You are previewing Docker: Creating Structured Containers.
O'Reilly logo
Docker: Creating Structured Containers

Book Description

Become an expert in the innovative containerization tool to unlock new opportunities in the way you use and deploy software

About This Book

  • Harness the power of Docker to create a robust and resilient environment in which you can generate portable, composable, scalable, and stable application containers

  • Learn the art of container networking with elevated efficiency using Docker

  • Better manage Docker containers using expert techniques and methods

  • Explore the ways to keep your Docker environment secure

  • Deploy your applications easily

  • Who This Book Is For

    Whether you are a developer or a sysadmin, or anything in between, this course will give you the guidance you need to use Docker to build, test, and deploy your applications and make them easier, even enjoyable.

    What You Will Learn

  • Learn how to install Docker across all the platforms along with a few troubleshooting techniques

  • Build, push, and publish images on Docker Hub

  • Orchestrate multiple containers with Docker Compose

  • Test and debug applications inside a Docker container

  • Get to know the basics of networking and see how Docker networking works

  • Discover the tools built into Docker to gain an insight into your container's performance

  • Take advantage of the various SaaS offerings from third parties to move monitoring away from your local infrastructure and into the cloud

  • Familiarize yourself with third-party tools such as Traffic Authorization, Summon, sVirt, and SELinux to secure your Docker environment

  • Integrate Docker with a wide range of cloud and configuration tools to fully realize its potential

  • In Detail

    So hot off the presses, the latest buzz that has been on the tip of everyone's tongues and the topic of almost any conversation that includes containers these days is Docker! Docker has been a game-changer when it comes to virtualization. With this course, you will go from just being the person in the office who hears that buzz to the one who is tooting it around every day. This course will be a smooth journey covering Docker from scratch to finish!

    The first module will help you get familiarized with the fundamentals of Docker. The second module will show you how to create, deploy, and manage a virtual network for connecting containers spanning single or multiple hosts.

    In the third module, you'll get to grips with monitoring your Docker apps and containers - this will show you how monitoring containers and keeping a keen eye on the working of applications helps improve the overall performance of the applications that run on Docker. The purpose of our fourth module, Securing Docker, is to provide techniques and enhance your skills to secure Docker containers easily and efficiently. Finally, you'll see how to deploy Docker in production and three interesting GUI applications: Shipyard, Panamax, and Tutum.

    Style and approach

    Covering best practices to make sure you're confident with the basics, such as building, managing, and storing containers, before diving deeper into Docker security, you'll find everything you need to help you extend and integrate Docker in new and innovative ways.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

