You are previewing Docker in Production: Lessons from the Trenches.
O'Reilly logo
Docker in Production: Lessons from the Trenches

Book Description

Many books and blog posts already cover individual topics related to installing and running Docker, but few resources exist to weave together the myriad and sometimes forehead-to-wall-thumping concerns of running Docker in production. Fear not, if you enjoyed the movie Inception, you will feel right at home running containers in virtual machines on servers in the cloud.

This book will give you a solid understanding of the building blocks and concerns of architecting and running Docker-based infrastructure in production.

If you have experience in DevOps and ops backgrounds then this is the book for you. Previous experience with both the basics of running servers in production as well as creating and managing containers is also highly recommended.

Table of Contents

  1. Preface
    1. Who is actually using Docker in production?
    2. Who is this book for?
    3. Why Docker?
    4. Development vs. production
    5. What we mean by Production
    6. Batteries included vs. composable tools
    7. What not to dockerize
    8. Authors
  2. 1. Getting Started
    1. Terminology
      1. Image vs. Container
      2. Containers vs. Virtual Machines
      3. CI/CD: Continuous Integration / Continuous Delivery
      4. Host Management
      5. Orchestration
      6. Scheduling
      7. Discovery
      8. Configuration Management
    2. Development to Production
    3. Multiple Ways to Use Docker
    4. What to Expect
  3. 2. The Stack
    1. Build System
    2. Image Repository
    3. Host Management
    4. Configuration Management
    5. Deployment
    6. Orchestration
  4. 3. Example - Barebones Environment
    1. Keeping the Pieces Simple
    2. Keeping The Processes Simple
    3. Systems in Detail
      1. Leveraging systemd
    4. Cluster-wide, common and local configurations
    5. Deploying services
    6. Support services
    7. Discussion
    8. Future
  5. 4. Web Environment
    1. Orchestration
      1. Building the server for the container (aka getting Docker on the host)
      2. Building the container (the listening web service)
    2. Networking
    3. Data storage
    4. Logging
    5. Monitoring
    6. No worries about new dependencies
    7. Zero downtime
    8. Service rollbacks
    9. Pros
    10. Cons
    11. Conclusion
  6. 5. Beanstalk Environment
    1. Process to build containers
      1. Process to deploy/update containers
    2. Logging
    3. Monitoring
    4. Security
    5. Pros
    6. Cons
    7. Other notes
  7. 6. Kubernetes Environment
    1. OpenShift v3
    2. Interview, Clayton Coleman, RedHat
  8. 7. Security
    1. Threat models
    2. Containers and security
    3. Kernel updates
    4. Container updates
    5. suid and guid binaries
    6. root in containers
    7. Capabilities
    8. seccomp
    9. Kernel security frameworks
    10. Resource limits and cgroups
    11. ulimit
      1. User namespaces
      2. Image verification
    12. Running the docker daemon securely
    13. Monitoring
    14. Devices
    15. Mount points
    16. ssh
    17. Secret distribution
    18. Location
  9. 8. Building Images
    1. Not your father’s images
      1. Copy on Write and Efficient Image Storage and Distribution
    2. Image building fundamentals
      1. Layered File Systems and Preserving Space
      2. Keeping images small
      3. Making images reusable
      4. Making an image configurable via environment variables when the process is not
      5. Make images that reconfigure themselves when docker changes
      6. Trust and Images
      7. Make your images immutable
  10. 9. Storing Docker Images
    1. Getting up and running with storing Docker images
    2. Automated builds
    3. Private repository
    4. Scaling the Private registry
      1. S3
      2. Load balancing the registry
    5. Maintenance
    6. Making your private repository secure
      1. SSL
      2. Authentication
    7. Save/Load
    8. Minimizing your image sizes
    9. Other Image repository solutions
  11. 10. CICD
    1. Let everyone just build and push containers!
    2. Integration testing with Docker
    3. Conclusion
  12. 11. Configuration Management
    1. Configuration Management vs. Containers
    2. Configuration management for containers
      1. Chef
    3. Ansible
    4. Salt Stack
    5. Puppet
    6. Conclusion
  13. 12. Docker storage drivers
    1. AUFS
    2. DeviceMapper
    3. btrfs
    4. overlay
    5. vfs
    6. Conclusion
  14. 13. Docker networking
    1. Networking Basics
    2. IP address allocation
      1. Port allocation
    3. Domain name resolution
    4. Service discovery
    5. Advanced Docker networking
      1. Network security
      2. Multihost inter container communication
      3. Network namespace sharing
    6. IPv6
    7. Conclusion
  15. 14. Scheduling
  16. 15. Service discovery
    1. DNS service discovery
      1. DNS servers reinvented
    2. Zookeeper
    3. Service discovery with Zookeeper
    4. etcd
      1. Service discovery with etcd
    5. consul
      1. Service discovery with consul
      2. registrator
    6. Eureka
      1. Service discovery with Eureka
    7. Smartstack
      1. Service discovery with Smartstack
      2. Summary
    8. nsqlookupd
    9. Summary
  17. 16. Logging and Monitoring
    1. Logging
      1. Native Docker logging
      2. Attaching to Docker containers
      3. Exporting logs to host
      4. Sending logs to a centralized logging system
      5. Side mounting logs from another container
    2. Monitoring
      1. Host based monitoring
      2. Docker deamon based monitoring
      3. Container based monitoring
      4. References
  18. 17. Reference
    1. Blogs and Articles
    2. Production Examples
    3. Security