Docker Release Candidate for 1.0
Docker version 0.11 has been released, which is the first release candidate for 1.0. The release doesn’t just focus on stability, and includes a number of new networking, security and administration features.
Host networking provides a way for containers to directly share the host’s networking stack (rather than connecting via a virtual interface over a bridged network). This will be particularly useful for situations like running network monitoring tools in a container. It also avoids performance concerns that might arise when using a bridged network where packet processing can cause CPU bottlenecks.
Container linking has also been improved by the automated population of /etc/hosts. This means that it’s no longer necessary to parse environment variables in order to find the address of a linked container. The previous mechanism was generally fine when dealing with scripts or application code, but could be problematic where config files had no means of parsing the environment.
The main new security feature is support for Security-Enhanced Linux (SELinux), which has been part of the mainline Linux kernel for over a decade now. With SELinux enabled via a Docker command line switch, processes running within containers are confined by mandatory access control so they can’t affect the host system (or other containers). This provides system administrators with the ability to ensure stronger segregation of containers.
Administration updates include the ability to ping the Docker daemon for health checks, and optional timestamps on log files. Docker is also now able to work across multiple image registry mirrors in order to provide failover, and support for registries using SHA-512 has been added.
The next monthly release cycle for Docker is set to coincide with the first DockerCon event in San Francisco 9-10 June. It’s unclear whether there will be further release candidates or if 1.0 will make its debut at Docker Inc’s first big event.
Tom Gilb & Kai Gilb Jan 26, 2015