Last week, we launched Docker Enterprise 2.1 – advancing our leadership in the enterprise container platform market. That platform is built on Docker Engine 18.09 which was also released last week for both Community and Enterprise users. Docker Engine 18.09 represents a significant advancement of the world’s leading container engine, introducing new architectures and features that improve container performance and accelerate adoption for every type of Docker user – whether you’re a developer, an IT admin, working at a startup or at a large, established company.
Built on containerd
Docker Engine – Community and Docker Engine – Enterprise both ship with containerd 1.2. Donated and maintained by Docker and under the auspices of the Cloud Native Computing Foundation (CNCF), containerd is being adopted as the primary container runtime across multiple platforms and clouds, while progressing towards Graduation in CNCF.
Docker Engine 18.09 also includes the option to leverage BuildKit. This is a new Build architecture that improves performance, storage management, and extensibility while also adding some great new features:
- Performance improvements: BuildKit includes a re-designed concurrency and caching model that makes it much faster, more precise and portable. When tested against the github.com/moby/moby Dockerfile, we saw 2x to 9.5x faster builds. This new implementation also supports these new operational models:
- Parallel build stages
- Skip unused stages and unused context files
- Incremental context transfer between builds
- Build-time secrets: Integrate secrets in your Dockerfile and pass them along in a safe way. These secrets do not end up stored in the final image nor are they included in the build cache calculations to avoid anyone from using the cache metadata to reconstruct the secret.
- SSH forwarding: Connect to private repositories by forwarding your existing SSH agent connection or a key to the builder instead of transferring the key data.
- Build cache pruning and configurable garbage collection: Build cache can be managed separately from images and cleaned up with a new command ‘docker builder prune`. You can also set policies around when to clear build caches.
- Extensibility: Create extensions for Dockerfile parsing by using the new #syntax directive:
# syntax = registry/user/repo:tag
New Enterprise Features
With this architecture shift and alignment, we’ve also made it much easier to upgrade from the Community engine to the Enterprise engine with a simple license activation. For current Community engine users, that means unlocking many enterprise security features and getting access to Docker’s enterprise-class support and extended maintenance policies. Some of the Enterprise specific features include:
- FIPS 140-2 validation: Enable FIPS mode to leverage cryptographic modules that have been validated by the National Institute of Standards and Technology (NIST). This is important to the public sector and many regulated industries as it is referenced in FISMA, PCI, and HIPAA/HITECH among others. This is supported for both Linux and Windows Server 2016+.
- Enforcement of signed images: By enabling engine signature verification in the Docker daemon configuration file, you can verify that the integrity of the container is not compromised from development to execution.
Docker Engine 18.09 is now available for both Community and Enterprise users. Next week, we’ll highlight more of the differences in the Enterprise engine and why some of our existing Community users may want to upgrade to Enterprise.
To learn more about Docker Engine 18.09:
- Visit the Docker Engine website or check out the release notes
- Download Docker Engine – Community for your preferred operating system and read more about some of the new features.
- Register for the upcoming webinar: Building a Secure Foundation for Your Containers with Docker Engine – Enterprise