Home Page Icon
Home Page
Table of Contents for
Module 5: Mastering Docker
Close
Module 5: Mastering Docker
by Scott Gallagher, Allan Espinosa, Russ McKendrick, Santosh Kumar Konduri, Vaibhav
Docker: Creating Structured Containers
Docker
Table of Contents
Docker
Meet Your Course Guide
What's so cool about Docker?
What's in it for me – Course Structure
Course Journey
The Course Roadmap and Timeline
1. Course Module 1: Learning Docker
1. Getting Started with Docker
An introduction to Docker
Docker on Linux
Differentiating between containerization and virtualization
The convergence of containerization and virtualization
Containerization technologies
Docker networking/linking
Installing Docker
Installing Docker from the Ubuntu package repository
Installing the latest Docker using docker.io script
Upgrading Docker
Building Docker from source
User permissions
UFW settings
Installing Docker on Mac OS X
Installation
Installing Docker on Windows
Installation
Upgrading Docker on Mac OS X and Windows
Downloading the first Docker image
Running the first Docker container
Running a Docker container on Amazon Web Services
Troubleshooting
2. Up and Running
Docker terminologies
Docker images and containers
A Docker layer
A Docker container
The docker daemon
Docker client
Dockerfile
Docker repository
Docker commands
The daemon command
The version command
The info command
The run command
Running a server
The search command
The pull command
The start command
The stop command
The restart command
The rm command
The ps command
The logs command
The inspect command
The top command
The attach command
The kill command
The cp command
The port command
Running your own project
The diff command
The commit command
The images command
The rmi command
The save command
The load command
The export command
The import command
The tag command
The login command
The push command
The history command
The events command
The wait command
The build command
Uploading to Docker daemon
Dockerfile
The FROM instruction
The MAINTAINER instruction
The RUN instruction
The CMD instruction
The ENTRYPOINT instruction
The WORKDIR instruction
The EXPOSE instruction
The ENV instruction
The USER instruction
The VOLUME instruction
The ADD instruction
The COPY instruction
The ONBUILD instruction
3. Container Image Storage
Docker Hub
The Docker Hub location
Dashboard
Explore the repositories page
Organizations
The Create menu
Settings
The Stars page
Docker Hub Enterprise
Comparing Docker Hub to Docker Subscription
Docker Subscription for server
Docker Subscription for cloud
4. Working with Docker containers and images
Docker Hub Registry
Docker Registry versus Docker Hub
Searching Docker images
Working with an interactive container
Tracking changes inside containers
Controlling Docker containers
Housekeeping containers
Building images from containers
Launching a container as a daemon
5. Publishing Images
Pushing images to the Docker Hub
Automating the building process for images
Private repositories on the Docker Hub
Organizations and teams on the Docker Hub
The REST APIs for the Docker Hub
6. Running Your Private Docker Infrastructure
The Docker registry and index
Docker registry use cases
Run your own index and registry
Step 1 – Deployment of the index components and the registry from GitHub
Step 2 – Configuration of nginx with the Docker registry
Step 3 – Set up SSL on the web server for secure communication
Push the image to the newly created Docker registry
7. Running Services in a Container
A brief overview of container networking
Envisaging the Container as a Service
Building an HTTP server image
Running the HTTP server Image as a Service
Connecting to the HTTP service
Exposing container services
Publishing container ports – the -p option
Network Address Translation for containers
Retrieving the container port
Binding a container to a specific IP address
Auto-generating the Docker host port
Port binding using EXPOSE and the -P option
8. Sharing Data with Containers
The data volume
Sharing host data
The practicality of host data sharing
Sharing data between containers
Data-only containers
Mounting data volume from other containers
The practicality of data sharing between containers
Avoiding common pitfalls
Directory leaks
The undesirable effect of data volume
Data volume containers
Docker volume backups
9. Docker Machine
Installation
Using Docker Machine
Local VM
Cloud environment
Docker Machine commands
active
ip
ls
scp
ssh
upgrade
url
TLS
10. Docker Compose
Linking containers
Orchestration of containers
Orchestrate containers using docker-compose
Installing Docker Compose
Installing on Linux
Installing on OS X and Windows
Docker Compose YAML file
The Docker Compose usage
The Docker Compose options
The Docker Compose commands
build
kill
logs
port
ps
pull
restart
rm
run
scale
start
stop
up
version
Docker Compose – examples
image
build
The last example
11. Docker Swarm
Docker Swarm install
Installation
Docker Swarm components
Swarm
Swarm manager
Swarm host
Docker Swarm usage
Creating a cluster
Joining nodes
Listing nodes
Managing a cluster
The Docker Swarm commands
Options
list
create
manage
The Docker Swarm topics
Discovery services
Advanced scheduling
The Swarm API
The Swarm cluster example
12. Testing with Docker
A brief overview of the test-driven development
Testing your code inside Docker
Running the test inside a container
Using a Docker container as a runtime environment
Integrating Docker testing into Jenkins
Preparing the Jenkins environment
Automating the Docker testing process
13. Debugging Containers
Process level isolation for Docker containers
Control groups
Debugging a containerized application
The Docker exec command
The Docker ps command
The Docker top command
The Docker stats command
The Docker events command
The Docker logs command
Installing and using nsenter
2. Course Module 2: Networking Docker
1. Docker Networking Primer
Networking and Docker
Linux bridges
Open vSwitch
NAT
IPtables
AppArmor/SELinux
The docker0 bridge
The --net default mode
The --net=none mode
The --net=container:$container2 mode
The --net=host mode
Port mapping in Docker container
Docker OVS
Unix domain socket
Linking Docker containers
Links
What's new in Docker networking?
