Docker: What's New and 2023 Year In Review (Ep 247)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Music] [Music] [Music] [Music] [Music] oh [Music] o [Music] m [Music] hello it's me on the internet again final show of the year we are this is kind of like Christmas plus New Year's themed so I don't know how you know holidays themes doesn't really matter but let's get to it we're going to talk today about everything Docker I've got a wonderful crew of people here with me today and I'm realizing that we're going to have to go through so much stuff that it's going to be hard to contain all this in a reasonable timeline we don't have 24 hours of live streaming to do all this so thanks for being here let's get to it hi hi nural hello my co-host is back nural MAA from AWS I mean you don't live in AWS you're not that's not a place but I live in my home you don't live in the cloud literally uh at least not yet maybe maybe in the future um so good to see you happy Holidays happy almost New Years almost we got a couple more days and then I'm going to keep the whole next year a secret about what we're all going to be doing doing so you're just going to have to keep coming back people keep coming back to find out what the plan is we're going to have a ton of shows next year that we're already are planning we got people from cubon all the projects it's a long list uh and noral and I gotta got to get to work I was just gonna say I'll be there so um that's not you will be there yes that is not so let's run through the details people in case you're not familiar with this show or the format this turns into a podcast uh and you can hear nural and I in your ears instead of watching us on the internet you can listen to us that's over at podcast. bre fisher.com all the links are below in the description um yeah and you can just look at all this stuff we've we've we've done a lot this year you and me yes um lots of good shows we both hang out in the Discord server so you jump into that right above us we got that We snuck that URL in the discord.gg devops that's a pretty dope uh disc ORD URL we we are now the devops on Discord it's official there's many disc many devops but this one is mine and we all hang out in there so come join us between shows during the show we're in here chatting this is 16,000 people all learning devops using devops day today we got monthly meetups in here we got swarm meetups in here there's a ton going on I can't keep up as you can see by all of my channels that I can't keep up with yeah all right and then we have the newsletter so you want to find out when nural is going to be back on the show what guests are going to be on the show we just sent out this week's letting you know yesterday or the day before that hey come join us we're going to have Michael Irwin from Docker on the show so that's how you find out go to brett. newws sign up for free you get one email a week and it's just what we're releasing it's it's basically me announcing what nal's doing with me this week and who we're going to have on the show and then we have a loot box full of Swag mostly t-shirts but we have coffee mugs which I don't have in front of me cuz I'm a horrible product placement person um but you can join our loot crew and you know sometimes there's sales on there you can jump in and find out when there's sales we'll let you know if you come back every week if there's a sale on that on that stuff so enough of the details did I cover everything Nal I did it all you're good you're good okay we have so much stuff to cover we got to get right into it so who's none of that matters yeah none of that matters there he is all right in case you don't know Michael Irwin uh he has been on this show approximately one less time than normal I think he uh he's a repeated guest multiple times a year we all live hours from each other but we all never see each other unless we go to a conference this is the life of this is the tech life right we could be a reality show well welcome Michael thanks thanks for being or thanks for being here thanks for having me it's you're welcome I'm glad to be here I'm on the Michael and nmal show so that's right that's what we're doing here yeah just your names all over the place yeah you we just let you kind of I kind of made it obvious so that no one would mistake are you confused about what you're watching right now it's not the normal show unfortunately it's the Brett show um so that's why you all are here is to bring me down a notch just like let's have a little bit less Brett a little bit more other people that's right well we're going to talk about Docker all for this next hour uh and we've got a lot to get through so for those watching like the gist of the year is docka released a ton of stuff the tldr is a ton of stuff across all their product lines everything from Hub to Docker desktop to engine to compose to new things AI like we've got a bunch we're going to get through um I have talked about this for youall on the internet multiple times this year we had dockercon where we all got to see each other finally in LA that was the big news of the Fall was we got yeah and we had multiple days of product releases which it was kind of nice because we don't like we all go to cubec con and other you know Linux conferences and stuff and there's not usually product releases on stage because it's all open source usually so you don't really need to make announcements and so it's kind of nice to go to a conference where there's you know what's what's today's announcement what's what's the new tool I get to download today or get jump into a waiting list for a trial yeah but I will say from the uh the inside the conference driven development is stressful as I'll get out though oh preach preach as someone who's still four weeks after recovering from AWS reinvent preach yeah well um by the way we're all uh we're all in chat Eric Smalling another high-fiver in front of the show um he's he's moving on to a new job so we're going to have have to look out and see what's what's what's going to happen for Eric next um so congrats for that and Caesar's here as regular Alexander's here Mitchell's here pseudo B Mitch what's up another Captain um it's funny because in the chat we see all these wrenches because these are people that have mod rights and so like if you've been on this show or you're a friend of mine or whatever I give you mod rights so that we can all look out for each other in chat keeping the spammers out and it's funny because it just looks like a bunch of mods hanging out in chat we don't really have an audience other than just the people that are friends of the show um yeah anyway let's get to it let's do it um nural I'm I don't really have an order for this should we just go top down Ian look at this stuff you can't see it yet but oh there we are look at this ridiculous list lot of things to cover so let's just start at the top this is like honestly this is honestly half half because we had to like all the other little things we just said well we're not going to get to it yep so let's let's start with the I mean the core right the docker engine um that's probably the best place to start because there was a lot of activity there um that was not typical of previous years but um give us the rundown the TLD drr I guess or TLD DW on on the docker engine this past in 2023 yeah so as you see there uh bretts got pulled up here the docker engine 24.0 release notes and uh 24 was a big release and uh if you scroll down just a little bit to like the 24. o.0 um I mean you just see I mean even just the the list like there's a ton of stuff that was uh included in this um and a lot of stuff that that people have been kind of anxiously waiting for a little while and and whatnot so it's um in many ways I also see it as a good sign you know when when Docker has kind of gone through this Rebirth of of in many ways um it took a while to ramp things back up and and to get all the the processes and the people and the open source and everything moving again and and and streamlined and uh so again that's partly why it took a while but hey now it's out there in since then there's been several patch releases uh and so yeah the the the the gears are moving and and releases are happening and uh you know lots of good stuff in there we won't go through all of it here but you know it's nice to see the improvements around build kits and um which helps enable a lot of the other things that we're doing around s bombs and that kind of stuff too but um again just a lot of good stuff in the core here and again it's it's further showing our commitment to continuing to to support the open source projects here and uh continue to help out the ecosystem so yeah you do I mean obviously the the commercial