Andrew Weiss

Docker Achieves FIPS 140-2 Validation

  We are excited to share that we have achieved formal FIPS 140-2 validation (Certificate #3304) from the National Institute of Standards and Technology (NIST) for our Docker Enterprise Edition Crypto Library. With this validation and industry-recognized seal of approval for cryptographic modules, we are able to further deliver on the fundamental confidentiality, integrity and availability objectives of information security and provide our commercial customers with a validated and secure platform for their applications. As required by the Federal Information Security Management Act (FISMA) and other regulatory technology frameworks like HIPAA and PCI, FIPS 140-2 is an important validation mechanism for protecting the sensitivity and privacy of information in mission-critical systems. As we highlighted in a previous blog post, Docker Engine – Enterprise version 18.03 and above includes this now-validated crypto module. This module has been validated at FIPS 140-2 Level 1. The formal Docker Enterprise Edition Crypto Library’s Security Continue reading…

Michael Crosby

A tour of containerd 1.0

  We have done a few talks in the past on different features of containerd, how it was designed, and some of the problems that we have fixed along the way. Containerd is used by Docker, Kubernetes CRI, and a few other projects but this is a post for people who may not know what containerd actually does within these platforms.  I would like to do more posts on the feature set and design of containerd in the future but for now, we will start with the basics. I think the container ecosystem can be confusing at times. Especially with the terminology that we use. Whats this? A runtime. And this? A runtime…  containerd (pronounced “container-dee”) as the name implies, not contain nerd as some would like to troll me with, is a container daemon.  It was originally built as an integration Continue reading…

Patrick Chanezon

Announcing the General Availability of containerd 1.0, the industry-standard runtime used by millions of users

Today, we’re pleased to announce that containerd (pronounced Con-Tay-Ner-D), an industry-standard runtime for building container solutions, has reached its 1.0 milestone. containerd has already been deployed in millions of systems in production today, making it the most widely adopted runtime and an essential upstream component of the Docker platform. Built to address the needs of modern container platforms like Docker and orchestration systems like Kubernetes, containerd ensures users have a consistent dev to ops experience. From Docker’s initial announcement last year that it was spinning out its core runtime to its donation to the CNCF in March 2017, the containerd project has experienced significant growth and progress over the past 12 months. . Within both the Docker and Kubernetes communities, there has been a significant uptick in contributions from independents and CNCF member companies alike including Docker, Google, NTT, IBM, Microsoft, AWS, Continue reading…

Patrick Chanezon

containerd joins the Cloud Native Computing Foundation

Today, we’re excited to announce that containerd – Docker’s core container runtime – has been accepted by the Technical Oversight Committee (TOC) as an incubating project in the Cloud Native Computing Foundation (CNCF). containerd’s acceptance into the CNCF alongside projects such as Kubernetes, gRPC and Prometheus comes three months after Docker, with support from the five largest cloud providers, announced its intent to contribute the project to a neutral foundation in the first quarter of this year. In the process of spinning containerd out of Docker and contributing it to CNCF there are a few changes that come along with it.  For starters, containerd now has a logo; see below. In addition, we have a new @containerd twitter handle. In the next few days, we’ll be moving the containerd GitHub repository to a separate GitHub organization. Similarly, the containerd slack channel will be moved to separate slack team which will soon available at containerd.slack.com containerd has Continue reading…

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.

Michael Crosby

containerd summit recap: slides, videos and meeting notes

Last week, we hosted a containerd summit for contributors and maintainers. Containerd is a core container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, snapshot storage for container filesystems and a few other things to make the management of containers robust. We started off by getting everyone up to speed on the project, roadmap and goals before diving down into specific issues and design of containerd.  We had a couple breakout sessions where we discussed blocking issues and feature requests by various members of the community. You can see a summary of the breakout sessions in last week’s development report in the containerd repository and the various presentations below: Deep Dive into Continue reading…

Patrick Chanezon

More details about containerd, Docker’s core container runtime component

Today we announced that Docker is extracting a key component of its container platform, a part of the engine plumbing–containerd a core container runtime–and commits to donating it to an open foundation. containerd is designed to be less coupled, and easier to integrate with other tools sets. And it is being written and designed to address the requirements of the major cloud providers and container orchestration systems. Because we know a lot of Docker fans want to know how the internals work, we thought we would share the current state of containerd and what we plan for version 1.0. Before that, it’s a good idea to look at what Docker has become over the last three and a half years. The Docker platform isn’t a container runtime. It is in fact a set of integrated tools that allow you to build Continue reading…

Solomon Hykes

containerd – a core container runtime project for the industry

Today Docker is spinning out its core container runtime functionality into a standalone component, incorporating it into a separate project called containerd, and will be donating it to a neutral foundation early next year. This is the latest chapter in a multi-year effort to break up the Docker platform into a more modular architecture of loosely coupled components. Over the past 3 years, as Docker adoption skyrocketed, it grew into a complete platform to build, ship and run distributed applications, covering many functional areas from infrastructure to orchestration, the core container runtime being just a piece of it. For millions of developers and IT pros, a complete platform is exactly what they need. But many platform builders and operators are looking for “boring infrastructure”: a basic component that provides the robust primitives for running containers on their system, bundled in Continue reading…