Docker in Action
Jeff Nickoloff
Foreword by Ahmet Alp Balkan
  • March 2016
  • ISBN 9781633430235
  • 304 pages
  • printed in black & white

In this book, Jeff goes from zero to Docker, showing practices of deploying Docker in production and demonstrating many features of Docker.

FROM THE FOREWORD by Ahmet Alp Balkan, Microsoft

Docker in Action teaches readers how to create, deploy, and manage applications hosted in Docker containers. After starting with a clear explanation of the Docker model, you will learn how to package applications in containers, including techniques for testing and distributing applications. You will also learn how to run programs securely and how to manage shared resources. Using carefully designed examples, the book teaches you how to orchestrate containers and applications from installation to removal. Along the way, you'll discover techniques for using Docker on systems ranging from dev-and-test machines to full-scale cloud deployments.

Table of Contents detailed table of contents




about this book

about the cover illustration

Part 1: Keeping a tidy and trustworthy computer

1. Welcome to Docker

1.1. What is Docker?

1.1.1. Containers

1.1.2. Containers are not virtualization

1.1.3. Running software in containers for isolation

1.1.4. Shipping containers

1.2. What problems does Docker solve?

1.2.1. Getting organized

1.2.2. Improving portability

1.2.3. Protecting your computer

1.3. Why is Docker important?

1.4. Where and when to use Docker

1.5. Example: "Hello World"

1.6. Summary

2. Running software in containers

2.1. Getting help with the Docker command line

2.2. Controlling containers: building a website monitor

2.2.1. Creating and starting a new container

2.2.2. Running interactive containers

2.2.3. Listing, stopping, restarting, and viewing output of containers

2.3. Solved problems and the PID namespace

2.4. Eliminating metaconflicts: building a website farm

2.4.1. Flexible container identification

2.4.2. Container state and dependencies

2.5. Building environment-agnostic systems

2.5.1. Read-only file systems

2.5.2. Environment variable injection

2.6. Building durable containers

2.6.1. Automatically restarting containers

2.6.2. Keeping containers running with supervisor and startup processes

2.7. Cleaning up

2.8. Summary

3. Software installation simplified

3.1. Identifying software

3.1.1. What is a repository?

3.1.2. Using tags

3.2. Finding and installing software

3.2.1. Docker Hub from the command line

3.2.2. Docker Hub from the website

3.2.3. Using alternative registries

3.2.4. Images as files

3.2.5. Installing from a Dockerfile

3.3. Installation files and isolation

3.3.1. Image layers in action

3.3.2. Layer relationships

3.3.3. Container file system abstraction and isolation

3.3.4. Benefits of this toolset and file system structure

3.3.5. Weaknesses of union file systems

3.4. Summary

4. Persistent storage and shared state with volumes

4.1. Introducing volumes

4.1.1. Volumes provide container-independent data management

4.1.2. Using volumes with a NoSQL database

4.2. Volume types

4.2.1. Bind mount volumes

4.2.2. Docker managed volumes

4.3. Sharing volumes

4.3.1. Host-dependent sharing

4.3.2. Generalized sharing and the volumes-from flag

4.4. The managed volume life cycle

4.4.1. Volume ownership

4.4.2. Cleaning up volumes

4.5. Advanced container patterns with volumes

4.5.1. Volume container pattern

4.5.2. Data-packed volume containers

4.5.3. Polymorphic container pattern

4.6. Summary

5. Network exposure

5.1. Networking background

5.1.1. Basics: protocols, interfaces, and ports

5.1.2. Bigger picture: networks, NAT, and port forwarding

5.2. Docker container networking

5.2.1. The local Docker network topology

5.2.2. Four network container archetypes

5.3. Closed containers

5.4. Bridged containers

5.4.1. Reaching out

5.4.2. Custom name resolution

5.4.3. Opening inbound communication

5.4.4. Inter-container communication

5.4.5. Modifying the bridge interface

5.5. Joined containers

5.6. Open containers

5.7. Inter-container dependencies

5.7.3. Environment modifications

5.8. Summary

6. Limiting risk with isolation

6.1. Resource allowances

6.1.1. Memory limits

6.1.2. CPU

6.1.3. Access to devices

6.2. Shared memory

6.2.1. Sharing IPC primitives between containers

6.2.2. Using an open memory container

6.3. Understanding users

6.3.1. Introduction to the Linux user namespace

6.3.2. Working with the run-as user

6.3.3. Users and volumes

6.4. Adjusting OS feature access with capabilities

6.5. Running a container with full privileges

6.6. Stronger containers with enhanced tools

6.6.1. Specifying additional security options

6.6.2. Fine-tuning with LXC

6.7. Build use-case-appropriate containers

6.7.1. Applications

6.7.2. High-level system services

6.7.3. Low-level system services

6.8. Summary

Part 2: Packaging software for distribution

7. Packaging software in images

7.1. Building Docker images from a container

7.1.1. Packaging Hello World

7.1.2. Preparing packaging for Git

7.1.3. Reviewing file system changes

7.1.4. Committing a new image