Sandbox
Endpoint
Network
The Docker CNM model
2. Docker Networking Internals
Configuring the IP stack for Docker
IPv4 support
IPv6 support
Configuring a DNS server
Communication between containers and external networks
Restricting SSH access from one container to another
Configuring the Docker bridge
Overlay networks and underlay networks
3. Building Your First Docker Network
Introduction to Pipework
Multiple containers over a single host
Weave your containers
Open vSwitch
Single host OVS
Creating an OVS bridge
Multiple host OVS
Networking with overlay networks – Flannel
4. Networking in a Docker Cluster
Docker Swarm
Docker Swarm setup
Docker Swarm networking
Kubernetes
Deploying Kubernetes on AWS
Kubernetes networking and its differences to Docker networking
Deploying the Kubernetes pod
Mesosphere
Docker containers
Deploying a web app using Docker
Deploying Mesos on AWS using DCOS
5. Next Generation Networking Stack for Docker – libnetwork
Goal
Design
CNM objects
Sandbox
Endpoint
Network
Network controller
CNM attributes
CNM lifecycle
Driver
Bridge driver
Overlay network driver
Using overlay network with Vagrant
Overlay network deployment Vagrant setup
Overlay network with Docker Machine and Docker Swarm
Prerequisites
Key-value store installation
Create a Swarm cluster with two nodes
Creating an overlay network
Creating containers using an overlay network
Container network interface
CNI plugin
Network configuration
IP allocation
IP address management interface
Project Calico's libnetwork driver
3. Course Module 3: Monitoring Docker
1. Introduction to Docker Monitoring
Pets, Cattle, Chickens, and Snowflakes
Pets
Cattle
Chickens
Snowflakes
So what does this all mean?
Launching a local environment
Cloning the environment
Running a virtual server
Halting the virtual server
2. Using the Built-in Tools
Docker stats
Running Docker stats
What just happened?
What about processes?
Docker top
Docker exec
3. Advanced Container Resource Analysis
What is cAdvisor?
Running cAdvisor using a container
Compiling cAdvisor from source
Collecting metrics
The Web interface
Overview
Processes
CPU
Memory
Network
Filesystem
Viewing container stats
Subcontainers
Driver status
Images
This is all great, what's the catch?
Prometheus
Launching Prometheus
Querying Prometheus
Dashboard
The next steps
Alternatives?
4. A Traditional Approach to Monitoring Containers
Zabbix
Installing Zabbix
Using containers
Using vagrant
Preparing our host machine
The Zabbix web interface
Docker metrics
Create custom graphs
Compare containers to your host machine
Triggers
5. Querying with Sysdig
What is Sysdig?
Installing Sysdig
Using Sysdig
The basics
Capturing data
Containers
Further reading
Using Csysdig
6. Exploring Third Party Options
A word about externally hosted services
Deploying Docker in the cloud
Why use a SaaS service?
Sysdig Cloud
Installing the agent
Exploring your containers
Summary and further reading
Datadog
Installing the agent
Exploring the web interface
Summary and further reading
New Relic
Installing the agent
Exploring the web interface
Summary and further reading
7. Collecting Application Logs from within the Container
Viewing container logs
ELK Stack
Starting the stack
Logspout
Reviewing the logs
What about production?
Looking at third party options
8. What Are the Next Steps?
Some scenarios
Pets, Cattle, Chickens, and Snowflakes
Pets
Cattle
Chickens
Snowflakes
Scenario one
Scenario two
A little more about alerting
Chickens
Cattle and Pets
Sending alerts
Keeping up
4. Course Module 4: Securing Docker
1. Securing Docker Hosts
Docker host overview
Discussing Docker host
Virtualization and isolation
Attack surface of Docker daemon
Protecting the Docker daemon
Securing Docker hosts
Docker Machine
SELinux and AppArmor
Auto-patching hosts
2. Securing Docker Components
Docker Content Trust
Docker Content Trust components
Signing images
Hardware signing
Docker Subscription
Docker Trusted Registry
Installation
Securing Docker Trusted Registry
Administering
Workflow
Docker Registry
Installation
Configuration and security
3. Securing and Hardening Linux Kernels
Linux kernel hardening guides
SANS hardening guide deep dive
Access controls
Distribution focused
Linux kernel hardening tools
Grsecurity
Lynis
4. Docker Bench for Security
Docker security – best practices
Docker – best practices
CIS guide
Host configuration
Docker daemon configuration
Docker daemon configuration files
Container images/runtime
Docker security operations
The Docker Bench Security application
Running the tool
Running the tool – host configuration
Running the tool – Docker daemon configuration
Running the tool – Docker daemon configuration files
Running the tool – container images and build files
Running the tool – container runtime
Running the tool – Docker security operations
Understanding the output
Understanding the output – host configuration
Understanding the output – the Docker daemon configuration
Understanding the output – the Docker daemon configuration files
Understanding the output – container images and build files
Understanding the output – container runtime
Understanding the output – Docker security operations
5. Monitoring and Reporting Docker Security Incidents
Docker security monitoring
Docker CVE
Mailing lists
Docker security reporting
Responsible disclosure
Security reporting
Additional Docker security resources
Docker Notary
Hardware signing
Reading materials
Awesome Docker
6. Using Docker's Built-in Security Features
Docker tools
Using TLS
Read-only containers
Docker security fundamentals
Kernel namespaces
Control groups
Linux kernel capabilities
Containers versus virtual machines
7. Securing Docker with Third-Party Tools
Third-party tools
Traffic Authorization
Summon
sVirt and SELinux
Other third-party tools
dockersh
DockerUI
Shipyard
Logspout
8. Keeping up Security
Keeping up with security
E-mail list options
The two e-mail lists are as follows:
GitHub issues
IRC rooms
CVE websites
Other areas of interest
5. Course Module 5: Mastering Docker
1. Docker in Production
Where to start?
Setting up hosts
Setting up nodes
Host management
Host monitoring
Docker Swarm
Swarm manager failover
Container management
Container image storage
Image usage
The Docker commands and GUIs
Container monitoring
Automatic restarts
Rolling updates
Docker Compose usage
Developer environments
Scaling environments
Extending to external platform(s)
Heroku
Overall security
Security best practices
DockerUI
ImageLayers
2. Shipyard
Up and running
Containers
Deploying a container
IMAGES
Pulling an image
NODES
REGISTRIES
ACCOUNTS
EVENTS
Back to CONTAINERS
3. Panamax
Installing Panamax
An example
Applications
Sources
Images
Registries
Remote Deployment Targets
Back to Applications
Adding a service
Configuring the application
Service links
Environmental variables
Ports
Volumes
Docker Run Command
4. Tutum
Getting started
The tutorial page
The Service dashboard
The Nodes section
Cloud Providers
Back to Nodes
Back to the Services section
Containers
Endpoints
Logs
Monitoring
Triggers
Timeline
Configuration
The Repositories tab
Stacks
5. Advanced Docker
Scaling Docker
Using discovery services
Consul
etcd
Debugging or troubleshooting Docker
Docker commands
GUI applications
Resources
Common issues and solutions
Docker images
Docker volumes
Using resources
Various Docker APIs
docker.io accounts API
Remote API
Keeping your containers in check
Kubernetes
Chef
Other solutions
Contributing to Docker
Contributing to the code
Contributing to support
Other contributions
Advanced Docker networking
Installation
Creating your own network
A. Reflect and Test Yourself! Answers
Module 1: Learning Docker
Chapter 1: Getting Started with Docker
Chapter 6: Running Your Private Docker Infrastructure
Chapter 7: Running Services In a Container
Chapter 8: Sharing Data with Containers
Chapter 9: Docker Machine
Chapter 10: Orchestrating Docker
Chapter 11: Docker Swarm
Chapter 12: Testing with Docker
Chapter 13: Debugging Containers
Module 2: Networking Docker
Chapter 1: Docker Networking Primer
Chapter 2: Docker Networking Internals
Chapter 3: Building Your First Docker Network
Chapter 4: Networking in a Docker Cluster
Chapter 5: Next Generation Networking Stack for Docker – libnetwork
Module 3: Monitoring Docker
Chapter 1: Introduction to Docker Monitoring
Chapter 3: Advanced Container Resource Analysis
Chapter 4: A Traditional Approach to Monitoring Containers
Chapter 5: Querying with Sysdig
Chapter 6: Exploring Third-Party Options
Chapter 7: Collecting Application Logs from within the Container
Module 4: Securing Docker
Chapter 2: Securing Docker Components
Chapter 3: Securing and Hardening Linux Kernels
Chapter 4, Docker Bench for Security
Chapter 5, Monitoring and Reporting Docker Security Incidents
Chapter 6, Using Docker's Built-in Security Features
Chapter 7, Securing Docker with Third-party Tools
Chapter 8, Keeping up Security
Module 5: Mastering Docker
Chapter 1, Docker in Production
Chapter 2, Shipyard
Chapter 5, Advanced Docker
B. Bibliography
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Module 4: Securing Docker
Next
Next Chapter
B. Bibliography
Module 5: Mastering Docker
Chapter 1, Docker in Production
Q1
2
Chapter 2, Shipyard
Q1
4
Chapter 5, Advanced Docker
Q1
4
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset