Docker 1.10 Release Updates Storage, Networking and Security
Docker 1.10 is out, bringing with it new orchestration, security and networking features. Taken together, Docker says, the enhancements make the container platform better suited to delivering complex applications at scale by leveraging software-defined storage and networking.
The changes in Docker 1.10, which was released Feb. 4, center on three main areas. The first is orchestration, where the integration of a new Docker Compose format provides what Docker developers are pitching as a more streamlined way to define services, network topologies and volumes in containerized apps.
Docker Compose also lets developers define networking and storage for apps in a way that is totally independent of the physical network, providing “a true separation of concerns,” according to Docker.
Docker Swarm has been updated, too, with features for rescheduling containers when a node fails and better error handling. Those changes also improve the orchestration experience for Docker containers.
The second area that has seen major enhancements in Docker 1.10 is container security. On this front, Docker has introduced user namespacing — which was a beta feature in Docker 1.9 and is now production-ready. Use namespacing lets developers assign privileges to containers according to user group. That improves security on the host by preventing the containers from accessing the root account.
The release also adds seccomp profiles for interacting with system calls. The feature increases the ability to control container processes granularly and prevent apps from accessing processes that they do not require. In turn, it reduces potential attack vectors.
Last but not least, Docker 1.10 updates the container networking infrastructure in ways that provide “more granular and flexible” network controls, according to Docker. New features include an embedded DNS service in the Docker daemon for use by containers — which may not actually provide a lot of new granularity, but does add flexibility — as well as the ability to define custom IP addresses for containers.
In addition, Docker 1.10 lets developers restrict network traffic by defining internal networks when desired. That provides more granularity while also adding security controls.
Overall, Docker is pitching the 1.10 release as a way for developers to create containers that are more flexible and take greater advantage of software-defined storage and networking. “Developers have more flexibility and more options when building a network and adding storage options for their Dockerized applications,” Docker said in a statement. “With this release, they are able remove the constraints of the physical network from the app defined network behavior.”
The company is also emphasizing the ability of Docker 1.10 to support configurations where network operations use the same network topology that was defined in development. That reduces complexity and provides DevOps efficiency, Docker says.
