datapath-addr=eth1
Cluster management traffic (Raft, grpc & gossip) will travel over eth0 and services will communicate with each other over eth1.
We’ve got three new features in Docker for Mac and Windows.
GUI option to reset docker data without losing all settings
Now you can reset your data without resetting your settings
Add an experimental DNS name for the host
If you’re running containers on Docker for Mac or Docker for Windows, and you want to access other containers you can use a new experimental host: docker.for.mac.localhost and docker.for.win.localhost to access open ports. For instance:
Login certificates for authenticating registry access
You can now add certificates to Docker for Mac and Docker for Windows that allow you to access registries, not just your username and password. This will make accessing Docker Trusted Registry, as well as the open source Registry and any other registry application fast and easy.
Our Cloudstor volume plugin is available both on Docker for AWS and Docker for Azure. In Docker for AWS, support for persistent volumes (both global EFS-based and attachable EBS-based) are now available in stable. And we support EBS volumes across Availability Zones.
For Docker for Azure, we now support deploying to Azure Gov. Support for persistent volumes through cloudstor backed by Azure File Storage is now available in Stable for both Azure Public and Azure Gov
In the dockerd commandline, we long ago deprecated the
--api-enable-cors flag in favor of
--api-cors-header. We’re not removing
Ubuntu 12.04 “precise pangolin” has been end-of-lifed, so it is now no longer a supported OS for Docker. Later versions of Ubuntu are still supported.
To find out more about these features and more:
- Download the latest version of Docker CE
- Check out the Docker Documentation
- Play with these features on Play with Docker
- Ask questions in our forums and in the Docker Community Slack
- RSVP for the CE 17.06 Online Meetup on June 28th