    Table of Contents

    1. Docker
      1. Table of Contents
      2. Docker
      3. Meet Your Course Guide
        1. What's so cool about Docker?
        2. What's in it for me – Course Structure
        3. Course Journey
        4. The Course Roadmap and Timeline
      4. 1. Course Module 1: Learning Docker
        1. 1. Getting Started with Docker
          1. An introduction to Docker
          2. Docker on Linux
          3. Differentiating between containerization and virtualization
            1. The convergence of containerization and virtualization
            2. Containerization technologies
          4. Docker networking/linking
          5. Installing Docker
            1. Installing Docker from the Ubuntu package repository
            2. Installing the latest Docker using docker.io script
            3. Upgrading Docker
              1. Building Docker from source
            4. User permissions
            5. UFW settings
            6. Installing Docker on Mac OS X
              1. Installation
            7. Installing Docker on Windows
              1. Installation
            8. Upgrading Docker on Mac OS X and Windows
          6. Downloading the first Docker image
          7. Running the first Docker container
          8. Running a Docker container on Amazon Web Services
          9. Troubleshooting
        2. 2. Up and Running
          1. Docker terminologies
            1. Docker images and containers
            2. A Docker layer
            3. A Docker container
            4. The docker daemon
            5. Docker client
            6. Dockerfile
            7. Docker repository
          2. Docker commands
            1. The daemon command
            2. The version command
            3. The info command
            4. The run command
              1. Running a server
            5. The search command
            6. The pull command
            7. The start command
            8. The stop command
            9. The restart command
            10. The rm command
            11. The ps command
            12. The logs command
            13. The inspect command
            14. The top command
            15. The attach command
            16. The kill command
            17. The cp command
            18. The port command
          3. Running your own project
            1. The diff command
            2. The commit command
            3. The images command
            4. The rmi command
            5. The save command
            6. The load command
            7. The export command
            8. The import command
            9. The tag command
            10. The login command
            11. The push command
            12. The history command
            13. The events command
            14. The wait command
            15. The build command
            16. Uploading to Docker daemon
          4. Dockerfile
            1. The FROM instruction
            2. The MAINTAINER instruction
            3. The RUN instruction
            4. The CMD instruction
            5. The ENTRYPOINT instruction
            6. The WORKDIR instruction
            7. The EXPOSE instruction
            8. The ENV instruction
            9. The USER instruction
            10. The VOLUME instruction
            11. The ADD instruction
            12. The COPY instruction
            13. The ONBUILD instruction
        3. 3. Container Image Storage
          1. Docker Hub
            1. The Docker Hub location
            2. Dashboard
            3. Explore the repositories page
            4. Organizations
            5. The Create menu
            6. Settings
            7. The Stars page
          2. Docker Hub Enterprise
            1. Comparing Docker Hub to Docker Subscription
            2. Docker Subscription for server
            3. Docker Subscription for cloud
        4. 4. Working with Docker containers and images
          1. Docker Hub Registry
            1. Docker Registry versus Docker Hub
            2. Searching Docker images
          2. Working with an interactive container
            1. Tracking changes inside containers
            2. Controlling Docker containers
            3. Housekeeping containers
            4. Building images from containers
            5. Launching a container as a daemon
        5. 5. Publishing Images
          1. Pushing images to the Docker Hub
          2. Automating the building process for images
          3. Private repositories on the Docker Hub
          4. Organizations and teams on the Docker Hub
          5. The REST APIs for the Docker Hub
        6. 6. Running Your Private Docker Infrastructure
          1. The Docker registry and index
          2. Docker registry use cases
          3. Run your own index and registry
            1. Step 1 – Deployment of the index components and the registry from GitHub
            2. Step 2 – Configuration of nginx with the Docker registry
            3. Step 3 – Set up SSL on the web server for secure communication
          4. Push the image to the newly created Docker registry
        7. 7. Running Services in a Container
          1. A brief overview of container networking
          2. Envisaging the Container as a Service
            1. Building an HTTP server image
            2. Running the HTTP server Image as a Service
            3. Connecting to the HTTP service
          3. Exposing container services
            1. Publishing container ports – the -p option
            2. Network Address Translation for containers
            3. Retrieving the container port
            4. Binding a container to a specific IP address
            5. Auto-generating the Docker host port
            6. Port binding using EXPOSE and the -P option
        8. 8. Sharing Data with Containers
          1. The data volume
          2. Sharing host data
            1. The practicality of host data sharing
          3. Sharing data between containers
            1. Data-only containers
            2. Mounting data volume from other containers
