Book Image

Docker for Developers

By : Richard Bullington-McGuire, Andrew K. Dennis, Michael Schwartz
2 (1)
Book Image

Docker for Developers

2 (1)
By: Richard Bullington-McGuire, Andrew K. Dennis, Michael Schwartz

Overview of this book

Docker is the de facto standard for containerizing apps, and with an increasing number of software projects migrating to containers, it is crucial for engineers and DevOps teams to understand how to build, deploy, and secure Docker environments effectively. Docker for Developers will help you understand Docker containers from scratch while taking you through best practices and showing you how to address security concerns. Starting with an introduction to Docker, you’ll learn how to use containers and VirtualBox for development. You’ll explore how containers work and develop projects within them after you’ve explored different ways to deploy and run containers. The book will also show you how to use Docker containers in production in both single-host set-ups and in clusters and deploy them using Jenkins, Kubernetes, and Spinnaker. As you advance, you’ll get to grips with monitoring, securing, and scaling Docker using tools such as Prometheus and Grafana. Later, you’ll be able to deploy Docker containers to a variety of environments, including the cloud-native Amazon Elastic Kubernetes Service (Amazon EKS), before finally delving into Docker security concepts and best practices. By the end of the Docker book, you’ll be able to not only work in a container-driven environment confidently but also use Docker for both new and existing projects.

Related Content you might be interested in

Current Title:

Small book image
Docker for Developers
Richard Bullington-McGuire | Andrew K. Dennis | Michael Schwartz
Sep, 2020 | 468 pages
Small book image
Mastering Docker
Russ McKendrick | Scott Gallagher
Oct, 2018 | 426 pages
Small book image
Modern DevOps Practices
Gaurav Agarwal
Sep, 2021 | 530 pages
Small book image
Mastering Docker, Fourth Edition
Russ McKendrick
Oct, 2020 | 568 pages
Table of Contents (21 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: An Introduction to Docker – Containers and Local Development
Section 1: An Introduction to Docker – Containers and Local Development
Free Chapter
2
Chapter 1: Introduction to Docker
Chapter 1: Introduction to Docker
The drivers for Docker
Using virtualization to economize resource usage
Addressing the increasing power requirements
Using containers to further optimize data center resources
Summary
Further reading
3
Chapter 2: Using VirtualBox and Docker Containers for Development
Chapter 2: Using VirtualBox and Docker Containers for Development
Technical requirements
Host filesystem pollution problem
Using VirtualBox for virtual machines
Using Docker containers
Getting started with Docker
Summary
Further reading
4
Chapter 3: Sharing Containers Using Docker Hub
Chapter 3: Sharing Containers Using Docker Hub
Technical requirements
Introducing Docker Hub
Implementing a MongoDB container for our application
Introducing the microservices architecture
Implementing a sample microservices application
Sharing your containers on Docker Hub
Summary
Further reading
5
Chapter 4: Composing Systems Using Containers
Chapter 4: Composing Systems Using Containers
Technical requirements
Introduction to Docker Compose
Using Docker local networking
Binding a host filesystem within containers
Other composition tools
Summary
Further reading
6
Section 2: Running Docker in Production
Section 2: Running Docker in Production
7
Chapter 5: Alternatives for Deploying and Running Containers in Production
Chapter 5: Alternatives for Deploying and Running Containers in Production
Technical requirements
Example application – ShipIt Clicker
Running Docker in production – many paths, choose wisely
What is the minimum realistic production environment?
Managed cloud services
Running your own Kubernetes cluster – from bare metal to OpenStack
Deciding on the right Docker production setup
Summary
8
Chapter 6: Deploying Applications with Docker Compose
Chapter 6: Deploying Applications with Docker Compose
Technical requirements
Selecting a host and operating system for single-host deployment
Preparing the host for Docker and Docker Compose
Deploying using configuration files and support scripts
Monitoring small deployments – logging and alerting
Limitations of single-host deployment
Summary
Further reading
9
Chapter 7: Continuous Deployment with Jenkins
Chapter 7: Continuous Deployment with Jenkins
Technical requirements
Using Jenkins to facilitate continuous deployment
The Jenkinsfile and host connectivity
Driving configuration changes through Jenkins
Deploying to multiple environments through multiple branches
Complexity and limits to scaling deployments through Jenkins
Summary
Further reading
10
Chapter 8: Deploying Docker Apps to Kubernetes
Chapter 8: Deploying Docker Apps to Kubernetes
Technical requirements
Options for Kubernetes local installation
Deploying a sample application – ShipIt Clicker v4
Choosing a Kubernetes distribution
Spinning up AWS EKS with CloudFormation
Deploying an application with resource limits to Kubernetes on AWS EKS
Using AWS Elastic Container Registry with AWS EKS
Summary
11
Chapter 9: Cloud-Native Continuous Deployment Using Spinnaker
Chapter 9: Cloud-Native Continuous Deployment Using Spinnaker
Technical requirements
Improving your setup for Kubernetes application maintenance
Spinnaker – when and why you might need more sophisticated deployments
Setting up Spinnaker in an AWS EKS cluster using Helm
Deploying ShipIt Clicker with a simple deployment strategy in Spinnaker
Surveying Spinnaker's deployment and testing features
Summary
Further reading
12
Chapter 10: Monitoring Docker Using Prometheus, Grafana, and Jaeger
Chapter 10: Monitoring Docker Using Prometheus, Grafana, and Jaeger
Technical requirements
Docker logging and container runtime logging
Using the liveness, readiness, and startup probes in Kubernetes
Gathering metrics and sending alerts with Prometheus
Visualizing operational data with Grafana
Application performance monitoring with Jaeger
Summary
Further reading
13
Chapter 11: Scaling and Load Testing Docker Applications
Chapter 11: Scaling and Load Testing Docker Applications
Technical requirements
Scaling your Kubernetes cluster
What is Envoy, and why might I need it?
Testing scalability and performance with k6
Summary
Further reading
14
Section 3: Docker Security – Securing Your Containers
Section 3: Docker Security – Securing Your Containers
15
Chapter 12: Introduction to Container Security
Chapter 12: Introduction to Container Security
Technical requirements
Virtualization and hypervisor security models
Container security models
Docker Engine and containerd – Linux security features
A note on cgroups
An overview of best practices
Summary
16
Chapter 13: Docker Security Fundamentals and Best Practices
Chapter 13: Docker Security Fundamentals and Best Practices
Technical requirements
Docker image security
Security around Docker commands
Security around the build process
Limiting resources and capabilities when deploying your builds
Summary
17
Chapter 14: Advanced Docker Security – Secrets, Secret Commands, Tagging, and Labels
Chapter 14: Advanced Docker Security – Secrets, Secret Commands, Tagging, and Labels
Technical requirements
Securely storing secrets in Docker
Adding, inspecting, and removing secrets
Secrets in action – examples
Docker tags for security
Using labels for metadata application
Summary
18
Chapter 15: Scanning, Monitoring, and Using Third-Party Tools
Chapter 15: Scanning, Monitoring, and Using Third-Party Tools
Technical requirements
Scanning and monitoring – cloud and DevOps security for containers
Securing your containers using AWS
Securing your containers using Azure
Securing your containers using GCP
Summary
Further reading
19
Chapter 16: Conclusion – End of the Road, but not the Journey
Chapter 16: Conclusion – End of the Road, but not the Journey
Technical requirements
Wrapping up – let's get started
What we learned about development
Next steps for taking your DevOps knowledge further
A summary on security and where to go next
Summary
20
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Using virtualization to economize resource usage

