Docker in Action

Jeff Nickoloff is a software engineer who has presented Docker and its applications to hundreds of engineers and administrators at Desert Code Camp, Amazon.com, and other technology meetups. His experience includes providing high availability services, scaling to thousands of transactions per second and microservices architecture at Amazon.com; and a long development background at Limelight Networks and Arizona State University. Stephen Kuenzli has designed, built, deployed, and operated highly-available, scalable software systems in high tech manufacturing, banking, and ecommerce systems for nearly 20 years

Part 1: Process Isolation and Environment-Independent Computing
1 Welcome to Docker
1.1 What is Docker?
1.1.1 “Hello, World”
1.1.2 Containers
1.1.3 Containers are not virtualization
1.1.4 Running software in containers for isolation
1.1.5 Shipping containers
1.2 What problems does Docker solve?
1.2.1 Getting organized
1.2.2 Improving portability
1.2.3 Protecting your computer
1.3 Why is Docker important?
1.4 Where and when to use Docker
1.5 Docker in the Larger Ecosystem
1.6 Getting help with the Docker command line
1.7 Summary

2 Running software in containers
2.1 Controlling containers: building a website monitor
2.1.1 Creating and starting a new container
2.1.2 Running interactive containers
2.1.3 Listing, stopping, restarting, and viewing output of containers
2.2 Solved problems and the PID namespace
2.3 Eliminating metaconflicts: building a website farm
2.3.1 Flexible container identification
2.3.2 Container state and dependencies
2.4 Building environment-agnostic systems
2.4.1 Read-only file systems
2.4.2 Environment variable injection
2.5 Building durable containers
2.5.1 Automatically restarting containers
2.5.2 PID 1 and init systems
2.6 Cleaning up
2.7 Summary

3 Software installation simplified
3.1 Identifying software
3.1.1 What is a named repository?
3.1.2 Using tags
3.2 Finding and installing software
3.2.1 Working with Docker registries from the command line
3.2.2 Using alternative registries
3.2.3 Images as files
3.2.4 Installing from a Dockerfile
3.2.5 Docker Hub from the website
3.3 Installation files and isolation
3.3.1 Image layers in action
3.3.2 Layer relationships
3.3.3 Container file system abstraction and isolation
3.3.4 Benefits of this toolset and file system structure
3.3.5 Weaknesses of union file systems
3.4 Summary

4 Working with storage and volumes
4.1 File trees and mount points
4.2 Bind mounts
4.3 In-memory storage
4.4 Docker volumes
4.4.1 Volumes provide container-independent data management
4.4.2 Using volumes with a NoSQL database
4.5 Shared mount points and sharing files
4.5.1 Anonymous volumes and the volumes-from flag
4.6 Cleaning up volumes
4.7 Advanced storage with volume plugins
4.8 Summary

5 Single Host Networking
5.1 Networking background (for beginners)
5.1.1 Basics: protocols, interfaces, and ports
5.1.2 Bigger picture: networks, NAT, and port forwarding
5.2 Docker container networking
5.2.1 Creating a user-defined bridge network
5.2.2 Exploring a bridge network
5.2.3 Beyond bridge networks
5.3 Special container networks: host and none
5.4 Handling inbound traffic with NodePort publishing
5.5 Container Networking Caveats and Customizations
5.5.1 No firewalls or network policies
5.5.2 Custom DNS configuration
5.5.3 Externalizing network management
5.6 Summary

6 Limiting risk with resource controls
6.1 Resource allowances
6.1.1 Memory limits
6.1.2 CPU
6.1.3 Access to devices
6.2 Shared memory
6.2.1 Sharing IPC primitives between containers
6.3 Understanding users
6.3.1 Working with the run-as user
6.3.2 Users and volumes
6.3.3 Introduction to the Linux user namespace and uid remapping
6.4 Adjusting OS feature access with capabilities
6.5 Running a container with full privileges
6.6 Stronger containers with enhanced tools
6.6.1 Specifying additional security options
6.7 Build use-case-appropriate containers
6.7.1 Applications
6.7.2 High-level system services
6.7.3 Low-level system services
6.8 Summary