            3. The practicality of data sharing between containers
          4. Avoiding common pitfalls
            1. Directory leaks
            2. The undesirable effect of data volume
          5. Data volume containers
          6. Docker volume backups
        9. 9. Docker Machine
          1. Installation
          2. Using Docker Machine
            1. Local VM
            2. Cloud environment
          3. Docker Machine commands
            1. active
            2. ip
            3. ls
            4. scp
            5. ssh
            6. upgrade
            7. url
            8. TLS
        10. 10. Docker Compose
          1. Linking containers
          2. Orchestration of containers
            1. Orchestrate containers using docker-compose
          3. Installing Docker Compose
            1. Installing on Linux
            2. Installing on OS X and Windows
          4. Docker Compose YAML file
          5. The Docker Compose usage
            1. The Docker Compose options
          6. The Docker Compose commands
            1. build
            2. kill
            3. logs
            4. port
            5. ps
            6. pull
            7. restart
            8. rm
            9. run
            10. scale
            11. start
            12. stop
            13. up
            14. version
          7. Docker Compose – examples
            1. image
            2. build
            3. The last example
        11. 11. Docker Swarm
          1. Docker Swarm install
            1. Installation
          2. Docker Swarm components
            1. Swarm
            2. Swarm manager
            3. Swarm host
          3. Docker Swarm usage
            1. Creating a cluster
            2. Joining nodes
            3. Listing nodes
            4. Managing a cluster
          4. The Docker Swarm commands
            1. Options
            2. list
            3. create
            4. manage
          5. The Docker Swarm topics
            1. Discovery services
            2. Advanced scheduling
            3. The Swarm API
          6. The Swarm cluster example
        12. 12. Testing with Docker
          1. A brief overview of the test-driven development
          2. Testing your code inside Docker
            1. Running the test inside a container
            2. Using a Docker container as a runtime environment
          3. Integrating Docker testing into Jenkins
            1. Preparing the Jenkins environment
            2. Automating the Docker testing process
        13. 13. Debugging Containers
          1. Process level isolation for Docker containers
            1. Control groups
          2. Debugging a containerized application
            1. The Docker exec command
            2. The Docker ps command
            3. The Docker top command
            4. The Docker stats command
            5. The Docker events command
            6. The Docker logs command
          3. Installing and using nsenter
      5. 2. Course Module 2: Networking Docker
        1. 1. Docker Networking Primer
          1. Networking and Docker
            1. Linux bridges
            2. Open vSwitch
            3. NAT
            4. IPtables
            5. AppArmor/SELinux
          2. The docker0 bridge
            1. The --net default mode
            2. The --net=none mode
            3. The --net=container:$container2 mode
            4. The --net=host mode
              1. Port mapping in Docker container
          3. Docker OVS
          4. Unix domain socket
          5. Linking Docker containers
            1. Links
          6. What's new in Docker networking?
            1. Sandbox
            2. Endpoint
            3. Network
          7. The Docker CNM model
        2. 2. Docker Networking Internals
          1. Configuring the IP stack for Docker
            1. IPv4 support
            2. IPv6 support
          2. Configuring a DNS server
            1. Communication between containers and external networks
              1. Restricting SSH access from one container to another
          3. Configuring the Docker bridge
          4. Overlay networks and underlay networks
        3. 3. Building Your First Docker Network
          1. Introduction to Pipework
          2. Multiple containers over a single host
            1. Weave your containers
          3. Open vSwitch
            1. Single host OVS
              1. Creating an OVS bridge
            2. Multiple host OVS
          4. Networking with overlay networks – Flannel
        4. 4. Networking in a Docker Cluster
          1. Docker Swarm
            1. Docker Swarm setup
            2. Docker Swarm networking
          2. Kubernetes
            1. Deploying Kubernetes on AWS
            2. Kubernetes networking and its differences to Docker networking
            3. Deploying the Kubernetes pod
          3. Mesosphere
            1. Docker containers
            2. Deploying a web app using Docker
            3. Deploying Mesos on AWS using DCOS
        5. 5. Next Generation Networking Stack for Docker – libnetwork
          1. Goal
          2. Design
          3. CNM objects
            1. Sandbox
            2. Endpoint
            3. Network
            4. Network controller
            5. CNM attributes
            6. CNM lifecycle
          4. Driver
            1. Bridge driver
            2. Overlay network driver
          5. Using overlay network with Vagrant
            1. Overlay network deployment Vagrant setup
          6. Overlay network with Docker Machine and Docker Swarm
            1. Prerequisites
            2. Key-value store installation
            3. Create a Swarm cluster with two nodes
            4. Creating an overlay network
          7. Creating containers using an overlay network
            1. Container network interface
          8. CNI plugin
            1. Network configuration
            2. IP allocation
            3. IP address management interface
          9. Project Calico's libnetwork driver
      6. 3. Course Module 3: Monitoring Docker
