Docker in Action

Jeff Nickoloff is a software engineer who has presented Docker and its applications to hundreds of engineers and administrators at Desert Code Camp, Amazon.com, and other technology meetups. His experience includes providing high availability services, scaling to thousands of transactions per second and microservices architecture at Amazon.com; and a long development background at Limelight Networks and Arizona State University.

foreword
preface
acknowledgements
about this book
about the cover illustration
Part 1: Keeping a tidy and trustworthy computer
1. Welcome to Docker
1.1. What is Docker?
1.1.1. Containers
1.1.2. Containers are not virtualization
1.1.3. Running software in containers for isolation
1.1.4. Shipping containers
1.2. What problems does Docker solve?
1.2.1. Getting organized
1.2.2. Improving portability
1.2.3. Protecting your computer
1.3. Why is Docker important?
1.4. Where and when to use Docker
1.5. Example: "Hello World"
1.6. Summary
2. Running software in containers
2.1. Getting help with the Docker command line
2.2. Controlling containers: building a website monitor
2.2.1. Creating and starting a new container
2.2.2. Running interactive containers
2.2.3. Listing, stopping, restarting, and viewing output of containers
2.3. Solved problems and the PID namespace
2.4. Eliminating metaconflicts: building a website farm
2.4.1. Flexible container identification
2.4.2. Container state and dependencies
2.5. Building environment-agnostic systems
2.5.1. Read-only file systems
2.5.2. Environment variable injection
2.6. Building durable containers
2.6.1. Automatically restarting containers
2.6.2. Keeping containers running with supervisor and startup processes
2.7. Cleaning up
2.8. Summary
3. Software installation simplified
3.1. Identifying software
3.1.1. What is a repository?
3.1.2. Using tags
3.2. Finding and installing software
3.2.1. Docker Hub from the command line
3.2.2. Docker Hub from the website
3.2.3. Using alternative registries
3.2.4. Images as files
3.2.5. Installing from a Dockerfile
3.3. Installation files and isolation
3.3.1. Image layers in action
3.3.2. Layer relationships
3.3.3. Container file system abstraction and isolation
3.3.4. Benefits of this toolset and file system structure
3.3.5. Weaknesses of union file systems
3.4. Summary
4. Persistent storage and shared state with volumes
4.1. Introducing volumes
4.1.1. Volumes provide container-independent data management
4.1.2. Using volumes with a NoSQL database
4.2. Volume types
4.2.1. Bind mount volumes
4.2.2. Docker managed volumes
4.3. Sharing volumes
4.3.1. Host-dependent sharing
4.3.2. Generalized sharing and the volumes-from flag
4.4. The managed volume life cycle
4.4.1. Volume ownership
4.4.2. Cleaning up volumes
4.5. Advanced container patterns with volumes
4.5.1. Volume container pattern
4.5.2. Data-packed volume containers
4.5.3. Polymorphic container pattern
4.6. Summary
5. Network exposure
5.1. Networking background
5.1.1. Basics: protocols, interfaces, and ports
5.1.2. Bigger picture: networks, NAT, and port forwarding
5.2. Docker container networking
5.2.1. The local Docker network topology
5.2.2. Four network container archetypes
5.3. Closed containers
5.4. Bridged containers
5.4.1. Reaching out
5.4.2. Custom name resolution
5.4.3. Opening inbound communication
5.4.4. Inter-container communication
5.4.5. Modifying the bridge interface
5.5. Joined containers
5.6. Open containers
5.7. Inter-container dependencies
5.7.1. Introducing links for local service discovery
5.7.2. Link aliases
5.7.3. Environment modifications
5.7.4. Link nature and shortcomings
5.8. Summary
6. Limiting risk with isolation
6.1. Resource allowances
6.1.1. Memory limits
6.1.2. CPU
6.1.3. Access to devices
6.2. Shared memory
6.2.1. Sharing IPC primitives between containers
6.2.2. Using an open memory container
6.3. Understanding users
6.3.1. Introduction to the Linux user namespace
6.3.2. Working with the run-as user
6.3.3. Users and volumes
6.4. Adjusting OS feature access with capabilities
6.5. Running a container with full privileges
6.6. Stronger containers with enhanced tools
6.6.1. Specifying additional security options
6.6.2. Fine-tuning with LXC
6.7. Build use-case-appropriate containers
6.7.1. Applications
6.7.2. High-level system services
6.7.3. Low-level system services
6.8. Summary
