x-posted from: blog.yld.io/2015/11/11/docker-1-9/

With the advent of Docker 1.9 comes a number of ecosystem milestones. The team has now released production-ready Swarm (to orchestrate container deployment) and multi-host networking (to facilitate communication between containers, even as they move between hosts).

Dockerfile

Perhaps the most interesting update for Node users is the addition of an ARG Dockerfile instruction. This allows passing custom variables at build time - something Docker previously eschewed in favour of repeatable builds, but grudgingly added after a flood of community requests.

As with other methods of adding keys to images: this shouldn't be used for secrets unless the image is squashed afterwards, as the secrets are left in the intermediate images - instead it provides an alternative to adding .npmrc files to build servers, or running a pre-build step to interpolate Dockerfile placeholders.

FROM mhart/alpine-node:4

WORKDIR /code  
ARG NPM_TOKEN

ADD package.json /code/package.json  
RUN printf "%s\n%s\n" "@NPM_PRIVATE_USER:registry=https://registry.npmjs.org/" \  
      "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc && \
    npm install; \
    NPM_EXIT_CODE=$?; \
    rm -f .npmrc; \
    exit ${NPM_EXIT_CODE};

ADD . /code  
CMD node /code

Then to build the Dockerfile with the secret passed:

docker build --build-arg NPM_TOKEN=${NPM_TOKEN} \  
  --pull=true \
  --tag ${DOCKER_HUB_ACCOUNT}/${SERVICE_NAME}:${TAG}

(don't forget to squash this image before pushing, otherwise you'll potentially be exposing secrets to end-users)

Networking

This feature has been promoted to a "top-level concept", with support for multiple isolated/micro-segmented networks. On the heels of Docker's acquisition of SocketPlane comes a VXLAN-based overlay driver that allows networks to span datacenters with little configuration. Docker has a walkthrough here.

The networking improvements also includes the ability to dynamically connect containers to multiple networks, and third-party networking plugins (such as Weave).

Two new flags support storage configurations for multi-host networking:

  • --cluster-store to designate a distributed storage backend for the cluster
  • --cluster-advertise to advertise the machine on the network

Official docs are here and there's a useful walkthrough here

Engine 1.9

The Docker engine has some additional features:

  • Concurrent image pull: If you pull an image that is already in the process of being pulled, its progress will be displayed and the command will exit correctly. (No more getting stuck on “Layer already being pulled by another client”!)
  • A STOPSIGNAL Dockerfile instruction has been added allowing the signal sent during docker stop to be changed
  • Container logs can be shipped directly to CloudWatch via a new logging driver
  • Disk I/O metrics are available via docker stats

Compose 1.5

Compose has various usability updates, including a Windows release, variable substitution (a breaking change - more here), better inheritance and experimental support for the new Docker networking system with the --x-networking flag

Registry 2.2

Now supports Google Cloud Storage, read-only mode and configurable hostname supprt, amongst other features.