Virtualization is the process of exposing a portion of a physical machine as a logical or virtual machine that acts enough like a real machine that it supports the installation of whole operating systems, their filesystems, and the software that runs on the operating system. For example, a machine with 64 GB of RAM and 4 CPUs could run virtualization software that masquerades as four 16 GB RAM machines with 1 CPU each. This machine could run four instances of Linux.

Virtualization is not a new concept, having been implemented by IBM in the early 1960s. It likely gained in overall popularity during the 1980s when it was used to run MS-DOS, and then Windows by computer systems such as the original Apple Macintosh (Mac) and Unix computers such as the Sun and Silicon Graphics workstations.

Initial virtualization software used what features were available on CPUs of the time, but often simply emulated the instruction set of the x86 on the 68000 family or custom CPUs of the professional Unix workstations. SoftPC was one of the most popular offerings in the 1980s.

SoftPC was quite slow, but the ability to run Windows or MS-DOS applications on a Mac computer allowed the use of these machines in business and education environments. Instead of adding Microsoft Office compatibility to all the programs on the Mac to support exchanging files between Windows/MS-DOS users and Mac users, users could run Microsoft Office.

People saw it in action and saw the value in it. Windows was the dominant operating system for home and business, and to fit in with Windows in the corporate environment, something like SoftPC was needed. The problem with SoftPC is that it was pure software emulation, which was quite slow in actual use. Virtualization is superior to emulation in terms of performance!

Entire companies were founded around providing consumer or business virtualization solutions. VMWare, founded in 1998, was one of the first of these companies.

Innotek developed VirtualBox and released it as open source in 2007, and was then acquired by Sun Microsystems in 2008. Then, Sun was acquired by Oracle in 2010. Parallels, a virtualization solution for Mac, was developed in 2004 and became mainstream in 2006.

The value of virtualization encouraged chip makers to gradually add CPU support for virtualization. With CPU support, an x86-based system could run virtualized machines or software at close enough to native speed to be much more tolerable. This, in turn, led the workstation companies (such as Apple, Sun, and Silicon Graphics) to move to x86 CPUs.  

A key component of virtualization software is the hypervisor. The hypervisor presents the virtual machine to the chosen operating system and then manages the resources and execution of the virtual machines over time. The virtual machines themselves are configurable, at least regarding the amount of RAM, the number of logical CPU cores, graphics card memory, the host operating system disk files to act as virtual disk drives in the virtual machine, the mounting and unmounting of CD-ROM in the virtual CD-ROM drive, and so on. The hypervisor assures that these resources are truly available and that no virtual machine starves the other virtual machines for the host machine's resources.

For the enterprise, the requirements were somewhat different. Instead of providing virtual machines via a general-purpose host operating system such as Linux, the entire operating system itself could be optimized just for being the hypervisor. VMWare offered its Elastic Sky X Integrated (ESXi) operating system in 2004. The University of Cambridge computer laboratory developed the Xen hypervisor in the late 1990s, and the first stable version was released in 2003. Xen was originally the hypervisor used by Amazon for its Elastic Compute Cloud offering, before moving to KVM.

KVM is a virtualization solution supported directly by the Linux kernel. The kernel can act as the hypervisor under KVM. KVM can additionally emulate processors other than the host's native CPU, which is typically x86. This allows KVM to be used to emulate targets such as the Raspberry Pi.

Scaling a dedicated hosted website can be problematic. It's possible to simply upgrade to a larger and more powerful server to handle growing traffic and services. At some point, however, there is no server that is large and powerful! To scale up from that point requires distributing services across multiple servers.  

Previous Section
End of Section 3
Next Section