Have you thought about the potential risks to your Kubernetes cluster in this era of sophisticated ransomware? Veritas offers unparalleled resilience for stateful Kubernetes applications, providing high availability and robust data protection.
Learn how to fortify your business-critical applications with Veritas at vrt.as/kubernetes
π³+π΄ DockerCon Announcements Video
Nirmal and I were live with friends from the floor of DockerCon to talk about all the announcements and goings-on from the conference.
π³+π DockerCon Announcement Summary
Wow, it was great to be back for my 7th IRL DockerCon. It was a reunion of sorts, with so many people I consider colleagues and friends that I havenβt seen since the last IRL DockerCon in 2019. As usual, I went hardcore at DockerCon and had one talk, one live stream, and hosted three hallway tracks at the 3-day event in Los Angeles, California.
Hereβs the gist of what was announced without all the marketing PR speak. Many of these topics will get their own newsletter as they are released. Note that Docker Scout and Next-Gen Docker Build are the only tools that are publicly available today:
- Docker Scout went to GA (General Availability). Iβve been using this more and more lately, and I like it. It will likely be my new go-to CVE scanner for images, with many benefits beyond vulnerability count, including image update recommendations, a GitHub Action that compares CVE count to the merging branch, and more. Stay tuned for my complete breakdown. (Docker's Announcement with details and screenshots. Docker Scout homepage.)
- Docker Build is getting cloud builders that will transparently build your images remotely for potentially huge speed improvements in long build times. Codenamed Hydrobuild, this "Next-Gen Docker Build" is in early-access preview and will provide bigger machines than you may have locally, native amd64+arm64 multi-arch builds, and a shared build cache between team members. You can request early access with this form. Stay tuned for my complete breakdown.
- A new Debug CLI that drops you in your container with side-loaded shell tools from Nix, so you can install tools, troubleshoot, and exit the debug session without any permanent changes to your container. It more or less replaces
docker exec
with more features and fewer side effects. You can try it today as a Docker Desktop Extension. Kubernetes debug will come later, they said. (Docker's press release on new build and debug CLIs) - WebGPU for universal GPU access from inside Docker containers. It will first show up on macOS, which doesn't yet support GPU access from inside Linux containers as Windows does on WSL2. In the long term, this could be a game changer for Docker if they are able to bundle WebGPU and necessary host drivers to make GPU access "as easy as installing Docker."
- Docker AI and the "GenAI Stack" in Docker Desktop is a series of bundled tools, including Docker's Assist (below), and 3rd party AI/ML and LLM tools like LangChain, Neo4j and Ollama, along with a set of docs and automation to make it easier to set up a AI/ML container solution locally. Request early access to Docker AI with this form. (Docker's press release, Ajeet's walk through)
- Docker Assist is a chat AI inside VS Code that helps you with your Dockerfiles, Compose YAML, and Docker commands. It could definitely be helpful when learning Docker, and once it's GA, I'll likely want people to install it during my Docker Mastery course to smooth out the rough parts of learning containers and ease troubleshooting.
- In partnership with BastionZero and the Linux Foundation, Docker announced a new signing standard, OpenPubkey. It augments OpenID connect with user-held signing keys and removes the requirement for a 3rd party certificate authority. It also adds some other requirements over previous artifact-signing tools like cosign, as wonderfully detailed by Dan Lorenc of the sigstore project. OpenPubkey is in the concept/RFC stage, so we have nothing to evaluate yet and no ETA on a usable implementation.
- Other little things like Docker + Udemy (Docker's gonna make a better learning path with the help Udemy Docker instructors like myself. Stay tuned.) Docker Compose Watch GA, Docker Compose Publish alpha, and more.
π In case you missed last week's newsletter
Did you miss last week's newsletter? Read it here.