products get a lot of the press uh they're flashy there's a there's goys there's websites and we all of course we all came into this game when all we had was Docker engine and Docker CLI and we if you look at the version releases like we had a version released in 2019 we had a version released in 2020 and then it it was three years before we got the next one one two yeah and now we're on this rapid clip of we've had two major versions in a year uh in less than a year and to me I the one thing that I remember from all these both of these releases is the build kit and buildex and build kit are updated and now the default builder for every in every installation case on every system not just Docker desktop for a lot of us we for years we're putting Docker build kit as an environment variable um I'm zoom in on that and we don't have to do that anymore even on a Linux Builder and I just today or tomorrow release a podcast about Docker file front ends which which you all should listen to because there's no video on it it's just a podcast and it talks all about these front ends that are essentially powered by this change because now that we have buildkit as a default Builder everyone can use these new fancy front- end features that are essentially Docker file versions so I did a whole 15minute rant about that last night on on a podcast release so yes um so yeah Docker engine yay okay that's the first first check box first check box all right now we could there's a ton of stuff in here we just lumped around Docker desktop updates yeah uh so I tried to break it out a little bit to Docker desktop itself and things that only are in Docker desktop and then Docker tooling like maybe compose or uh CIS that maybe you could get elsewhere um yeah Michael tell us a little bit about these performance improvements we were this year that the team really doubled down and and and probably more than doubled tripled quadrupled whatever um it was a big effort internally of like how do we just make it faster because we were seeing and hearing from a lot of folks that just hey we need better speed improvements or you know it takes so much so many resources to run and that's what and while there was some truth to it there there and in many aspects they were blown out of proportion compared to what they should have been at times but you know hey the best way to uh to help that out is just to say hey we're going to make performance better anyways and so again really just drilled down into that and like how how can we make performance better so startup times um on my Mac I can go from Docker desktop not running to a container running within two seconds now which is unheard of from even a year ago um some of the other numbers that were uh on the screen there 400 about 450% Improvement in network speeds and that's a lot of going from the host into the Container um or vice versa so um if you're copying files or sharing files files um and that also helps speed up a lot of the build time improvements and whatnot the Rosetta work for those running on Mac um that that went GA this year as well um so again a lot better uh emulation if you st have to run amd64 binaries and images and whatnot um and this last one is actually a pretty cool one it's a resource saver mode um when you're when Docker desktop when you're not running any containers or or doing any work there the the virtual machine that Docker is using will just shut down and we'll just kill it off for you and so you're getting back all that that CPU and battery and and everything um and then the next time you run a container it'll start the VM back up and again because of speed improvements which we've been putting into it that VM starts up really quickly now too so um impr it's it's been awesome yeah performance always matters um yep you know and as much as we are getting bigger and beefier machines um all the time it's just it just matters all the time right and I think um you've probably seen this with with all the folks that we interact with the community and and customers and folks just getting started um the immediate performance of of that tool is is like the main takeaway right it's that first impression it's the Lasting Impression and um when you're doing when you're using it daily it's like having a sharp knife right you want to make sure that like a a chef wants to have a sharp knife um it it just matters all the time and for me too it's also been nice to you to actually like look at my Mac and okay what apps are using the most power what's draining my battery the most and like I haven't seen Docker desktop on that list in quite a long time now which is which is awesome that's a good feeling yeah yeah I do like the the multiple like there's a manual option for putting it to sleep there's this automatic resource saver option I now feel like I've got more control over pausing it and all that stuff and that and uh it's nice like the if those of you out there if you haven't realized like the command line will automatically wake it up there's there's certain tricks up their sleeve um and they've been and the the captains have been giving feedback around this because we're all not only are we just running a daily for work but we're all constantly playing with new features trying to figure things out and you know as we add as we click all the boxes enable all the things it can get a little it could get a little hairy for how much resources uh do Docker running especially if you have a whole bunch of extensions which we were going to get to uh because the extensions came out last year right 2022 was the year of extensions yeah um and I feel like 2023 was the year of extensions really coming into their own as sort of this de facto now everyone else is copying Docker desktops extensions idea uh all the you know a lot of the other container tooling is jumping on that bandwagon and it's and it's a great idea I always point out that a year and a half ago when Docker first came with the captains and said hey we're thinking of this idea we're cing extensions it's little programs inside Docker desktop maybe in the guey like and they run in a container and what do you think what do what ideas do you have and I think the captains came up with like two or three and we're kind of struggling to figure out what would I want to run a Docker that I can't already in a container and and then suddenly the marketplace just blew up you know within the first 6 months of all these great ideas I didn't know I needed open shift I didn't know I needed painer with a one-click install but I do and they're all there now so uh for we uh we've got a couple actually to talk about here in a minute if I can shut up um all right we have lots of dashboard updates you mentioned that do we want to just show a real quick screen for those that are maybe not updating their Docker and not aware that uh there you know the the guey itself is actually getting much more advanced uh in terms of like s resources and all the buttons and we didn't actually sh uh test your shared screen did we no but here I'll I'll bring it up and we'll just do it live right yeah why not yeah what could go wrong YOLO what YOLO that's right um it is hooray so yeah this is darker desktop the main container screen didn't get a ton of updates some of the just the layouts and that kind of stuff maybe some small ones but um there's some additional charts up here or to be able to see CPU and memory usage and whatnot um I can also drill into a specific container so let's know this is the example voting app that I think many of us use quite often um but if I I open this up I can see stats about this specific container um you can see that it's got some history even though I just opened it up as well so it's automatically aggregating that for me um there's some new features around being able to see a file Navigator so I can just actually open this up and you know navigate through the uh the files that are in here and and so I don't have to if I'm not as comfortable with the CLI or navigating through I can do that here as well I can also just double click even on a file um or sorry um I can edit make changes to files directly in here as well too of course it's still it's not a full IDE or anything of that sort but if you need me to make just quick changes or navigate around um and you see that it even tells me what are what are Mount points or what's what files have been uh modified that kind of stuff so again just some kind of quality of life improvements there um some other things with the the dashboard the quick search here up at the top so if I'm just getting started um say I want to you know run a jupyter notebook um you know I could just search Jupiter and this has give me all the sponsored open source projects and