The success of a software project is often measured by the ecosystem it spawns. Projects built around, next to, and on top of the core technology lend power and usability, and they often move the needle forward. Case in point: Docker, the software containerization system that’s allowed IT to focus on applications, not virtual machines, as a standard unit of production.
Docker has been the center of a lot of first- and third-party developer attention, but a wealth of projects extends, augments, or enhances Docker without being part of Docker. Here are 10 of the most notable under development today, some of which stand a chance of becoming part of Docker in the long run.
No discussion of third-party Docker projects would be complete without mention of Kubernetes, an open source Docker management tool developed by Google for deploying containers across clusters of computers. Aside from helping to manage workloads for Docker nodes by keeping container deployments balanced across a cluster, Kubernetes also provides ways for containers to communicate with each other, minus the need to open network ports or perform other hacks. These features and the fact that Kubernetes is written in Go – the same language as Docker – strongly suggest it will be rolled into Docker at some point in the future.
If you want to give users shell access but are leery of the security complications, Dockersh offers a Docker-ized way to provide shell sessions with above-average security.
Dockersh lets multiple users connect to a given box, with each user running a shell spawned from a separate Docker container of your choosing. Users can see their home directory and make persistent changes to it, but they can view only their own processes and can use only their private networking stack. The creators are wary of potential security holes in Dockersh and don’t recommend it for unrestricted public access, at least not until Docker adds improvements in this vein. But the concept alone makes this one to watch.
While most devs and admins create and run Docker containers via the command line, Docker’s Remote API enables them to run the same commands through a RESTful API. Enter DockerUI. This Web front end allows you to handle many tasks normally managed from the command line of a Web browser. All of the containers on a given host can be manipulated via a single connection, and the project has almost no dependencies. It is, however, under heavy development, but it’s MIT-licensed, so it can be reused quite freely. In addition, it contains no built-in authentication or security, so be sure to put any publicly exposed DockerUI connections behind something with a password on it.
Shipyard uses the Citadel cluster management toolkit to facilitate management of Docker container clusters that span multiple hosts. Through a Web UI, you can get at-a-glance information about how much CPU or memory your containers are using and which containers are running, plus examine a log of events across all clusters. A full API and CLI are included, and specially constructed Docker images (aka extension images) can be used to expand on Shipyard’s functionality. That last conceit is still a work in progress, but a load-balancing/routing image is available by way of theInterlock project.
Kitematic is one of a number of projects that aims to make Docker useful as a desktop-environment developer’s tool for OS X-based programmers. It makes the process of downloading Docker images, spinning them up, and managing them into a task no more difficult than, say, using VMs in an application like VMware Workstation. Other projects in the same vein include DVM, Docker OS X, and OS X Installer, although Kitematic is easily the most polished of the bunch. The only major downside is that the uninstallation process is somewhat convoluted.
Docker does not yet provide a way to manage logs generated by programs running inside Docker containers. Logspout, a Docker container that weighs in at 14MB and uses BusyBox as its core, can route container-app logs to a single central location, such as a single JSON object or a streamed endpoint available through an HTTP API. Logspout is currently limited in terms of what it can scoop up, as it can only
stderr output from a container, but plans are in place to allow more comprehensive logging as soon as Docker provides hooks for it. Keep an eye on this one for the future.
Docker automation tools are something of a commodity. After all, isn’t easier automation the whole point of Docker? But Autodock stands out with a few differences. It’s designed to work in environments that use Salt and SaltStack as the main automation technology, and it’s specifically designed to make spinning up new containers as fast as possible by determining which servers in a given Docker cluster have the least load. One possible gripe is the number of ingredients needed to make it work (SaltStack, Golang, Etcd, Python).
DIND – Docker-in-Docker
Docker-in-Docker is exactly what it sounds like: A way for you to run Docker within Docker containers, made possible in Docker 0.6 by the addition of the privileged mode for containers. “Inception,” anyone?
Gimmicks and jokes aside, this is useful if you want to provide Docker itself as a service to Docker containers – for instance, if you want to experiment with an automation tool or methodology. Note that the “inner” instance of Docker is the most recent Docker binary, which is retrieved from docker.io when it’s built. Also bear in mind that instances that run in this manner do so in privileged mode; as such, you need to take more precautions when exposing them to the non-Dockerized outside world.
Heroku was (and to a degree still is) a standout PaaS with broad language support, but Docker makes it possible to do PaaS-like work almost anywhere. To that end, those looking for ways to migrate existing Heroku projects to Docker without rebuilding them from scratch need look no further. This simple little project takes an existing Heroku app and converts it into a Docker image from the command line, with no more than a few commands needed to perform the whole operation.
Docker Node Tester
What do you get when you use one of the hottest new IT technologies as a testing mechanism for another hot, new IT technology? Docker Node Tester, apparently. DNT provides a test bed in which a Node.js project runs against multiple versions of Node.js in Docker containers, then tabulates the output. You can also automatically test against the most bleeding-edge version of Node, whatever it is. Note that the various versions of Node are all built from source, which means you’ll end up with a local copy of the entire source tree for Node; make sure you have space enough for it.
Project: Docker Node Tester