Using Docker for existing installed OS and applications, running half inside half outside the container

Another docker talk? Isn't everyone using docker already?

With a cool logo like this, you have no excuse :)

Docker: the shipping container model

Why Use Containers for security?

Why was I not using containers and LXC?

What does Docker offer over LXC?

Docker: Security bits that come for free

Docker protects device nodes

Docker protects processes, users, networking

Why didn't I try docker earlier?

Why didn't I try docker earlier? (2)

Slide 13

Sharing the same base image in the enterprise

Which approach is best?

Running applications half in and half out of a container

Docker install: before you start

Install and setup time (on debian)

Install and setup time (2)

Install and setup time (3)

Making your own super small base image

Making my own base image

Looking at an empty image

Looking at an empty image (2)

Files automatically created by docker

Mounting your base filesystem in docker

Mounting portions of your filesystem, read only

Docker can't create mountpoints on read only mounts

Not showing sub mounts

Not showing all subdirectories

Custom /etc

Custom /etc creation

Putting it all together: before

Putting it all together: before (2)

Putting it all together: after

Fixing rw bind mounts automatically mounted in image

Every host mount mounted ro, including /var

Putting it all together: getting php5 of an installed app working in your container, along with apache2

Moving other session and locks to /run

Now apache works, but not connections to mysql


Docker instance start script

Docker instance start script (cont)



Warnings about docker, btrfs, and backups


Summary: Doing it the docker way

Summary: Doing it the shared system way

Thanks to Docker Maintainers and Contributors

質問がありますか? Questions? Want a job at Google? Talk slides for download: