book

Docker: Up & Running, 2nd Edition

by Sean P. Kane, Karl Matthias

September 2018

Intermediate to advanced

352 pages

9h 18m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Who Should Read This BookWhy Read This Book?Navigating This BookConventions Used in This BookUsing Code ExamplesO’Reilly SafariHow to Contact UsAcknowledgments
The Promise of DockerBenefits of the Docker WorkflowWhat Docker Isn’tImportant TerminologyWrap-Up
Process SimplificationBroad Support and AdoptionArchitectureClient/Server ModelNetwork Ports and Unix SocketsRobust ToolingDocker Command-Line ToolDocker Engine APIContainer NetworkingGetting the Most from DockerContainers Are Not Virtual MachinesLimited IsolationContainers Are LightweightToward an Immutable InfrastructureStateless ApplicationsExternalizing StateThe Docker WorkflowRevision ControlBuildingTestingPackagingDeployingThe Docker EcosystemWrap-Up
Docker ClientLinuxmacOS, Mac OS XMicrosoft Windows 10 ProfessionalDocker Serversystemd-Based LinuxNon-Linux VM-Based ServerTesting the SetupUbuntuFedoraAlpine LinuxExploring the Docker ServerWrap-Up
Anatomy of a DockerfileBuilding an ImageTroubleshooting Broken BuildsRunning Your ImageEnvironment VariablesCustom Base ImagesStoring ImagesPublic RegistriesPrivate RegistriesAuthenticating to a RegistryRunning a Private RegistryAdvanced Building TechniquesKeeping Images SmallLayers Are AdditiveOptimizing for the CacheWrap-Up
What Are Containers?History of ContainersCreating a ContainerBasic ConfigurationStorage VolumesResource QuotasStarting a ContainerAuto-Restarting a ContainerStopping a ContainerKilling a ContainerPausing and Unpausing a ContainerCleaning Up Containers and ImagesWindows ContainersWrap-Up
Printing the Docker VersionServer InformationDownloading Image UpdatesInspecting a ContainerExploring the ShellReturning a ResultGetting Inside a Running Containerdocker execnsenterdocker volumeLoggingdocker logsMore Advanced LoggingNon-Plug-In Community OptionsMonitoring DockerContainer StatsContainer Health ChecksDocker EventscAdvisorPrometheus MonitoringExplorationWrap-Up
Process OutputProcess InspectionControlling ProcessesNetwork InspectionImage HistoryInspecting a ContainerFilesystem InspectionWrap-Up
Configuring Docker ComposeLaunching ServicesExploring RocketChatExercising Docker ComposeWrap-Up

Getting to ProductionDocker’s Role in Production EnvironmentsJob ControlResource LimitsNetworkingConfigurationPackaging and DeliveryLoggingMonitoringSchedulingService DiscoveryProduction Wrap-UpDocker and the DevOps PipelineQuick OverviewOutside DependenciesWrap-Up
CenturionDocker Swarm ModeAmazon ECS and FargateCore AWS SetupIAM Role SetupAWS CLI SetupContainer InstancesTasksTesting the TaskStopping the TaskKubernetesWhat Is Minikube?Installing MinikubeRunning KubernetesKubernetes DashboardKubernetes Containers and PodsLet’s Deploy SomethingDeploying a Realistic StackService DefinitionPersistentVolumeClaim DefinitionDeployment DefinitionDeploying the ApplicationScaling Upkubectl APIWrap-Up
Containers in DetailcgroupsNamespacesSecurityUID 0Privileged ContainersSecure Computing ModeSElinux and AppArmorThe Docker DaemonAdvanced ConfigurationNetworkingStorageThe Structure of DockerSwapping RuntimesgVisorWrap-Up
The Twelve-Factor AppCodebaseDependenciesConfigBacking ServicesBuild, Release, RunProcessesPort BindingConcurrencyDisposabilityDevelopment/Production ParityLogsAdmin ProcessesTwelve-Factor Wrap-UpThe Reactive ManifestoResponsiveResilientElasticMessage-DrivenWrap-Up
The Challenges Docker AddressesThe Docker WorkflowMinimizing Deployment ArtifactsOptimizing Storage and RetrievalThe PayoffThe Final Word

Content preview from Docker: Up & Running, 2nd Edition

Chapter 11. Advanced Topics

In this chapter, we’ll do a quick pass through some of the more advanced topics. We’re going to assume that you have a pretty good hold on Docker by now and that you’ve already got it in production or you’re at least a regular user. We’ll talk about how containers work in detail, and about some aspects of Docker security, Docker networking, Docker plug-ins, swappable runtimes, and other advanced configuration.

Some of this chapter covers configurable changes you can make to your Docker installation. These can be useful, but Docker has good defaults, so as with most software, you should stick to the defaults on your operating system unless you have a good reason to change them and have educated yourself on what those changes mean to you. Getting your installation right for your environment will likely involve some trial and error, tuning, and adjustment over time. However, changing settings from their default before understanding them well is not what we recommend.

Containers in Detail

Though we usually talk about Linux containers as a single entity, they are, in fact, implemented through several separate mechanisms built into the Linux kernel that all work together: control groups (cgroups), namespaces, and SELinux or AppArmor, all of which serve to contain the process. cgroups provide for resource limits, namespaces allow for processes to use identically named resources and isolate them from each other’s view of the system, and SELinux or AppArmor ...