What's new in Docker networking?
by Scott Gallagher, Allan Espinosa, Russ McKendrick, Santosh Kumar Konduri, Vaibhav
Docker: Creating Structured Containers
- Docker
- Table of Contents
- Docker
- Meet Your Course Guide
- 1. Course Module 1: Learning Docker
- 1. Getting Started with Docker
- An introduction to Docker
- Docker on Linux
- Differentiating between containerization and virtualization
- Docker networking/linking
- Installing Docker
- Downloading the first Docker image
- Running the first Docker container
- Running a Docker container on Amazon Web Services
- Troubleshooting
- 2. Up and Running
- Docker terminologies
- Docker commands
- The daemon command
- The version command
- The info command
- The run command
- The search command
- The pull command
- The start command
- The stop command
- The restart command
- The rm command
- The ps command
- The logs command
- The inspect command
- The top command
- The attach command
- The kill command
- The cp command
- The port command
- Running your own project
- Dockerfile
- 3. Container Image Storage
- 4. Working with Docker containers and images
- 5. Publishing Images
- 6. Running Your Private Docker Infrastructure
- 7. Running Services in a Container
- 8. Sharing Data with Containers
- 9. Docker Machine
- 10. Docker Compose
- 11. Docker Swarm
- 12. Testing with Docker
- 13. Debugging Containers
- 1. Getting Started with Docker
- 2. Course Module 2: Networking Docker
- 1. Docker Networking Primer
- 2. Docker Networking Internals
- 3. Building Your First Docker Network
- 4. Networking in a Docker Cluster
- 5. Next Generation Networking Stack for Docker – libnetwork
- 3. Course Module 3: Monitoring Docker
- 1. Introduction to Docker Monitoring
- 2. Using the Built-in Tools
- 3. Advanced Container Resource Analysis
- 4. A Traditional Approach to Monitoring Containers
- 5. Querying with Sysdig
- 6. Exploring Third Party Options
- 7. Collecting Application Logs from within the Container
- 8. What Are the Next Steps?
- 4. Course Module 4: Securing Docker
- 1. Securing Docker Hosts
- 2. Securing Docker Components
- 3. Securing and Hardening Linux Kernels
- 4. Docker Bench for Security
- Docker security – best practices
- Docker – best practices
- CIS guide
- The Docker Bench Security application
- Running the tool
- Understanding the output
- Understanding the output – host configuration
- Understanding the output – the Docker daemon configuration
- Understanding the output – the Docker daemon configuration files
- Understanding the output – container images and build files
- Understanding the output – container runtime
- Understanding the output – Docker security operations
- 5. Monitoring and Reporting Docker Security Incidents
- 6. Using Docker's Built-in Security Features
- 7. Securing Docker with Third-Party Tools
- 8. Keeping up Security
- 5. Course Module 5: Mastering Docker
- 1. Docker in Production
- 2. Shipyard
- 3. Panamax
- 4. Tutum
- 5. Advanced Docker
- A. Reflect and Test Yourself! Answers
- Module 1: Learning Docker
- Chapter 1: Getting Started with Docker
- Chapter 6: Running Your Private Docker Infrastructure
- Chapter 7: Running Services In a Container
- Chapter 8: Sharing Data with Containers
- Chapter 9: Docker Machine
- Chapter 10: Orchestrating Docker
- Chapter 11: Docker Swarm
- Chapter 12: Testing with Docker
- Chapter 13: Debugging Containers
- Module 2: Networking Docker
- Module 3: Monitoring Docker
- Module 4: Securing Docker
- Chapter 2: Securing Docker Components
- Chapter 3: Securing and Hardening Linux Kernels
- Chapter 4, Docker Bench for Security
- Chapter 5, Monitoring and Reporting Docker Security Incidents
- Chapter 6, Using Docker's Built-in Security Features
- Chapter 7, Securing Docker with Third-party Tools
- Chapter 8, Keeping up Security
- Module 5: Mastering Docker
- Module 1: Learning Docker
- B. Bibliography
- Index
Docker networking is at a very nascent stage, and there are many interesting contributions from the developer community, such as Pipework, Weave, Clocker, and Kubernetes. Each of them reflects a different aspect of Docker networking. We will learn about them in later chapters. Docker, Inc. has also established a new project where networking will be standardized. It is called libnetwork.
libnetwork implements the container network model (CNM), which formalizes the steps required to provide networking for containers while providing an abstraction that can be used to support multiple network drivers. The CNM is built on three main components—sandbox, endpoint, and network.
A sandbox contains the configuration of a container's network stack. This includes management of the container's interfaces, routing table, and DNS settings. An implementation of a sandbox could be a Linux network namespace, a FreeBSD jail, or other similar concept. A sandbox may contain many endpoints from multiple networks.
-
No Comment