I can just click on run and it will download and and get it going and everything too so again um and I can actually even click on the the image itself and it'll actually pull up the the docker Hub stuff which okay which this one is saying that I should use the Quay image but anyways you know it's again giving me details um I don't have to leave Docker desktop and go searching on HUB and and whatnot but um get all that right here um it'll search docs and extensions volumes containers you know quite a few different things there as well too so yeah lots of uh lots of like small improvements to the dashboard to the UI again as as Docker becomes more of a commodity more utility that more folks are using it's starting to to be used by folks that aren't as comfortable in the CLI and and other um you know other types of developers so the more that we can continue to to build this out and uh you know click operations is is a is a very valid way of doing things too so as much as uh us command line junkies um think that that's the only way like people interact with Computing worlds um you know that's you're right like there's lots of folks that uh use user interfaces in goys um and those per performance improvements in on top of the improvements in the UI in combination uh open access to Docker for lots more folks right so folks that are running on older Hardware where those resources are more constrained uh plus those are then also going to be typically the folks that might be using the goey tools or more on their on their older hardware and so it becomes more accessible which is awesome absolutely yeah uh it just makes me think okay can I can I teach Docker without ever touching the CLI we're not quite there yet we're still working on so there are some things that you still have to do with the SE like I I can't do a build through the guey yet um so you still have to use a you know Docker build Command right there's like I can't spin up a composed project unless it was you know stopped I can press play to continue so there's still a couple things you can't do through the gooy there's not like yeah there's not like file open compose file project launch yeah doesn't have that workflow yet but um not yet yeah and so that's the thing right we keep adding more featur than goey but we also want to be super fast so like there's always that Balancing Act and that's the struggle for it um all right I do we have any other major things and I mean I love the build view but we're going to get to that in a minute like I love the idea of expanding on that uh there's we also are going to talk about some extensions including the debug extension a little bit um anything else before we move on to Docker and nit let's move on to Docker and it or Learning Center I I don't know if you want to mention the Learning Center but yeah yeah so I mean we won't spend a lot of time there but um we've been as we again are trying to help folks on board and and learn um there's a new Learning Center that's part of Docker desktop that has a couple small short little um walkthrough okay what is a container click here to run the container and it's like this interactive walkthrough and uh again we're just getting started there too but um yeah stay tuned for more updates in that area that's awesome uh the more folks that are getting involved and learning how to use these tools is the better I think yep um all right so Docker and nit uh when do what is it and when do we use it what's a good use case for Docker and knit yeah so Docker and nit is a a new command um that's basically used to help bootstrap a project um so if I've got a python application or a node app there's there are several different languages it supports now um I can use Docker nit and it'll kind of discover the the languages that that are in use there and create a a Docker file create a compose file um and then a separate read meet of just here's what we created for you and here's how to use it um uh whatnot and just kind of help bootstrap and and get you started now it's not going to be the end all solution like it doesn't set up a the your full Dev environment and everything because there's so many different ways to do that but it's it's used to help just kind of initialize and help bootstrap get you at least a couple steps further down the road um and like even the docker file like when when they first launched it like I I opened up a Docker file on a project I'm like okay I'm actually picking up a couple new things here as well too because they're they're using like the latest and okay hey I'm doing a run with a mount cash or a cash amount and you know it's using a lot of the best practices and it's all documenta of and comments of here's what's happening here's why we're doing this and and whatnot to so it's it's a great bootstrapping great great tool to help get you started uh this Docker in it is like one of those things where it's like why why wasn't this around so like we're we're nine 10 years into this it's like man this should have been around for a while but I'm glad it's there now yeah well taking off my Docker employee hat putting the captain hat back on from the past like we it's been interesting because over over the years Docker has kind of played with tools like this in the past the what was it um ah man what what were the tools I'm sure yeah I know exactly what you're talking about because like there was there was Private Source Enterprise tools there was open source projects but I think real quick I think that we got lost along the way it's a great question nmal I think we got lost along the way around my grading of Legacy apps and creating a workflow around that where even though this is technically that because it requires that you have your software project first right you don't Docker init before your npm init or whatever and so you you have to have the project there which technically makes it like a a migrating kind of tool because you're presumably having an app even if it's just a demo app that doesn't have a Docker file doesn't have a Docker ignore doesn't have a composed file and I love that Docker init actually does all those things and not just a Docker file because I think at first it was always about the docker file file and now it feels like Docker aned is well we're just going to give you all the the standard three I think it's three maybe I think it's just three files actually it Docker file compose file and Docker ignore I think that is what it creates and it's it's language specific and I think a lot of the stuff before was it was either well this is a 101 generic Docker file that anyone in any project could use or it was a very specific migration tool that would maybe go deeper into the analyzing of your project because Michael I don't actually know this on the init does it actually look does it know how to build in dependencies and all that or is it just saying oh you have a node project so I just add in npm C like it it's kind of generic right that like that right it doesn't really yeah I mean so so it does a little bit of language detection and of course prompts you and ask okay did we detect it right um but then from there it is a little hardcoded it will ask you okay are you useing mpm or yarn you so it'll ask a couple of those kind basic dependency things um but beyond that there's not a lot of additional branching out or um you know customization that that it will do itself of course it'll create the stuff and then you can customize it however you want from there right right yeah it's not like static an analyzing your your toolit to determine your dependencies or yeah but you know it is a kind of interesting thing because as we're looking at like Docker Ai and that kind of stuff which I know we'll talk more about the AI stuff later it's kind of like how might that be able to plug in here to help you bootstrap a project more aligned with how you're already doing things or whatnot to you so um and yeah I see a couple of comments in in chat about that as well too one question from Conrad here I'll go and pull up um how does one Implement a template for Docker nit for unsupported languages um so as of today we don't have that yet but it is something that we we've done a lot of talking about internally of yeah how do you I mean just how you can a npx create or yarn create or you know whatever and use these templates from other Community sources what what might a similar thing look like here as well too um so no answer there yet um you what other langu would you like to see there too yeah there is a feedback um in when you run Docker nit you can select don't see something you need let us know and so that probably sends a message right to Michael or something like that yeah yeah he's definitely one of the only