        1. 1. Introduction to Docker Monitoring
          1. Pets, Cattle, Chickens, and Snowflakes
            1. Pets
            2. Cattle
            3. Chickens
            4. Snowflakes
            5. So what does this all mean?
          2. Launching a local environment
          3. Cloning the environment
          4. Running a virtual server
          5. Halting the virtual server
        2. 2. Using the Built-in Tools
          1. Docker stats
            1. Running Docker stats
          2. What just happened?
          3. What about processes?
            1. Docker top
            2. Docker exec
        3. 3. Advanced Container Resource Analysis
          1. What is cAdvisor?
          2. Running cAdvisor using a container
          3. Compiling cAdvisor from source
          4. Collecting metrics
          5. The Web interface
            1. Overview
            2. Processes
            3. CPU
            4. Memory
            5. Network
            6. Filesystem
          6. Viewing container stats
            1. Subcontainers
            2. Driver status
            3. Images
          7. This is all great, what's the catch?
          8. Prometheus
            1. Launching Prometheus
            2. Querying Prometheus
            3. Dashboard
            4. The next steps
          9. Alternatives?
        4. 4. A Traditional Approach to Monitoring Containers
          1. Zabbix
          2. Installing Zabbix
            1. Using containers
            2. Using vagrant
            3. Preparing our host machine
            4. The Zabbix web interface
          3. Docker metrics
            1. Create custom graphs
            2. Compare containers to your host machine
            3. Triggers
        5. 5. Querying with Sysdig
          1. What is Sysdig?
          2. Installing Sysdig
          3. Using Sysdig
            1. The basics
            2. Capturing data
            3. Containers
            4. Further reading
          4. Using Csysdig
        6. 6. Exploring Third Party Options
          1. A word about externally hosted services
            1. Deploying Docker in the cloud
          2. Why use a SaaS service?
          3. Sysdig Cloud
            1. Installing the agent
            2. Exploring your containers
            3. Summary and further reading
          4. Datadog
            1. Installing the agent
            2. Exploring the web interface
            3. Summary and further reading
          5. New Relic
            1. Installing the agent
            2. Exploring the web interface
            3. Summary and further reading
        7. 7. Collecting Application Logs from within the Container
          1. Viewing container logs
          2. ELK Stack
            1. Starting the stack
            2. Logspout
            3. Reviewing the logs
            4. What about production?
          3. Looking at third party options
        8. 8. What Are the Next Steps?
          1. Some scenarios
            1. Pets, Cattle, Chickens, and Snowflakes
              1. Pets
              2. Cattle
              3. Chickens
              4. Snowflakes
            2. Scenario one
            3. Scenario two
          2. A little more about alerting
            1. Chickens
            2. Cattle and Pets
            3. Sending alerts
          3. Keeping up
      7. 4. Course Module 4: Securing Docker
        1. 1. Securing Docker Hosts
          1. Docker host overview
          2. Discussing Docker host
          3. Virtualization and isolation
          4. Attack surface of Docker daemon
            1. Protecting the Docker daemon
          5. Securing Docker hosts
          6. Docker Machine
          7. SELinux and AppArmor
          8. Auto-patching hosts
        2. 2. Securing Docker Components
          1. Docker Content Trust
            1. Docker Content Trust components
            2. Signing images
            3. Hardware signing
          2. Docker Subscription
          3. Docker Trusted Registry
            1. Installation
            2. Securing Docker Trusted Registry
            3. Administering
            4. Workflow
          4. Docker Registry
            1. Installation
            2. Configuration and security
        3. 3. Securing and Hardening Linux Kernels
          1. Linux kernel hardening guides
            1. SANS hardening guide deep dive
            2. Access controls
            3. Distribution focused
          2. Linux kernel hardening tools
            1. Grsecurity
            2. Lynis
        4. 4. Docker Bench for Security
          1. Docker security – best practices
          2. Docker – best practices
          3. CIS guide
            1. Host configuration
            2. Docker daemon configuration
            3. Docker daemon configuration files
            4. Container images/runtime
            5. Docker security operations
          4. The Docker Bench Security application
            1. Running the tool
              1. Running the tool – host configuration
              2. Running the tool – Docker daemon configuration
              3. Running the tool – Docker daemon configuration files
              4. Running the tool – container images and build files
              5. Running the tool – container runtime
              6. Running the tool – Docker security operations
            2. Understanding the output
              1. Understanding the output – host configuration
              2. Understanding the output – the Docker daemon configuration
              3. Understanding the output – the Docker daemon configuration files
              4. Understanding the output – container images and build files
              5. Understanding the output – container runtime
              6. Understanding the output – Docker security operations
        5. 5. Monitoring and Reporting Docker Security Incidents
          1. Docker security monitoring
          2. Docker CVE
          3. Mailing lists
          4. Docker security reporting
            1. Responsible disclosure
            2. Security reporting
