The document discusses Docker 1.5 and its new features including IPv6 support, read-only containers, Docker stats, and the Docker image specification. IPv6 can be enabled by running Docker with the --ipv6 flag. Read-only containers restrict writes to containers. Docker stats provides live metrics for containers. The Docker image specification defines the format for layered image files and metadata.
2. IPv6 Support
• By default, the Docker server configures the
container network for IPv4 only.
• Enable IPv4/IPv6 dual stack support by
running the Docker daemon with the --ipv6
flag.
• Docker will set up the bridge docker0 with the
IPv6 link-local address fe80::1.
3. Enabling IPv6 support
• By default, containers that are created will only get a link-local
IPv6 address.
• To assign globally routable IPv6 addresses to your containers
specify an IPv6 subnet to pick the addresses from.
• Set the IPv6 subnet via the --fixed-cidr-v6 parameter when
starting Docker daemon:
$ docker -d --ipv6 --fixed-cidr-v6="2001:db8:1::/64"
4. Enable IPv6 Routing
$ ip -6 route add 2001:db8:1::/64 dev docker0
$ sysctl net.ipv6.conf.default.forwarding=1
$ sysctl net.ipv6.conf.all.forwarding=1
5. Check the IP Address
• Launch a New Container
• Check the IP Address
$ sudo docker run -t -i ubuntu:14.04 /bin/bash
root@a232a2f68927:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:04
inet addr:172.17.0.4 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: 2001:db8:1::242:ac11:4/64 Scope:Global
inet6 addr: fe80::42:acff:fe11:4/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:448 (448.0 B) TX bytes:406 (406.0 B)
6. Read Only Containers
• Enable a read-only file system for your container via
the --read-only flag.
• The read-only feature allows to restrict the locations
that an application inside a container can write files
to.
• This loads a Read-only Root File System in the
container
sudo docker run -i -t --name
another_container_ro --read-only ubuntu /bin/bash
7. Read Only Containers
• A New Flag has been introduced which is set to true
if the flag –read-only is specified in the command
line or is set in the API call
Rootfs string `json:"rootfs"` // root fs of the container
ReadonlyRootfs bool `json:"readonly_rootfs"`
8. Docker Stats
• Stats API endpoint and CLI command that
streams live CPU, memory, network IO and
block IO for container/containers specified.
$ docker stats <container_id>
CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O
insurgency1 3.62% 244.4 MB/2.099 GB 11.64% 0 B/0 B
insurgency2 4.65% 135.6 MB/2.099 GB 6.46% 0 B/0 B
insurgency3 3.65% 79.18 MB/2.099 GB 3.77% 0 B/0 B
minecraft-family 14.13% 408.6 MB/2.099 GB 19.47% 0 B/0 B
redis 0.17% 6.558 MB/67.11 MB 9.77% 648 B/648 B
9. Docker Image Spec
• A Docker Image is an ordered collection of
root file system changes and the
corresponding execution parameters for use
within a container runtime.
• Docker Image specification outlines the
format of these file system changes
• It Describes how to create and use them for
use with a container runtime and execution
tool.
10. Docker Image Spec
• Layer
• Image JSON
• Image File System Change set
• Image ID
• Tag Repository
11. Docker Image Spec - Layer
• Images are composed of layers.
• Image layer is a general term which may be
used to refer to one or both of the following:
– Layer Metadata : The metadata for the layer,
described in the JSON format.
– Image Diff : The file system changes described by
a layer.
12. Docker Image JSON
Each layer has an associated JSON structure
which describes some basic information about
the image such as
– Date created
– Author
– Parent Image ID
– Execution/runtime configuration
E.g. entry point, default arguments, CPU/memory shares,
networking, and volumes.
15. Image Tag
• A tag serves to map a descriptive, user-given
name to any single image ID.
• An image name suffix (the name component
after :) is often referred to as a tag.
• Acceptable values for a tag suffix are
implementation specific
• SHOULD be limited to
– set of alphanumeric characters [a-zA-z0-9]
– punctuation characters [._-]
– MUST NOT contain a : character.
16. Image Parent
• Most layer metadata structs contain a
parent field which refers to the Image
from which another directly
descends.
• An image contains a separate JSON
metadata file and set of changes
relative to the file system of its parent
image.
• Image Ancestor and Image
Descendant are also common terms.
Image
Image
Parent
Image
Descendant
Image
Descendant