the only employees at Docker now what do we what do you have over like 500 employees or something now remember 500 now yep yeah it's just amazing I mean three four years ago you were at 70 something and now five it's just so much even when I joined almost two years ago we were at uh just about 150 so even in almost two years triple so that's crazy yeah it's hard I mean we could have a whole show about how do you even keep culture in in a place like that where everybody's new and how do you bring yeah uh yeah that's a great that's a good idea for a show top it would be um so going from that to compose right so like let's not ignore the fact that compose got a lot of uh love this year too so what are some new stuff in compose yeah um I wanted to I wanted to pitch my I've got a few shorts here on YouTube about compos watch um we I think a lot of people if you've been watching this channel or watching my newsletter reading my newsletter whatever you you're you're probably aware of watch which is my favorite feature of compose in the last years like many years uh other than compose uh going to compos spec instead of versions that was a fantastic move um so watch is that thing that syncs it essentially I feel like it I kept calling it Dr compos sync all this all this time but watches your files and I think in a lot of ways it removes the need for a bind mount particularly on Mac for those of us on Mac that struggle with the Mac the Linux barrier who knew that Mac would be the place where it's actually the least Linux like OS of the three major os's for desktop who yeah crazy world we live in but um Michael we we didn't get as much about um so there's actually two other things I'm I'm realizing now we we have compose include yep and then we have compose publish and I didn't put compose publish wasn't in the list either see this we're already forgetting things um what's the elevator pitch on include so include uh the way I like to say it is it allows your compos apps to be composable um which to some people are like okay that didn't explain anything to me um I can't Define it by using the term but anyway allows you to break up your compos files into smaller composed files um and so actually some of the use cases that we've started to see around that might be um larger teams larger companies that might um start to have a shared services Library type thing where they could say all right here's a here's a repo for example that has a bunch of shared services and compost files and config files and everything that's that's needed to to support a lot of the application development and so now I can just say okay cool I'm I'm doing a lamp stack application whatever um and I'm going to pull in my SQL and PHP my admin or or whatever else and I'm just going to pull from that shared services Library um and then my my compost file has just the PHP application and the bind mounts and the things that my app needs but then all those other services I'm including from somewhere else just as an example um and you can think of similar things for okay how need to run Kafka well running Kafka is not as easy as just running Kafka you got to run zookeeper and you know all the config and everything else that comes along with it so okay cool let me just Define a compos file for that um share that amongst my teams and then I can just include that um and so again starting to see some interesting use cases there there's a a I think you still have to use an environment variable flag right now but there's a way to do a compose include that references a get repo where it'll actually clone that repo and then use it from there um so it doesn't have to be a local file or something on the the file system as well too so again some interesting interesting use cases that opens up but yeah that's very neat yeah yeah nanner has a question on uh profile versus include to me I use I love profile it's one of those underrated features that is relatively new like three four years old not L lot of people know about it but profile to me is when I want to break down my big solution in a single compos file into smaller chunks and run them and control them independently um I see profiles the teams I work with often used for they set a specific profile for things that are maybe like the first time database seating or special things that are maybe not just running contain web services something that I need to run as a one-off and they will use those as profiles as a separate profile for or maybe if you have a team where you've backend and front end and it's all in the same compos file and your backend people don't always need to run the front end so you can put uh profiles for that uh include to me is how to break up a a a a large compos file into smaller chunks for reusability across repos is that that a good argument I I would say include yeah include is more of if if you think about what are all the different Source materials you're going to bring together to put into your your stack and then profile is okay what am I se selectively actually turning on and off would be kind of the way to think about that and and I'd say another use case I see profiles a lot um she because I I was guilty of this in in years past where I would have a composed file for development I have a composed file for my tests that are running the end to end tests and you know another composed file for maybe production or whatever and profiles lets you kind of merge all that into a single and it makes easier to um leverage the same services for different use cases and then you can use the profiles that then just selectively say hey I'm I'm doing my in to end test so let me enable the test profile which then will then spin up those services but not the other services yeah yeah if you go into microservices I feel like the the profile is really uh a powerful feature because you can you don't want to light up all 20 so you just want to spin up five and you always need a database and API or something or whatever so those are always in every profile or whatever so that I I I feel like you You' nailed it there like the problem if you have the problem of a composed file in the backend repo and a composed file in the frontend repo and a compos file in every if you're if you're breaking out all your repos if your comp compos filing in every one of those that to me is where you should use profile if you're repeating the same information in a bunch of different compos files across different repos or directories and you're just copy and pasting the same info that to me feels more like an include include would solve that problem yeah yeah these are funny thing is all these things can be used together and so I feel like I need a new compose course because I definitely teach a lot of compose in my courses but there's so much to it now that you could really you could become like a compose expert class um so uh a lot of new stuff in compose uh what the last one is uh compose publish uh that we have listed oops real quick what is compos publish all right BR you want that one or me okay uh one sentence I get one sentence uh it it lets me share my compose files with other people without needing get correct there we go awesome Yep and and and I'll say to you there like we're we're just at the start of that I mean because right now there's published there's not a lot of ways to consume those those published things yet and and so yeah we're still just getting started in that space but um but yeah it's using OCR artifacts under the hood and that kind of stuff so it's a for those of you that may have been around a long time you know it it kind of feels like almost a throwback to Docker app um but you know a different way um yeah so it it looks a little bit different but uh yeah stay tuned awesome yeah that's like an alpha feature right like publishes like Alpha yeah okay so so that's exciting the big the big highlight from Docker con uh this past year was this little thing called Docker Scout um what is it get let's get into it um yeah why why was it the centerpiece of dockercon this year yeah so first off um the well the really exciting thing from a company perspective is like you know for the most part Docker has just sold licenses to do to Docker desktop and so kind of as a just company growth perspective it's like oh well hey this is exciting because hey it's another product it's something else that we're we're building and we're um we're selling and all that kind of stuff too so it's kind of a all we've hit we've hit a maturity point of hey now we've got multiple products that we're supporting and everything which is which is exciting to be at again um but again what what Scout has really focused on is helping build a secure software supply chain um you know when you build