Part 2: Packaging Software for Distribution
7 Packaging software in images
7.1 Building Docker images from a container
7.1.1 Packaging Hello World
7.1.2 Preparing packaging for Git
7.1.3 Reviewing file system changes
7.1.4 Committing a new image
7.1.5 Configurable image attributes
7.2 Going deep on Docker images and layers
7.2.1 An exploration of union file systems
7.2.2 Reintroducing images, layers, repositories, and tags
7.2.3 Managing image size and layer limits
7.3 Exporting and importing flat file systems
7.4 Versioning best practices
7.5 Summary

8 Building images automatically with Dockerfiles
8.1 Packaging Git with a Dockerfile
8.2 A Dockerfile primer
8.2.1 Metadata instructions
8.2.2 File system instructions
8.3 Injecting downstream build-time behavior
8.4 Creating maintainable Dockerfiles
8.5 Using startup scripts and multiprocess containers
8.5.1 Environmental preconditions validation
8.5.2 Initialization processes
8.5.3 The Purpose and Use of Health Checks
8.6 Building hardened application images
8.6.1 Content addressable image identifiers
8.6.2 User permissions
8.6.3 SUID and SGID permissions
8.7 Summary

9 Public and private software distribution
9.1 Choosing a distribution method
9.1.1 A distribution spectrum
9.1.2 Selection criteria
9.2 Publishing with hosted registries
9.2.1 Publishing with public repositories: Hello World via Docker Hub
9.2.2 Private hosted repositories
9.3 Introducing private registries
9.3.1 Using the registry image
9.3.2 Consuming images from your registry
9.4 Manual image publishing and distribution
9.4.1 A sample distribution infrastructure using the File Transfer Protocol
9.5 Image source distribution workflows
9.5.1 Distributing a project with Dockerfile on GitHub
9.6 Summary

10 Image Pipelines
10.1 Goals of an image build pipeline
10.2 Patterns for building images
10.2.1 All-in-one images
10.2.2 Separate build and runtime images
10.2.3 Create variations of application runtime image using multi-stage builds
10.3 Record metadata at image build time
10.3.1 Orchestrating the build with make
10.4 Testing images in a build pipeline
10.5 Patterns for tagging images
10.5.1 Background
10.5.2 Continuous Delivery with Unique Tags
10.5.3 Configuration image per deployment stage
10.5.4 Semantic Versioning
10.6 Summary

Part 3: Higher-Level Abstractions and Orchestration
11 Services with Docker and Compose
11.1 A Service “Hello, World”!
11.1.1 Automated resurrection and replication
11.1.2 Automated Rollout
11.1.3 Service health and rollback
11.2 Declarative Service Environments with Compose V3
11.2.1 A YAML Primer
11.2.2 Collections of Services with Compose V3
11.3 Stateful services and preserving data
11.4 Load balancing, service discovery, and networks with Compose
11.5 Summary

12 First-Class Configuration Abstractions
12.1 Configuration Distribution and Management
12.1.1 Application configuration lifecycles
12.2 Separating Application & Configuration
12.2.1 The Config Resource
12.2.2 Deploy the application
12.2.3 Managing Config Resources Directly
12.3 Secrets - A special kind of Configuration
12.3.1 Using Docker Secrets
12.4 Summary

13 Orchestrate Services on a Cluster of Docker Hosts with Swarm
13.1 Clustering with Docker Swarm
13.1.1 Introducing Docker Swarm Mode
13.1.2 Deploying a Swarm Cluster
13.2 Deploy an Application to a Swarm Cluster
13.2.1 Introducing Docker Swarm Cluster Resource Types
13.2.2 Define an Application and its Dependencies Using Docker Services Service
13.2.3 Deploy the Application
13.3 Communicating with Services Running on a Swarm cluster
13.3.1 Routing Client Requests to Services Using the Swarm Routing Mesh
13.3.2 Overlay Networks
13.3.3 Discovering Services on an Overlay Network
13.3.4 Isolating Service-Service Communication with Overlay Networks
13.3.5 Load Balancing
13.4 Placing Service Tasks on the Cluster
13.4.1 Replicated Services
13.4.2 Constraining Where Tasks Run
13.4.3 Global Services for One Task per Node
13.4.4 Deployment of Real Applications Onto Real Clusters
13.5 Summary