7.1.5. Configurable image attributes

7.2. Going deep on Docker images and layers

7.2.1. An exploration of union file systems

7.2.2. Reintroducing images, layers, repositories, and tags

7.2.3. Managing image size and layer limits

7.3. Exporting and importing flat file systems

7.4. Versioning best practices

7.5. Summary

8. Build automation and advanced image considerations

8.1. Packaging Git with a Dockerfile

8.2. A Dockerfile primer

8.2.1. Metadata instructions

8.2.2. File system instructions

8.3. Injecting downstream build-time behavior

8.4. Using startup scripts and multiprocess containers

8.4.1. Environmental preconditions validation

8.4.2. Initialization processes

8.5. Building hardened application images

8.5.1. Content addressable image identifiers

8.5.2. User permissions

8.5.3. SUID and SGID permissions

8.6. Summary

9. Public and private software distribution

9.1. Choosing a distribution method

9.1.1. A distribution spectrum

9.1.2. Selection criteria

9.2. Publishing with hosted registries

9.2.1. Publishing with public repositories: Hello, World via Docker Hub

9.2.2. Publishing public projects with automated builds

9.2.3. Private hosted repositories

9.3. Introducing private registries

9.3.1. Using the registry image

9.3.2. Consuming images from your registry

9.4. Manual image publishing and distribution

9.4.1. A sample distribution infrastructure using the File Transfer Protocol

9.5. Image source distribution workflows

9.5.1. Distributing a project with Dockerfile on GitHub

9.6. Summary

10. Running customized registries

10.1. Running a personal registry

10.1.1. Reintroducing the Image

10.1.2. Introducing the V2 API

10.1.3. Customizing the Image

10.2. Enhancements for centralized registries

10.2.1. Creating a reverse proxy

10.2.2. Configuring HTTPS (TLS) on the reverse proxy

10.2.3. Adding an authentication layer

10.2.4. Client compatibility

10.2.5. Before going to production

10.3. Durable blob storage

10.3.1. Hosted remote storage with Microsoft's Azure

10.3.2. Hosted remote storage with Amazon's Simple Storage Service

10.3.3. Internal remote storage with RADOS (Ceph)

10.4. Scaling access and latency improvements

10.4.1. Integrating a metadata cache

10.4.2. Streamline blob transfer with storage middleware

10.5. Integrating through notifications

10.6. Summary

Part 3: Multi-Container and Multi-Host Environments

11. Declarative environments with Docker Compose

11.1. Docker Compose: up and running on day one

11.1.1. Onboarding with a simple development environment

11.1.2. A complicated architecture: distribution and Elasticsearch integration

11.2. Iterating within an Environment

11.2.1. Build, start, and rebuild services

11.2.2. Scale and remove services

11.2.3. Iteration and persistent state

11.2.4. Linking problems and the network

11.3. Starting a new project: Compose YAML in three samples

11.3.1. Prelaunch builds, the environment, metadata, and networking

11.3.2. Known artifacts and bind-mount Volumes

11.3.3. Volume containers and extended services

11.4. Summary

12. Clusters with Machine and Swarm

12.1. Introducing Docker Machine

12.1.1. Building and managing Docker Machines

12.1.2. Configuring Docker clients to work with remote daemons

12.2. Introducing Docker Swarm

12.2.1. Building a Swarm cluster with Docker Machine

12.2.2. Swarm extends the Docker Remote API

12.3. Swarm scheduling

12.3.1. The Spread algorithm

12.3.2. Fine tune scheduling with filters

12.3.3. Scheduling with BinPack and Random

12.4. Swarm service discovery

12.4.1. Swarm and single-host networking

12.4.2. Ecosystem service discovery and stop-gap measures

12.4.3. Looking forward to multi-host networking

12.5. Summary


About the Technology

The idea behind Docker is simple. Create a tiny virtual environment, called a container, that holds just your application and its dependencies. The Docker engine uses the host operating system to build and account for these containers. They are easy to install, manage, and remove. Applications running inside containers share resources, making their footprints small.

What's inside

  • Packaging containers for deployment
  • Installing, managing, and removing containers
  • Working with Docker images
  • Distributing with DockerHub

About the reader

Readers need only have a working knowledge of the Linux OS. No prior knowledge of Docker is assumed.

About the author

A software engineer, Jeff Nickoloff has presented Docker and its applications to hundreds of developers and administrators at Desert Code Camp,, and technology meetups.

combo $49.99 pBook + eBook
eBook $39.99 pdf + ePub + kindle

FREE domestic shipping on three or more pBooks

All there is to know about Docker. Clear, complete, and precise.

Jean-Pol Landrain, Agile Partner Luxembourg

A compelling narrative for real-world Docker solutions. A must-read!

John Guthrie, Pivotal, Inc.

An indispensable guide to understanding Docker and how it fits into your infrastructure.

Jeremy Gailor, Gracenote

Will help you transition quickly to effective Docker use in complex real-world situations.

Peter Sellars, Fraedom