container images there's a lot that goes into that okay what what bases are you using where are they coming from are they trusted U have they been verified Etc um what are you putting in your image what open source licenses are using what vulnerabilities might be associated with them what code quality metrics are you um you know is your code are they meeting your code quality standards Etc um and there's lots of different ones have you configured your image to run as a non-root user for example so there's just a lot of these kind of like base things that that go into your image builds and building secure software supply chain and beforehand there there weren't you know Docker didn't have any tools to help out with this so Scout is again really focused on that um and so as you see Brett's kind of going through the product pages here and pulling up scout. do.com here um there's local developer tools that help me as a developer to know you know even at this screen we're seeing various policies up up at the top and copy left license issues or vulnerabilities outdated base images Etc and so while I can see that here across my entire organization in this UI as a developer well I can evaluate all these things locally and so I don't have to wait for the feedback loop of it having to go through my CI pipelines and then just to find out how wait I can't run this in production because I don't have a non-root user Etc um I I can evaluate all this stuff locally and and the the theory here is to we speed up developers and decrease that feedback loop help them stay efficient and kind of in the groove uh longer um and so yeah it's it's our it's our new product it went GA so generally available at dockercon in October um there's still a lot of work to do here there's still a lot of uh new features and things that we have planned there's a Hub app that's being um released here very very soon um so we actually integrate and can actually even automate PRS to update um Docker files use new base images or you know fix vulnerabilities that kind of stuff so um that's pretty exciting stuff there um again just it's about that secure software supply chain yeah yeah oh go ahead sorry and in combination with one of the themes and we talked about this during the um the doer con live show um one of the themes was was uh this focus on the inner loop like the the stuff that's happening before the pull request um within your software development life cycle and uh this fits squarely within the intersection of software secure software supply chain security and that inner loop development cycle um and uh it's it's excited I'm excited to see more emphasis put on that step in the process because I think you know as we've been seeing over the last decade uh from an operator point of view there's been a lot of focus on like kubernetes um running containers um the environment and context and uh everything that you have to do to productionize and and keep your services up and running from an operations perspective and then there's a massive Gap and then there's like development tools like somewhere like out there and this uh this Gap is is starting to be closed finally I think uh as an industry and so this is kind of in between there and a step toward that correct I I yeah very much agree and and that's been kind of the the fun thing of building these tools that it's it's an intersection of so many different personas and so many different roles coming together um you know as Dockers really focus on developer tooling and everything it's like how do we make this kind of you know a lot of the tools that are very oriented towards Security Professionals or you know very Niche personas how how do we make them accessible to everybody here um and and so yeah it's been fun to to see the developers reaction so far as they've played around with and be like okay hey I I can actually use this this this is seems pretty straightforward and you know a lot of times developers don't care about especially like security vulnerability stuff until they're forced to care about it um and so this makes it a lot easier for them to do that but again there's um like it's been kind of interesting to see even for myself as we've enabled some policies to try out internally like the images configured with a non-root user by default okay like I'll me how how often have I cared about that in the past like it's like okay it's one of those things it's the best practice Yeah I should do it but once it's a it's a policy once it's up there and I'm being measured by it like I want that to be 100% And so I'm going to go update all my images like it's almost like gamifying that that occurs with it and and so again as we've been testing out a lot of these new policies internally which yeah I see that that one's not on your personal or here yet um but you know as as we've been trying these things out like I've noticed my own just security Consciousness has increased um I wouldn't say I'm a security expert by any means but I'm I'm at least thinking about these things more than what I've used to be yeah you have a lot here uh and I'm trying to I'm trying to figure out like where does this fit in the marketplace for like the teams that I'm working with the people that are asking me about security because Dev SEC Ops I mean it's getting to the point where nural and I every every show we have someone's asking about devs Ops that doesn't mean that you and chat can just start spamming us Dev devs Ops but you you could uh but that's not this show but you know we have we have companies like sneak and uh these companies that focus on developer tool security that's not container specific it's it's usually code repo oriented um and then you have all these security tools that are cluster operator Focus where it's monitoring infrastructure and kubernetes clusters and what's running and those are really great and then there's this nebulous middle area where some tools are just just a part of the CI pull request or you where the CI runs or something like that and they're and that's really their their focus but I feel like this for a sort of like a 1.0 release let's call it it's got C tooling locally it's got GitHub action and CI tooling for automation it's got tooling in your registry or to plug into all the other registries it's got tooling and Docker desktop and it all comes together I think that's really what I enjoy about it is that I every developer Works differently some use CLI only some lean on gooy some don't like remote Services some completely depend on remote services so there's there's a lot of places where I feel like even if I were to go and set up a GitHub actions to do a trivy scan or some you know a sneak scan or something like that sure I'm putting a gate there maybe in my CI but that's pretty late right that's in the pr process that's that is maybe later than what I you know that the developer is just trying to get code submitted so they can get it in the cluster and now that's when they're finding out the bad news so I love uh the co sort of the cohesiveness of this around it it exists in my Docker desktop I don't have to wait until it's processed by my git repo I can push my own images to HUB and see the stats here without pushing them maybe to the official repos of my project I can kind of figure out where I like to see this stuff and I like the different options because it you could have easily just said we have scout. do.com and that's it right like that's all you get but you I feel like it's and just we're going to have to have another show Once A lot of these Integrations light up because each one of these Integrations is a an entire show for us to talk about how Scout can help you with your artifactory or Scout can help you with your circle CI you know there's just so much here um and I one of the things to uh I'm going to read between the lines a little bit of what you said there as well too but you know Scout is really Drilling in on the idea that or container containers and images as the packaging artifact there um and so you know everything is okay what's the base image what's going in your image how are we deploying your image and so as you said you know this Scout's not a production runtime monitoring service like we're not going to replace that and we have no plans to replace that it's how how can we hook in with those different services and whatnot and that's some of the syst Integrations you see and whatnot so it's really about the the secure software supply chain around the container images and actually kind of timed back earlier you know the Mobi releases and using build kit and okay now we can generate these s bombs by you know automatically well hey that's what enables a lot of this to to actually happen when you create an image that