Part 2: Packaging software for distribution
7. Packaging software in images
7.1. Building Docker images from a container
7.1.1. Packaging Hello World
7.1.2. Preparing packaging for Git
7.1.3. Reviewing file system changes
7.1.4. Committing a new image
7.1.5. Configurable image attributes
7.2. Going deep on Docker images and layers
7.2.1. An exploration of union file systems
7.2.2. Reintroducing images, layers, repositories, and tags
7.2.3. Managing image size and layer limits
7.3. Exporting and importing flat file systems
7.4. Versioning best practices
7.5. Summary
8. Build automation and advanced image considerations
8.1. Packaging Git with a Dockerfile
8.2. A Dockerfile primer
8.2.1. Metadata instructions
8.2.2. File system instructions
8.3. Injecting downstream build-time behavior
8.4. Using startup scripts and multiprocess containers
8.4.1. Environmental preconditions validation
8.4.2. Initialization processes
8.5. Building hardened application images
8.5.1. Content addressable image identifiers
8.5.2. User permissions
8.5.3. SUID and SGID permissions
8.6. Summary
9. Public and private software distribution
9.1. Choosing a distribution method
9.1.1. A distribution spectrum
9.1.2. Selection criteria
9.2. Publishing with hosted registries
9.2.1. Publishing with public repositories: Hello, World via Docker Hub
9.2.2. Publishing public projects with automated builds
9.2.3. Private hosted repositories
9.3. Introducing private registries
9.3.1. Using the registry image
9.3.2. Consuming images from your registry
9.4. Manual image publishing and distribution
9.4.1. A sample distribution infrastructure using the File Transfer Protocol
9.5. Image source distribution workflows
9.5.1. Distributing a project with Dockerfile on GitHub
9.6. Summary
10. Running customized registries
10.1. Running a personal registry
10.1.1. Reintroducing the Image
10.1.2. Introducing the V2 API
10.1.3. Customizing the Image
10.2. Enhancements for centralized registries
10.2.1. Creating a reverse proxy
10.2.2. Configuring HTTPS (TLS) on the reverse proxy
10.2.3. Adding an authentication layer
10.2.4. Client compatibility
10.2.5. Before going to production
10.3. Durable blob storage
10.3.1. Hosted remote storage with Microsoft's Azure
10.3.2. Hosted remote storage with Amazon's Simple Storage Service
10.3.3. Internal remote storage with RADOS (Ceph)
10.4. Scaling access and latency improvements
10.4.1. Integrating a metadata cache
10.4.2. Streamline blob transfer with storage middleware
10.5. Integrating through notifications
10.6. Summary
Part 3: Multi-Container and Multi-Host Environments
11. Declarative environments with Docker Compose
11.1. Docker Compose: up and running on day one
11.1.1. Onboarding with a simple development environment
11.1.2. A complicated architecture: distribution and Elasticsearch integration
11.2. Iterating within an Environment
11.2.1. Build, start, and rebuild services
11.2.2. Scale and remove services
11.2.3. Iteration and persistent state
11.2.4. Linking problems and the network
11.3. Starting a new project: Compose YAML in three samples
11.3.1. Prelaunch builds, the environment, metadata, and networking
11.3.2. Known artifacts and bind-mount Volumes
11.3.3. Volume containers and extended services
11.4. Summary
12. Clusters with Machine and Swarm
12.1. Introducing Docker Machine
12.1.1. Building and managing Docker Machines
12.1.2. Configuring Docker clients to work with remote daemons
12.2. Introducing Docker Swarm
12.2.1. Building a Swarm cluster with Docker Machine
12.2.2. Swarm extends the Docker Remote API
12.3. Swarm scheduling
12.3.1. The Spread algorithm
12.3.2. Fine tune scheduling with filters
12.3.3. Scheduling with BinPack and Random
12.4. Swarm service discovery
12.4.1. Swarm and single-host networking
12.4.2. Ecosystem service discovery and stop-gap measures
12.4.3. Looking forward to multi-host networking
12.5. Summary
index

All there is to know about Docker. Clear, complete, and precise. Jean-Pol Landrain, Agile Partner Luxembourg.

Will help you transition quickly to effective Docker use in complex real-world situations. Peter Sellars, Fraedom.

An indispensable guide to understanding Docker and how it fits into your infrastructure. Jeremy Gailor, Gracenote.

A compelling narrative for real-world Docker solutions. A must-read! John Guthrie, Pivotal, Inc.