Book Image

Mastering Docker, Fourth Edition - Fourth Edition

Book Image

Mastering Docker, Fourth Edition - Fourth Edition

Overview of this book

Docker has been a game changer when it comes to how modern applications are deployed and created. It has now grown into a key driver of innovation beyond system administration, with a significant impact on the world of web development. Mastering Docker shows you how you can ensure that you're keeping up with the innovations it's driving and be sure you're using it to its full potential. This fourth edition not only demonstrates how to use Docker more effectively but also helps you rethink and reimagine what you can achieve with it. You'll start by building, managing, and storing images along with exploring best practices for working with Docker confidently. Once you've got to grips with Docker security, the book covers essential concepts for extending and integrating Docker in new and innovative ways. You'll also learn how to take control of your containers efficiently using Docker Compose, Docker Swarm, and Kubernetes. By the end of this Docker book, you’ll have a broad yet detailed sense of what's possible with Docker and how seamlessly it fits in with a range of other platforms and tools.
Table of Contents (22 chapters)
1
Section 1: Getting Up and Running with Docker
8
Section 2: Clusters and Clouds
16
Section 3: Best Practices

Docker commands

There are two commands that we will be looking at. The first will be the docker container run command so that you can see some of the items that you can use to your advantage with this command. Secondly, we will take a look at the docker container diff command, which you can use to view what has been done with the image that you are planning to use.

Let's take a look at how we can use these two commands to help secure our containers.

The Docker Run command

With respect to the docker run command, we will mainly focus on the option that allows you to set everything inside the container as read-only, instead of a specified directory or volume. This helps to limit the amount of damage that can be caused by malicious "applications" that could also hijack a vulnerable application by updating its binaries.

Let's take a look at how to launch a read-only container, and then break down what it does, as follows:

$ docker container run -d --name...