          5. Additional Docker security resources
            1. Docker Notary
            2. Hardware signing
            3. Reading materials
            4. Awesome Docker
        6. 6. Using Docker's Built-in Security Features
          1. Docker tools
            1. Using TLS
            2. Read-only containers
          2. Docker security fundamentals
            1. Kernel namespaces
            2. Control groups
            3. Linux kernel capabilities
          3. Containers versus virtual machines
        7. 7. Securing Docker with Third-Party Tools
          1. Third-party tools
            1. Traffic Authorization
            2. Summon
            3. sVirt and SELinux
          2. Other third-party tools
            1. dockersh
            2. DockerUI
            3. Shipyard
            4. Logspout
        8. 8. Keeping up Security
          1. Keeping up with security
            1. E-mail list options
              1. The two e-mail lists are as follows:
            2. GitHub issues
            3. IRC rooms
            4. CVE websites
          2. Other areas of interest
      8. 5. Course Module 5: Mastering Docker
        1. 1. Docker in Production
          1. Where to start?
            1. Setting up hosts
            2. Setting up nodes
          2. Host management
            1. Host monitoring
            2. Docker Swarm
            3. Swarm manager failover
          3. Container management
            1. Container image storage
            2. Image usage
            3. The Docker commands and GUIs
            4. Container monitoring
            5. Automatic restarts
            6. Rolling updates
          4. Docker Compose usage
            1. Developer environments
            2. Scaling environments
          5. Extending to external platform(s)
            1. Heroku
          6. Overall security
            1. Security best practices
          7. DockerUI
          8. ImageLayers
        2. 2. Shipyard
          1. Up and running
          2. Containers
            1. Deploying a container
          3. IMAGES
            1. Pulling an image
          4. NODES
          5. REGISTRIES
          6. ACCOUNTS
          7. EVENTS
          8. Back to CONTAINERS
        3. 3. Panamax
          1. Installing Panamax
          2. An example
            1. Applications
            2. Sources
            3. Images
            4. Registries
            5. Remote Deployment Targets
            6. Back to Applications
            7. Adding a service
            8. Configuring the application
              1. Service links
              2. Environmental variables
              3. Ports
              4. Volumes
              5. Docker Run Command
        4. 4. Tutum
          1. Getting started
          2. The tutorial page
          3. The Service dashboard
          4. The Nodes section
          5. Cloud Providers
          6. Back to Nodes
          7. Back to the Services section
            1. Containers
            2. Endpoints
            3. Logs
            4. Monitoring
            5. Triggers
            6. Timeline
            7. Configuration
          8. The Repositories tab
          9. Stacks
        5. 5. Advanced Docker
          1. Scaling Docker
          2. Using discovery services
            1. Consul
            2. etcd
              1. Debugging or troubleshooting Docker
            3. Docker commands
            4. GUI applications
            5. Resources
          3. Common issues and solutions
            1. Docker images
            2. Docker volumes
            3. Using resources
          4. Various Docker APIs
            1. docker.io accounts API
            2. Remote API
          5. Keeping your containers in check
            1. Kubernetes
            2. Chef
            3. Other solutions
          6. Contributing to Docker
            1. Contributing to the code
            2. Contributing to support
            3. Other contributions
          7. Advanced Docker networking
            1. Installation
            2. Creating your own network
        6. A. Reflect and Test Yourself! Answers
          1. Module 1: Learning Docker
            1. Chapter 1: Getting Started with Docker
            2. Chapter 6: Running Your Private Docker Infrastructure
            3. Chapter 7: Running Services In a Container
            4. Chapter 8: Sharing Data with Containers
            5. Chapter 9: Docker Machine
            6. Chapter 10: Orchestrating Docker
            7. Chapter 11: Docker Swarm
            8. Chapter 12: Testing with Docker
            9. Chapter 13: Debugging Containers
          2. Module 2: Networking Docker
            1. Chapter 1: Docker Networking Primer
            2. Chapter 2: Docker Networking Internals
            3. Chapter 3: Building Your First Docker Network
            4. Chapter 4: Networking in a Docker Cluster
            5. Chapter 5: Next Generation Networking Stack for Docker – libnetwork
          3. Module 3: Monitoring Docker
            1. Chapter 1: Introduction to Docker Monitoring
            2. Chapter 3: Advanced Container Resource Analysis
            3. Chapter 4: A Traditional Approach to Monitoring Containers
            4. Chapter 5: Querying with Sysdig
            5. Chapter 6: Exploring Third-Party Options
            6. Chapter 7: Collecting Application Logs from within the Container
          4. Module 4: Securing Docker
            1. Chapter 2: Securing Docker Components
            2. Chapter 3: Securing and Hardening Linux Kernels
            3. Chapter 4, Docker Bench for Security
            4. Chapter 5, Monitoring and Reporting Docker Security Incidents
            5. Chapter 6, Using Docker's Built-in Security Features
            6. Chapter 7, Securing Docker with Third-party Tools
            7. Chapter 8, Keeping up Security
          5. Module 5: Mastering Docker
            1. Chapter 1, Docker in Production
            2. Chapter 2, Shipyard
            3. Chapter 5, Advanced Docker
        7. B. Bibliography
      9. Index