book

Docker in Action, Second Edition

by Stephen Kuenzli, Jeffrey Nickoloff

November 2019

Intermediate to advanced

336 pages

11h 25m

English

Manning Publications

Read now

Unlock full access

2.1. Controlling containers: Building a website monitor2.2. Solved problems and the PID namespace2.3. Eliminating metaconflicts: Building a website farm2.4. Building environment-agnostic systems2.5. Building durable containers2.6. Cleaning upSummary
3.1. Identifying software3.2. Finding and installing software3.3. Installation files and isolationSummary
4.1. File trees and mount points4.2. Bind mounts4.3. In-memory storage4.4. Docker volumes4.5. Shared mount points and sharing files4.6. Cleaning up volumes4.7. Advanced storage with volume pluginsSummary
5.1. Networking background (for beginners)5.2. Docker container networking5.3. Special container networks: host and none5.4. Handling inbound traffic with NodePort publishing5.5. Container networking caveats and customizationsSummary
6.1. Setting resource allowances6.2. Sharing memory6.3. Understanding users6.4. Adjusting OS feature access with capabilities6.5. Running a container with full privileges6.6. Strengthening containers with enhanced tools6.7. Building use-case-appropriate containersSummary
7.1. Building Docker images from a container7.2. Going deep on Docker images and layers7.3. Exporting and importing flat filesystems7.4. Versioning best practicesSummary
8.1. Packaging Git with a Dockerfile8.2. A Dockerfile primer8.3. Injecting downstream build-time behavior8.4. Creating maintainable Dockerfiles8.5. Using startup scripts and multiprocess containers8.6. Building hardened application imagesSummary
9.1. Choosing a distribution method9.2. Publishing with hosted registries9.3. Introducing private registries9.4. Manual image publishing and distribution9.5. Image source-distribution workflowsSummary
10.1. Goals of an image build pipeline10.2. Patterns for building images10.3. Record metadata at image build time10.4. Testing images in a build pipeline10.5. Patterns for tagging imagesSummary
11.1. A service “Hello World!”11.2. Declarative service environments with Compose V311.3. Stateful services and preserving data11.4. Load balancing, service discovery, and networks with ComposeSummary
12.1. Configuration distribution and management12.2. Separating application and configuration12.3. Secrets—A special kind of configurationSummary
13.1. Clustering with Docker Swarm13.2. Deploying an application to a Swarm cluster13.3. Communicating with services running on a Swarm cluster13.4. Placing service tasks on the clusterSummary

Content preview from Docker in Action, Second Edition

Chapter 6. Limiting risk with resource controls

This chapter covers

Setting resource limits
Sharing container memory
Setting users, permissions, and administrative privileges
Granting access to specific Linux features
Working with SELinux and AppArmor

Containers provide isolated process contexts, not whole system virtualization. The semantic difference may seem subtle, but the impact is drastic. Chapter 1 touched on the differences a bit. Chapters 2 through 5 each covered a different isolation feature set of Docker containers. This chapter covers the remaining four and includes information about enhancing security on your system.

The features covered in this chapter focus on managing or limiting the risks of running software. These features ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781617294761Supplemental Content Publisher Support Other Publisher Website Supplemental Content Purchase Link

Docker in Action, Second Edition

by Stephen Kuenzli, Jeffrey Nickoloff

Chapter 6. Limiting risk with resource controls

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Docker: Up & Running, 2nd Edition

Docker in Practice, Second Edition

Learn Docker - Fundamentals of Docker 19.x - Second Edition

Docker Deep Dive

Publisher Resources

Chapter 6. Limiting risk with resource controls

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Docker: Up & Running, 2nd Edition

Docker in Practice, Second Edition

Learn Docker - Fundamentals of Docker 19.x - Second Edition

Docker Deep Dive

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.