BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Docker 1.13 Released with Improved CLI, Compose-File Support for Swarm Mode, and Secrets API

Docker 1.13 Released with Improved CLI, Compose-File Support for Swarm Mode, and Secrets API

Bookmarks

Docker Inc, has released version 1.13 of its open source Docker container engine project. This release includes significant restructuring of the Docker CLI, the introduction of ‘clean-up’ commands to reclaim disk space, and the inclusion of several ‘experimental’ features like image layer squashing and a Prometheus-style endpoint for improved logging. Alongside the launch of Docker 1.13, new releases of the supporting toolchain were also made, including: Docker Compose 1.10, Docker Machine 0.9.0, and Notary 0.4.3. All of these releases are included within the Docker for Mac and Docker for Windows bundle downloads.

The Docker CLI has been significantly restructured around management objects like 'container' and 'image', although in this release the existing pre-1.13 commands can also still be used. The Docker blog states that the 40 plus commands included with Docker 1.12 such as ‘run’, ‘build’ and ‘images’, cluttered help pages and made tab-completion difficult. Docker 1.13 regroups every command to sit under the logical object it is interacting with: a management object. For example, ‘run’ and ‘stop’ of containers are now subcommands of the ‘docker container’ management command, and ‘build’ and ‘history’ of images are now subcommands of the ‘docker image’ command. Docker Captain Arun Gupta has created a blog post with a comprehensive mapping of existing commands to the new management commands. Example management commands can be seen below:

$ docker container run hello-world

$ docker image ls

$ docker image rm hello-world --force

Docker 1.13 introduces several ‘clean-up’ commands. For example, ‘docker system df’ will show used disk space, and ‘docker system prune’ will remove all unused data (prompting the user for confirmation before deletion). Data that will be cleaned from a system prune includes all stopped containers, all volumes and networks not used by a least one container, and all dangling images. Prune can also be used to remove specific data. For example, ‘docker volume prune’ and ‘docker image prune’, targets unused volumes and dangling images respectively.

The 1.13 release now includes an ‘experimental’ flag for the Docker daemon that enables experimental features included within the stable release of Docker. The experimental flag is enabled by default in the current download of Docker for Mac and Windows, but not in the standalone binary downloads. Accordingly, developers and operators should take care to ensure they understand which features are enabled within their development and production configurations.

New experimental features in Docker 1.13 include a ‘docker build’ ‘--squash’ flag, which takes all the filesystem layers produced by a build and collapses them into a single new layer. According to the Docker blog, this can simplify the process of creating minimal container images, but may result in slightly higher overhead when images are moved around (because squashed layers can no longer be shared between images). Docker still caches individual layers to make subsequent builds fast. Docker 1.13 also has support for compressing the build context that is sent from CLI to daemon using the ‘--compress’ flag. This will speed up builds done on remote daemons by reducing the amount of data sent.

Docker 1.13 also adds an experimental Prometheus-style endpoint with basic metrics on containers, images and other daemon stats. ‘docker service logs’ is a new experimental command that attempts to make debugging services much simpler. Instead of having to track down hosts and containers powering a particular service and pulling logs from those containers, ‘docker service logs’ pulls logs from all containers running a service and streams them to the operator’s console.

Docker 1.13 adds Compose-file support to the ‘docker stack deploy’ command so that services can be deployed to the inbuilt Docker Swarm Mode cluster using a ‘docker-compose.yml’ file directly. This enhancement overcomes the previous limitation for deploying Docker Compose stacks to Docker Swarm Mode by having to bundle Compose files into Distributed Application Bundles (DAB) files, which did not fully support all of the Docker Compose operations like volume mounts. (Please note that Docker Swarm Mode is not to be confused with the original and separate Docker Swarm product, which is compatible with the Docker Compose v2 syntax, but does not use the inbuilt Docker Engine Swarm Mode functionality when running containers.)

Docker Compose 1.10 introduces version 3 of the Compose syntax, which removes various properties like ‘volume_driver’, ‘volumes_from’ and ‘cpu_shares’, and adds the ‘deploy’ property. All the operations associated the removed properties all still available via other properties, and operators migrating from earlier versions of Compose should consult the upgrade guide. The service deploy property enables the specification of container replication factors, update policies (i.e. rolling upgrades), placement constraints, and resource configuration (which can use the new simplified 'cpus' resource constraint in place of the existing cpu-quota, cpu-shares or cpuset-cpus).

The deploy properies only take effect when deploying to a Swarm Mode cluster with ‘docker stack deploy’ (and is ignored with ‘docker-compose up’ and ‘docker-compose run’). An example 'docker-compose.yml' file containing the v3 syntax can be seen below:

version: "3"
services:
  web:
    image: web
    labels:
      com.example.description: "This label will appear on all containers for the web service"
    deploy:
      labels:
        com.example.description: "This label will appear on the web service"
      resources:
        limits:
          cpus: '0.001'
          memory: 50M
        reservations:
          cpus: '0.0001'
          memory: 20M
      mode: replicated
      replicas: 6
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure
      placement:
        constraints:
          - node.role == manager
          - engine.labels.operatingsystem == ubuntu 14.04

The latest version of Docker Swarm Mode included within this release adds support for the new Secret API in Swarmkit, and adds commands for managing secretes within a Swarm Mode cluster. This functionality is similar to Kubernetes Secrets, or the platform-neutral HashiCorp Vault open source product. The associated Secrets API GitHub issue states that this functionality is currently available for Swarm Mode only as the backing store is Swarm, and as such is only for Linux. This release is the foundation for future secret support in Docker with potential improvements such as Windows support, different backing stores, etc.

Docker secrets are only available to Swarm services, not to standalone containers. However, a container can be specified to run as a service within Swarm with a scale of 1. For a full explanation of how the secret functionality is implemented, and the associated caveats, the documentation should be closely studied.

Other notable inclusions within the 1.13 release includes the announcement that Docker for AWS and Docker for Azure are out of public beta and ready for production. The Docker managed Plugin API is no longer experimental. However, the API has changed significantly in comparison with the version introduced in Docker 1.12., and plugins must be uninstalled before upgrading to Docker 1.13 using the 'docker plugin rm' command. The ‘MAINTAINER’ Dockerfile statement is also being deprecated in favour of using ‘LABEL’ instead.

Additionally, Docker 1.13 also includes updates for Linux mandatory access control technologies including SELinux (Security Enhanced Linux) and AppArmor. However, several relatively high-profile bugs remain open, including adding support for sharing Unix sockets, and file access in mounted volumes being extremely slow (although this can be mitigated with the third-party tool docker-sync).

Additional information on the Docker 1.13 release can be found on the Docker Blog, and the full 1.13 release notes can be found on the Docker GitHub repository. Docker 1.13 binaries and the respective ‘for Mac’ and ‘for Windows’ bundles can be downloaded from the Docker website.

Rate this Article

Adoption
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • Update in regards to 'experimental' flag on stable channel release of Docker

    by Daniel Bryant,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    After an informative chat with Arun Gupta and Justin Cormack on Twitter, I have updated the paragraph of text above that discusses the inclusion of new 'experimental' Docker daemon flag to make it clearer that dev/ops must be aware of which configuration they are using in dev/prod

    twitter.com/arungupta/status/823293558945906688

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT