| Foreword |
|
xiii | |
| Preface |
|
xv | |
| Acknowledgments |
|
xviii | |
| About This Book |
|
xx | |
| About the Authors |
|
xxii | |
| About the Cover Illustration |
|
xxiii | |
|
|
|
1 | (16) |
|
|
|
3 | (5) |
|
|
|
3 | (2) |
|
|
|
5 | (1) |
|
Containers are not virtualization |
|
|
5 | (1) |
|
Running software in containers for isolation |
|
|
6 | (1) |
|
|
|
7 | (1) |
|
1.2 What problems does Docker solve? |
|
|
8 | (4) |
|
|
|
9 | (1) |
|
|
|
10 | (1) |
|
|
|
11 | (1) |
|
1.3 Why is Docker important? |
|
|
12 | (1) |
|
1.4 Where and when to use Docker |
|
|
13 | (1) |
|
1.5 Docker in the larger ecosystem |
|
|
14 | (1) |
|
1.6 Getting help with the Docker command line |
|
|
14 | (3) |
|
Part 1 Process isolation and environment-independent computing |
|
|
17 | (106) |
|
2 Running software in containers |
|
|
19 | (28) |
|
2.1 Controlling containers: Building a website monitor |
|
|
20 | (5) |
|
Creating and starting a new container |
|
|
21 | (1) |
|
Running interactive containers |
|
|
22 | (1) |
|
Listing, stopping, restarting, and viewing output of containers |
|
|
23 | (2) |
|
2.2 Solved problems and the PID namespace |
|
|
25 | (3) |
|
2.3 Eliminating metaconflicts: Building a website farm |
|
|
28 | (6) |
|
Flexible container identification |
|
|
28 | (3) |
|
Container state and dependencies |
|
|
31 | (3) |
|
2.4 Building environment-agnostic systems |
|
|
34 | (6) |
|
|
|
34 | (3) |
|
Environment variable injection |
|
|
37 | (3) |
|
2.5 Building durable containers |
|
|
40 | (4) |
|
Automatically restarting containers |
|
|
41 | (1) |
|
Using PID 1 and init systems |
|
|
42 | (2) |
|
|
|
44 | (3) |
|
3 Software installation simplified |
|
|
47 | (15) |
|
|
|
48 | (2) |
|
What is a named repository? |
|
|
48 | (1) |
|
|
|
49 | (1) |
|
3.2 Finding and installing software |
|
|
50 | (6) |
|
Working with Docker registries from the command line |
|
|
50 | (1) |
|
Using alternative registries |
|
|
51 | (1) |
|
Working with images as files |
|
|
52 | (1) |
|
Installing from a Dockerfile |
|
|
53 | (1) |
|
Using Docker Hub from the website |
|
|
54 | (2) |
|
3.3 Installation files and isolation |
|
|
56 | (6) |
|
|
|
57 | (1) |
|
|
|
58 | (1) |
|
Container filesystem abstraction and isolation |
|
|
59 | (1) |
|
Benefits of this toolset and filesystem structure |
|
|
60 | (1) |
|
Weaknesses of union filesystems |
|
|
60 | (2) |
|
4 Working with storage and volumes |
|
|
62 | (18) |
|
4.1 File trees and mount points |
|
|
63 | (1) |
|
|
|
64 | (3) |
|
|
|
67 | (1) |
|
|
|
68 | (5) |
|
Volumes provide container-independent data management |
|
|
70 | (1) |
|
Using volumes with a NoSQL database |
|
|
71 | (2) |
|
4.5 Shared mount points and sharing files |
|
|
73 | (4) |
|
Anonymous volumes and the volumes-from flag |
|
|
74 | (3) |
|
|
|
77 | (1) |
|
4.7 Advanced storage with volume plugins |
|
|
78 | (2) |
|
|
|
80 | (19) |
|
5.1 Networking background (for beginners) |
|
|
81 | (2) |
|
Basics: Protocols, interfaces, and ports |
|
|
81 | (1) |
|
Bigger picture: Networks, NAT, and port forwarding |
|
|
82 | (1) |
|
5.2 Docker container networking |
|
|
83 | (6) |
|
Creating a user-defined bridge network |
|
|
84 | (2) |
|
Exploring a bridge network |
|
|
86 | (2) |
|
|
|
88 | (1) |
|
5.3 Special container networks: host and none |
|
|
89 | (2) |
|
5.4 Handling inbound traffic with NodePort publishing |
|
|
91 | (2) |
|
5.5 Container networking caveats and customizations |
|
|
93 | (6) |
|
No firewalls or network policies |
|
|
93 | (1) |
|
|
|
93 | (4) |
|
Externalizing network management |
|
|
97 | (2) |
|
6 Limiting risk with resource controls |
|
|
99 | (24) |
|
6.1 Setting resource allowances |
|
|
100 | (5) |
|
|
|
101 | (1) |
|
|
|
102 | (3) |
|
|
|
105 | (1) |
|
|
|
105 | (2) |
|
Sharing IPC primitives between containers |
|
|
106 | (1) |
|
|
|
107 | (7) |
|
Working with the run-as user |
|
|
108 | (3) |
|
|
|
111 | (2) |
|
Introduction to the Linux user namespace and UID remapping |
|
|
113 | (1) |
|
6.4 Adjusting OS feature access with capabilities |
|
|
114 | (2) |
|
6.5 Running a container with full privileges |
|
|
116 | (1) |
|
6.6 Strengthening containers with enhanced tools |
|
|
117 | (2) |
|
Specifying additional security options |
|
|
118 | (1) |
|
6.7 Building use-case-appropriate containers |
|
|
119 | (4) |
|
|
|
119 | (1) |
|
High-level system services |
|
|
120 | (1) |
|
Low-level system services |
|
|
120 | (3) |
|
Part 2 Packaging software for distribution |
|
|
123 | (94) |
|
7 Packaging software in images |
|
|
125 | (19) |
|
7.1 Building Docker images from a container |
|
|
126 | (5) |
|
|
|
126 | (1) |
|
Preparing packaging for Git |
|
|
127 | (1) |
|
Reviewing filesystem changes |
|
|
128 | (1) |
|
|
|
129 | (1) |
|
Configuring image attributes |
|
|
130 | (1) |
|
7.2 Going deep on Docker images and layers |
|
|
131 | (8) |
|
Exploring union filesystems |
|
|
131 | (3) |
|
Reintroducing images, layers, repositories, and tags |
|
|
134 | (3) |
|
Managing image size and layer limits |
|
|
137 | (2) |
|
7.3 Exporting and importing flat filesystems |
|
|
139 | (2) |
|
7.4 Versioning best practices |
|
|
141 | (3) |
|
8 Building images automatically with Dockerfiles |
|
|
144 | (30) |
|
8.1 Packaging Git with a Dockerfile |
|
|
145 | (3) |
|
|
|
148 | (8) |
|
|
|
149 | (4) |
|
|
|
153 | (3) |
|
8.3 Injecting downstream build-time behavior |
|
|
156 | (3) |
|
8.4 Creating maintainable Dockerfiles |
|
|
159 | (3) |
|
8.5 Using startup scripts and multiprocess containers |
|
|
162 | (5) |
|
Environmental preconditions validation |
|
|
163 | (1) |
|
|
|
164 | (2) |
|
The purpose and use of health checks |
|
|
166 | (1) |
|
8.6 Building hardened application images |
|
|
167 | (7) |
|
Content-addressable image identifiers |
|
|
168 | (1) |
|
|
|
169 | (2) |
|
SUID and SGID permissions |
|
|
171 | (3) |
|
9 Public and private software distribution |
|
|
174 | (23) |
|
9.1 Choosing a distribution method |
|
|
175 | (3) |
|
|
|
175 | (1) |
|
|
|
176 | (2) |
|
9.2 Publishing with hosted registries |
|
|
178 | (5) |
|
Publishing with public repositories: "Hello World!" via Docker Hub |
|
|
179 | (2) |
|
Private hosted repositories |
|
|
181 | (2) |
|
9.3 Introducing private registries |
|
|
183 | (5) |
|
|
|
186 | (1) |
|
Consuming images from your registry |
|
|
187 | (1) |
|
9.4 Manual image publishing and distribution |
|
|
188 | (6) |
|
A sample distribution infrastructure using FTP |
|
|
190 | (4) |
|
9.5 Image source-distribution workflows |
|
|
194 | (3) |
|
Distributing a project with Dockerfile on GitHub |
|
|
194 | (3) |
|
|
|
197 | (20) |
|
10.1 Goals of an image build pipeline |
|
|
198 | (1) |
|
10.2 Patterns for building images |
|
|
199 | (5) |
|
|
|
200 | (1) |
|
Separate build and runtime images |
|
|
201 | (1) |
|
Variations of runtime image via multi-stage builds |
|
|
202 | (2) |
|
10.3 Record metadata at image build time |
|
|
204 | (5) |
|
Orchestrating the build with make |
|
|
205 | (4) |
|
10.4 Testing images in a build pipeline |
|
|
209 | (3) |
|
10.5 Patterns for tagging images |
|
|
212 | (5) |
|
|
|
212 | (1) |
|
Continuous delivery with unique tags |
|
|
213 | (1) |
|
Configuration image per deployment stage |
|
|
214 | (1) |
|
|
|
215 | (2) |
|
Part 3 Higher-level abstractions and orchestration |
|
|
217 | (84) |
|
11 Services with Docker and Compose |
|
|
219 | (25) |
|
11.1 A service "Hello World!" |
|
|
220 | (9) |
|
Automated resurrection and replication |
|
|
222 | (2) |
|
|
|
224 | (2) |
|
Service health and rollback |
|
|
226 | (3) |
|
11.2 Declarative service environments with Compose V3 |
|
|
229 | (8) |
|
|
|
231 | (2) |
|
Collections of services with Compose V3 |
|
|
233 | (4) |
|
11.3 Stateful services and preserving data |
|
|
237 | (2) |
|
11.4 Load balancing, service discovery, and networks with Compose |
|
|
239 | (5) |
|
12 First-class configuration abstractions |
|
|
244 | (20) |
|
12.1 Configuration distribution and management |
|
|
245 | (2) |
|
12.2 Separating application and configuration |
|
|
247 | (8) |
|
Working with the config resource |
|
|
249 | (1) |
|
Deploying the application |
|
|
250 | (1) |
|
Managing config resources directly |
|
|
251 | (4) |
|
12.3 Secrets---A special kind of configuration |
|
|
255 | (9) |
|
|
|
257 | (7) |
|
13 Orchestrating services on a cluster of Docker hosts with Swarm |
|
|
264 | (37) |
|
13.1 Clustering with Docker Swarm |
|
|
264 | (3) |
|
Introducing Docker Swarm mode |
|
|
265 | (2) |
|
Deploying a Swarm cluster |
|
|
267 | (1) |
|
13.2 Deploying an application to a Swarm cluster |
|
|
267 | (11) |
|
Introducing Docker Swarm cluster resource types |
|
|
267 | (1) |
|
Defining an application and its dependencies by using Docker services |
|
|
268 | (5) |
|
Deploying the application |
|
|
273 | (5) |
|
13.3 Communicating with services running on a Swarm cluster |
|
|
278 | (9) |
|
Routing client requests to services by using the Swarm routing mesh |
|
|
278 | (3) |
|
Working with overlay networks |
|
|
281 | (1) |
|
Discovering services on an overlay network |
|
|
282 | (2) |
|
Isolating service-to-service communication with overlay networks |
|
|
284 | (2) |
|
|
|
286 | (1) |
|
13.4 Placing service tasks on the cluster |
|
|
287 | (14) |
|
|
|
288 | (4) |
|
Constraining where tasks run |
|
|
292 | (5) |
|
Using global services for one task per node |
|
|
297 | (2) |
|
Deploying real applications onto real clusters |
|
|
299 | (2) |
| Index |
|
301 | |