image is immutable you're you're not going to change that and so you think of that sbom as almost like the cargo manifest of what's in the box and then Scout can adjust that and continue to to watch and monitor for new issues or um things even after your CI Gates have have passed and you said yeah all things are good well you know new vulnerabilities new issues may be discovered three months from now well yeah you can just go on the dashboard and it'll cross list vulnerabilities X against the S bombs that we've ingested and he are the images that are affected by it so yeah there's no more having to go rescan everything to find out what's vulnerable what's not it Just will tell you um and so it's kind of this the way I I like to think of it it's just this like huge data graph at the end of the day with lots of different things that are annotating your images with packages and what User it's running at as and open source licenses and all these different things and then how do you make sense of that graph um yeah so yeah I like I like the default changing default Behavior subtly is one of is a hard art form in tooling and I feel like Scout can do that where like we're getting at a stations in some cases automatically as Asom generation is happening automatically and so as as ER sort of pushes these things to our different tooling and then people will stumble onto it and go oh I don't know what es bombs are because they they're not maybe at a large company that has to deal with as bombs or government contractors or whatever so it it I I like that's one of the things that when we go back and someone in someone in chat said something about swarm earlier I see you people I see you swarm people uh so I I feel like that's that's some of the ways that we have to get this stuff out there it's almost like our duty duty of care kind of thing of if we know there's a better default or a a feature that we should enable that doesn't harm anyone like like an sbom scan or like adding add a stations and build kit like that should just happen and then people later go oh look at all this stuff I have in my image that I didn't even know about that's that's here now whereas I think a lot of times in Industry we release a tool and we say well everybody should use this tool but it's you have to implement that tool and and people don't always do that and if it's a single use tool like a like an ad a station Creator and and like very few people will do that right it's only when they're mandated to do it and I love this turn sort of turning Security on by default approach all right I'm gonna cut the Dr Scout conversation yeah one last one one last yeah what where we're hoping to to I mean the conversations have already started but like Open Pub Key and signing of those images and everything like those that have been involved with that like there's a lot of infrastructure there's a lot of process there's a lot of setup involved and again it's you know how do we just make that easy so as you were saying it could be as mostly just turn key or it's automatic and it's just there and you don't have to think about it or worry about it and you know if something breaks if something's H you know hey this image you pulled is has been tampered with um then you can know it right away and you don't have to think much about it so it's yeah how do how do we unlock a lot of these capabilities for the masses um and yeah stay tuned there and if you're working at a large Enterprise company and you haven't heard about es bombs yet it is likely gonna land up in front of you right in the near future um uh especially I mean in the public sector for sure but um anywhere that you're working in any kind of compliance environment it's likely gonna start showing up more and more in your world yeah bar asks real baruta ask real quick uh is it possible to have a scout layer to CI and CD yes yep yeah it's one of the Integrations and yeah we should definitely do a whole show and uh and dive deep into there because there's a lot to go through and uh uh let's do it Nat's asking us as well I don't know if I clicked on this one uh about requesting a new show about all the different stages where we can do Scout stuff like you know local local local Dev uh when I push the images when I do CI yeah there's all these different layers to that for sure all right uh awesome and this a great discussion we should we should do this more often um I love how you have the notes up so everyone can see how we run this show um so this is how we do it by the way exactly so fancy I wonder what's coming up next everyone exactly so jump uh jumping to a completely different topic like we we did one theme for sure which is like that inter Loop the the dev cycle the prepr uh software secure software Supply chains if I can say that 10 times fast um that was definitely a big theme of last year um across uh the different conferences um around devops for sure uh the other big theme we'd be a Miss to mention and I don't think we're allowed to do a YouTube live show anymore Brett without mentioning AI or machine learning anymore anymore um is AIML right and so um with the with the explosion of of jna llms um machine learning it's been there for a while um and now just kind of uh coming into mainstream usage uh this past year uh what are some of the areas that Docker is intersecting with machine learning and AI yeah great question so I think there's a couple different uh things and probably the first thing I I'll mention was actually what you just had on on the screen there BR was the Gen AI stack so at doer Con in October we announced a partnership with Lang chain and AMA and Neo for J um for the stack and and I I want to go and say up like this isn't the end all Beall stack it's mostly a hey here's an inspiration to get you started to to play with it because um there's a lot to learn in AI um in in this space between llms and chains and um you know rag a retrieval augmented generation like there there's so much to it and so with the stack it was kind of you know here's a starting point if you want to experiment you want to play with it and guess what you get clone Docker compose up and it's all running locally on your machine yeah um and so you can develop you can test things out locally um try it out um and and again just kind of Kick Kick the tires a little bit and get a feel for how's this going to work now um and there's several different applications there's a a chatbot there's a PDF reader where you can give it a a PDF and it'll analyze you can ask it questions and what so there's there's a couple different applications you can try out there um and so in many ways this is helping show that you know Docker what the way that you've been using Docker to build your web apps and your other applications what well guess what all that still works in the AI space it's just what you're putting in the container image is different but all the packaging all the tooling the composed stuff like everything else you can still leverage it's just now a different type of app um and so that's that's a lot of what this gen stack is here um so it's like a it's like a getting started with respect to J locally um which is which is nice because I I think a lot of folks uh get are get kind of confused about hey is it just using the apis that are from you know the major model vendors um or or uh LM vendors out there or is it like how do I interact with these models do can I run them locally and the answer to all that is yes right it's like there's it's it's uh it's all new it's an all new space um everyone's experimenting in this they're trying out all kinds of permutations and uh this is kind of getting started with some of the tooling that um folks can use to to develop uh gen or just machine learning inter model from model to model interaction uh fine tuning models Etc um and it's just dipping the toe like you said Michael it's not the be all and all stack for sure um and that the ml space and and I know uh Brett and I we've talked about doing more shows around around this topic in in the future um please let us know in the comments and chat if that's a topic that you all want to hear more about but um there's mlops right how do you train models how do you do serving inference of models then there's these tools like the genc which is using models fine-tuning them running them locally um running use case against them Etc and uh one of the core elements to all of these all the things that are happening in the ml world is that containers are are core component of how people are doing these things right so like uh chat GPT or the GPT 4 models were you know they did they did their training opening ey did their training on kubernetes like a massive kubernetes cluster um containers are involved there right so um it doesn't mean that you have to learn like another thing if you're already used to the docker world or the container world uh that means that machine learning is access is even it's it's more accessible to you so that's awesome and what I like about it too is again you know the whole point of using containers in development is you know again if once you've got it set up you don't have to think about the environment you can just jump in and focus on the code and what is it that I'm building U rather than how do I install python how do I get all these you know open AI tools or you know Lang chain all these different things like you don't have to think about that so the the ability to go from nothing to iterating and testing and experimenting it's it's so much easier so that's kind of what the the geni stack was um intended to do and it's it's been neat to see all the the different conversations and blog posts like this one um as well they've help support that yeah Jade's got a Jade's got a great walk through I think this is really good this is the one that helped me after doer con actually understand what all this stuff that was going on and we should point out real quick because this is something that I also got confused with the do con the geni stack and what we're talking about when we talk about Docker AI there like tell me if I'm wrong here to me the docker AI is a sort of a program or a suite of different things that are all AI related gen AI stack is one of them and then uh we actually have an AI Docker AI Early Access program which was demoed at Dr con and that's actually inside I think that's in VSS code right like it start the a so I think someone mentioned in the chat wouldn't it be cool if there was something that could assist with making a Docker like when we were talking about Docker internet earlier would it be cool if there was something that assists with creating the docker file or creating a composed file and so um that's what some of that was demoed at at docker and that is what is being called I guess doer AI um is this kind of assistant um you want to go a little bit more into that yeah uh so final name still TBD there but um but yeah so the socer AI yeah I was was announced that at doer con as of today is a vs code extension as we're just iterating and and experimenting but yeah is this opportunity to have a chatbot experience with a a model that's trained specifically around Docker and and everything around it um and it uses is the context of the project that you're in to help answer those questions so for example um and I was actually going to try to pull up a demo here but um didn't get time to to finish that up but anyways um I can I can ask the bot and just say hey um I'm new to Docker I I ran this Docker compos up thing how do I open the the the voting service and it understands okay hey you're asking about a service that's in the compos F let me look at the exposed ports what's the host container what's the container or what's the host port and the container Port like it all those things and then just says yeah hey open up Local Host 5000 and here's your app kind of thing and so it it it'll and then it will explain it to you along the way so um it can do a lot of that kind of stuff of just general questions but also yeah how can I help bootstrap or I want to add another service to my compost stack um help me do that um so yeah trying to to be a little bit of an assistant um help you bu I was trying to find the uh there's a link to the time stamp I have it I have it I'll put I'll on there yeah um so this was demoed um uh there was a demo of this at at doer con uh back in October so I'll I'll we'll post the uh the video here there we go all right so we have a we're we're close to uh the end of the show we've we've gone through a full hour so we've covered a lot of the things that were announced and and uh delivered upon I guess you could say uh released in 2023 so 2024 what's coming up what are some what are some areas of uh what what are you excited about for 2024 uh personally and then what are some areas that that we should be on a lookout for um that we might do a new another Show on in the in 2024 yeah yeah yeah so great question first off I'm I'm excited because there's so much going on um so the the first things that I'll mention just a little bit of updates from some of the things that we announced at Docker con so um at dockercon we we talked about this nextg Cloud Builder um Docker Builder I forget the exact name but uh that that's now called Docker build Cloud um and this service it will be coming out in the next couple weeks and will basically allow you to leverage remote Builders um and so again time back to the build kit being the default Builder and everything that again help sets up these types of things so then your your team can use a shared build environment and you know if I do a build it may be the first build it's going to populate the cash and everything but now if any of my teammates do that same build well they can Leverage The the cach that I just populated um and we'll have native multi-architecture nodes and and all that kind of stuff so really cool stuff um and it can also be shared with my CI pipeline so again you kind of think of this shared cache environment um and a lot of the the the benefits that that come along with that um and especially since like I'm on a Mac with apple silicon you know if I'm having to build for amd64 images that could be a slow process and so again this gives me an opportunity to use native um Native machines for all that as well so um stay tuned on that and and again as as Dockers looking forward you know we are thinking about how we can leverage cloud services to to enhance and um add more compute resources to the things that you're already doing but do so in a way that still developers love to build locally and and so the last thing we want to do is say hey you must do everything in the cloud and forget to your normal practice you're gonna wait for CI wait for CI exactly exactly and so like we want to be smart about that so as as we continue to look for like this build Services one of those where hey I still use composed locally I'm still using all my normal local tools but I'm just enhancing that with a remote build service but the images still get pulled down my machine I'm still running the containers on my machine Etc so it's again being very thoughtful and like we were talking about earlier how do we make that as seamless and as easy as possible so you don't even have to think about it um it just works um so again there's more in the works I can't talk about yet but um you continue to to to expand on that idea and that mindset as well um yeah it's one of those things where we've I was gonna say real quick it's one of those things where like the int earlier it's like I felt like we could have had this eight years ago not that doctor should you know it's one of those things where once you've used it you're like yes I always want this option I would love to have an option that if I'm on a low powerered machine or if I need a new cross cross comp compilation uh different architectures or uh you know there's all it's and actually it's more at first when I first saw it I thought oh it's just a remote Docker engine that is basically automated the connection but it's way more than that so we when it when we get an official release of it uh we're going to have to have another Docker show there's there's still a reason why Docker is in the name of this YouTube channel it's because Docker keeps doing stuff so um we talk a lot a lot about it y all right so um to that point uh like around that local development or the development life cycle U you know that in Loop um one area that another another thing like why haven't we had this a long time ago is the docker debug I love I I was excited about that at Docker con I I like the demo of that um so what is Docker de debug just real quick yeah and maybe I'll if I get the screen share up here I'll share real quick so as of as of today it's actually package as an extension um but eventually it'll be rolled in this just helps us iterate a little bit faster um but so when you install the extension and there's a separate one for kubernetes as well too um but when you do this it'll basically create another command that will allow me to if I jump to my terminal so for example when I do a normal let's just jump into vote um let's just start a shell here if I try to Ping um you know Ping's not found okay and we've all run into that before hey I'm trying to debug something and crap I I can't do it well now what would allow me to do is say hey I'm GNA attach to this container but I'm going to bring my own tools into the container