O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Learning Docker Networking

Book Description

Become a proficient Linux administrator by learning the art of container networking with elevated efficiency using Docker

About This Book

  • Set up, configure, and monitor a virtual network of containers using a bridge network and virtual switches
  • Master the skill of networking Docker Containers using frameworks such as Kubernetes, Docker Swarm, and Mesosphere
  • Acquire hands-on experience through practical examples of Docker networking spanning multiple containers, over multiple hosts, clubbed with various frameworks

Who This Book Is For

If you are a Linux administrator who wants to learn networking using Docker to ensure the efficient administration of core elements and applications, then this book is for you. Basic knowledge of LXC/Docker is assumed.

What You Will Learn

  • Get to know the basics of networking and see how Docker networking works
  • Expose the strengths and weaknesses of the current Docker network implementation and third party landscape
  • Understand Docker networking spanning multiple containers over multiple hosts through practical examples
  • Observe the pitfalls of Docker networking and how to overcome them
  • Learn how Docker networking works for Docker Swarm and Kubernetes
  • Configure Networking using Docker's container network model (CNM)
  • Explore OpenvSwitch to connect contain

In Detail

Docker is a Linux container implementation that enables the creation of light weight portable development and production environments. These environments can be updated incrementally. Docker achieves this by leveraging containment principles like cgroups and Linux namespaces along with Overlay filesystem based portable images. Docker provides the networking primitives that allow administrators to specify how different containers network with each application and connect each of its components, then distribute them across a large number of servers and ensure coordination between them irrespective of the host or VM they are running in.

This book will show you how to create, deploy, and manage a virtual network for connecting containers spanning single or multiple hosts.

Style and approach

This step-by-step guide covers the fundamentals relating to typical applications with a practical approach. There is a focus on providing the practical skills required to develop applications, with a summary of the key concepts where necessary.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Learning Docker Networking
    1. Table of Contents
    2. Learning Docker Networking
    3. Credits
    4. About the Authors
    5. About the Reviewer
    6. www.PacktPub.com
      1. eBooks, discount offers, and more
        1. Why subscribe?
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Downloading the color images of this book
        3. Errata
        4. Piracy
        5. Questions
    8. 1. Docker Networking Primer
      1. Networking and Docker
        1. Linux bridges
        2. Open vSwitch
        3. NAT
        4. IPtables
        5. AppArmor/SELinux
      2. The docker0 bridge
        1. The --net default mode
        2. The --net=none mode
        3. The --net=container:$container2 mode
        4. The --net=host mode
          1. Port mapping in Docker container
      3. Docker OVS
      4. Unix domain socket
      5. Linking Docker containers
        1. Links
      6. What's new in Docker networking?
        1. Sandbox
        2. Endpoint
        3. Network
      7. The Docker CNM model
      8. Summary
    9. 2. Docker Networking Internals
      1. Configuring the IP stack for Docker
        1. IPv4 support
        2. IPv6 support
      2. Configuring a DNS server
        1. Communication between containers and external networks
          1. Restricting SSH access from one container to another
      3. Configuring the Docker bridge
      4. Overlay networks and underlay networks
      5. Summary
    10. 3. Building Your First Docker Network
      1. Introduction to Pipework
      2. Multiple containers over a single host
        1. Weave your containers
      3. Open vSwitch
        1. Single host OVS
          1. Creating an OVS bridge
        2. Multiple host OVS
      4. Networking with overlay networks – Flannel
      5. Summary
    11. 4. Networking in a Docker Cluster
      1. Docker Swarm
        1. Docker Swarm setup
        2. Docker Swarm networking
      2. Kubernetes
        1. Deploying Kubernetes on AWS
        2. Kubernetes networking and its differences to Docker networking
        3. Deploying the Kubernetes pod
      3. Mesosphere
        1. Docker containers
        2. Deploying a web app using Docker
        3. Deploying Mesos on AWS using DCOS
      4. Summary
    12. 5. Security and QoS for Docker Containers
      1. Filesystem restrictions
        1. Read-only mount points
          1. sysfs
          2. procfs
          3. /dev/pts
          4. /sys/fs/cgroup
        2. Copy-on-write
      2. Linux capabilities
      3. Securing containers in AWS ECS
      4. Understanding Docker security I – kernel namespaces
        1. pid namespace
        2. net namespace
          1. Basic network namespace management
          2. Network namespace configuration
        3. User namespace
          1. Creating a new user namespace
      5. Understanding Docker security II – cgroups
        1. Defining cgroups
        2. Why are cgroups required?
        3. Creating a cgroup manually
        4. Attaching processes to cgroups
        5. Docker and cgroups
      6. Using AppArmor to secure Docker containers
        1. AppArmor and Docker
        2. Docker security benchmark
          1. Audit Docker daemon regularly
          2. Create a user for the container
          3. Do not mount sensitive host system directories on containers
          4. Do not use privileged containers
      7. Summary
    13. 6. Next Generation Networking Stack for Docker: libnetwork
      1. Goal
      2. Design
      3. CNM objects
        1. Sandbox
        2. Endpoint
        3. Network
        4. Network controller
        5. CNM attributes
        6. CNM lifecycle
      4. Driver
        1. Bridge driver
        2. Overlay network driver
      5. Using overlay network with Vagrant
        1. Overlay network deployment Vagrant setup
      6. Overlay network with Docker Machine and Docker Swarm
        1. Prerequisites
        2. Key-value store installation
        3. Create a Swarm cluster with two nodes
        4. Creating an overlay network
      7. Creating containers using an overlay network
        1. Container network interface
      8. CNI plugin
        1. Network configuration
        2. IP allocation
        3. IP address management interface
      9. Project Calico's libnetwork driver
      10. Summary
    14. Index