and so I'm not going to install anything and in fact my container can stay readon and and everything else but now hey I can do my ping and it's working because it's using the tools that I'm bringing along with it rather than the tools that are installed in the container and I can install other stuff it's using NYX behind the scene so magic that feels like magic yeah is really cool and so similar thing for kubernetes pods in that case it'll actually spin up an ephemeral container um in the Pod but same idea here where now I can debug and I can troubleshoot bringing in my own tools which allows you to then say hey my final imag is I'm building and pushing to production or and development like I don't have to build a lot of those debug Tools in because now I have a way to bring them in which means hey smaller images more streamline less security issues footprint Etc um and this will even which work with a you know multi-stage go projects in which I do from scratch and just copy in binaries now I can actually get into a shell and you know look at the file system debug even from scratch images which is really really cool that's nice especially when you don't have to have like a different Dev image from your production cuz you need all these particular like Ping curl um you know I I have that set of tools in fact I have the the net I stole the net shoot from Nicola uh a very popular image of all these kubernetes and Docker troubleshooting tools that are really just Linux tools mostly and it's like that is its own course like you H it's old SE it's its own section in my course of how to use Docker exec a cube control uh you know all these different commands and different options that I have to do and then I have to know the package managers in in there to make sure I get the tools it's a lot I mean it actually for someone who's maybe even not super familiar with all the different package managers and stuff it can be a lot and uh I think this is one of those things where again it feels it feels like it it's one of those things that should have always been there all along in our container pipelines um and now we have it it's right there it's free in your dockor desktop yeah feel free to to download try it out um it's just right now it's an extension to get them uh again eventually it'll be actually folded into the product itself but um so there's the debug tools to get local containers which is what I just demoed and the ephemeral containers because it's a different use case and and they're wanting to iterate and kind of deploy it more frequently and that kind of stuff um is a separate um kubernetes toolkit one as well so yeah give it a shot give a feedback and uh so yeah so debug you can get now as an extension may change later uh the docker build Cloud that we talked about is wait until January come back to the show we'll we'll point it out when it's announced but we're all on our you know we're basically um on the edge of our seats waiting for that launch essentially or the announcement of that and then um I know we're we're quickly Running Out of Time by the way I want to point out um ner thank you so much Super Chat Super Chat thank you thank we love the super chats uh yeah and very he says thanks for another great year of information informative discussions happy holidays and see you in the new year here's a couple of chocolates on me hot chocolates I just had a hot chocolate the other day W so thank you it's the time of year for hot chocolate um and then quickly uh we had the mutagen ACC uh acquisition we had the atomic jars acquisition like these are these are both tools and experts in their fields that are going to be showing up as different parts of the docker tooling I don't know if you have any uh any sort of 2024 um Insider I mean that you can talk about that we can we can sneak out there on this show that maybe no one will notice because no one no one watches this show so maybe they won't realize that we we did something what what is this preview feature synchronized file shares what what is this so um oh so so the the mutagen for those that aren't familiar was brought in a lot of different things but um Jacob Howard he is actually a Docker Captain as well um before the acquisition but um had built a tool to help kind of synchronize files from the host file system into the the container is the the virtual machine so that way it's not having to go through the bind mounts and and so with the muten acquisition well hey now let's actually fold that into Docker desktop itself and so this will be coming out here very soon um where then you can set up the synchronized file shares and then um so it's trading basically additional storage for performance um and so yeah the files are going to be on your host machine but then also copied in the container and then this will do all the synchronization between the different hosts you know all the machines and all that kind of stuff and and just make it work so um so that that's coming soon too and then of course I'm I'm excited with the atomic jar acquisition as well because in many ways you know Dockers been build share run um and the Scout we kind of talk about verify um but now it's like hey let's add another verb to that of test you know how do we make testing easier and um and I I've been a big test containers fan for a long time and and whatnot so it's it's fun to have them um part of the group now yeah yeah test containers was on this show I think this year um uh one of the other co-founders and uh I it it started with Java my understanding but now has a lot more uh framework and language supports built into it and I I need a refresher because I I watched the video you know how like you have someone on the show they they teach you all this stuff and then six months later you've completely forgotten it all that's what happened with with me and test containers so we're going to have to do another show um on that in the in the new year I think that's our common phrase that's another show so that's what that's what we're going to talk but that's the title of this show is this is the show about other shows The Meta show very yeah well we've we've squandered another hour and a half or hour and 15 uh going through not squander sorry we've done an awesome hour and 15 on fil yes um and uh one one last thing uh I wanted to do before we kind of close out is just thank you the audience um all our viewers our listeners um thanks for tuning in thanks for looking at the newsletter Thanks for opening up the blog posts um sorry for having to listen to my voice in your car or uh on your podcast um but thanks so we we wouldn't do this without y'all and um I'm super excited about getting into these awesome topics next year with with Brett if if Brett will have me back uh next year and normal for for what it's worth for for what it's worth you know your voice is better than this voice oh there we go can't wait to hear that on the podcast so we're yeah so now you have to sing the Christmas chick Chipmunk song because you have that and Christmas time Christmas all right uh the last things we should say is the community is growing so Docker Community is growing of course uh I see that through my courses and how people still keep buying courses but there's also a uh we had our first Docker con this year back in the real world live uh stay tuned for Docker to announce something about next year I don't really have a lot of inside information but I have had conversations so there will be something in the future um we have 20 new captains which means you have more captains making YouTube videos than ever before and blogging than ever before I think we're up to 63 now it says here which uh that's like that's like Peak captains um I feel like that's very close to even preo Peak captains when we were all at all the conferences spreading the word of Docker um yeah so very cool and like I said like I'm basically going to repeat nmal thank you so much y for being here Michael thank you so much of course you will be back next year as always uh and will be he he he gets a stamp of approval for another year of co-hosting yay yes congratulations all right everyone thank you so much for being here we're going to wrap this up for another a great show with great guest I'll be back on Thursdays in the new year come and join us live or listen to us on your podcast player see you soon everyone cowo thanks Happ year thanks happy New Year [Music] [Music]

Info

Channel: Bret Fisher Docker and DevOps

Views: 1,373

Rating: undefined out of 5

Keywords: docker, kubernetes, developer, bret fisher, cloud native, containers, docker mastery, kubernetes mastery, devops

Id: aXHMvTh1aF4

Channel Id: undefined

Length: 75min 38sec (4538 seconds)

Published: Fri Dec 29 2023