Pretace
Part Ⅰ. Background and Basics
1. The What and Why of Containers
Containers Versus VMs
Docker and Containers
Docker: A History
Plugins and Plumbing
64-Bit Linux
2. Installation
Installing Docker on Linux
Run SELinux in Permissive Mode
Running Without sudo
Installing Docker on Mac OS or Windows
A Quick Check
3. First Steps
Running Your First Image
The Basic Commands
Building Images from Dockerfiles
Working with Registries
Private Repositories
Using the Redis Official Image
Conclusion
4. Docker Fundamentals
The Docker Architecture
Underlying Technologies
Surrounding Technologies
Docker Hosting
How Images Get Built
The Build Context
Image Layers
Caching
Base Images
Dockerfile Instructions
Connecting Containers to the World
Linking Containers
Managing Data with Volumes and Data Containers
Sharing Data
Data Containers
Common Docker Commands
The run Command
Managing Containers
Docker Info
Container Info
Dealing with Images
Using the Registry
Conclusion
Part Ⅱ. The Software Lifecycle with Docker
5. Using Docker in Development
Say Hello World!
Automating with Compose
The Compose Workflow
Conclusion
6. Creating a Simple Web App
Creating a Basic Web Page
Taking Advantage of Existing Images
Add Some Caching
Microservices
Conclusion
7. Image Distribution
Image and Repository Naming
The Docker Hub
Automated Builds
Private Distribution
Running Your Own Registry
Commerical Registries
Reducing Image Size
Image Provenance
Conclusion
8. Continuous Integration and Testing with Docker
Adding Unit Tests to Identidock
Creating a Jenkins Container
Triggering Builds
Pushing the Image
Responsible Tagging
Staging and Production
Image Sprawl
Using Docker to Provision Jenkins Slaves
Backing Up Jenkins
Hosted CI Solutions
Testing and Microservices
Testing in Production
Conclusion
9. Deploying Containers
Prvisioning Resources with Docker Machine
Using a Proxy
Execution Options
Shell Scripts
Using a Process Manager (or systemd to Rule Them All)
Using a Configuration Management Tool
Host Configuration
Choosing an OS
Choosing a Storage Driver
Specialist Hosting Options
Triton
Google Container Engine
Amazon EC2 Container Service
Giant Swarm
Persistent Data and Production Containers
Sharing Secrets
Saving Secrets in the Image
Passing Secrets in Environment Variables
Passing Secrets in Volumes
Using a Key-Value Store
Networking
Production Registry
Continuous Deployment/Delivery
Conclusion
10. Logging and Monitoring
Logging
The Default Docker Logging
Aggregating Logs
Logging with ELK
Docker Logging with syslog
Grabbing Logs from File
Monitoring and Alerting
Monitoring with Docker Tools
cAdvisor
Cluster Solutions
Commercial Monitoring and Logging Solutions
Conclusion
Part Ⅲ. Tools and Techniques
11. Networking and Service Discovery
Ambassadors
Service Discovery
etcd
SkyDNS
Consul
Registration
Other Solutions
Networking Options
Bridge
Host
Container
None
New Docker Networking
Network Types and Plugins
Networking Solutions
Overlay
Weave
Flannel
Project Calico
Conclusion
12. Orchestration, Clustering, and Management
Clustering and Orchestration Tools
Swarm
Fleet
Kubernetes
Mesos and Marathon
Container Management Platforms
Rancher
Clocker
Tutum
Conclusion
13. Security and Limiting Containers
Things to Worry About
Defense-in-Depth
Least Privilege
Securing Identidock
Segregate Containers by Host
Applying Updates
Avoid Unsupported Drivers
Image Provenance
Docker Digests
Docker Content Trust
Reproducible and Trustworthy Dockerfiles
Security Tips
Set a User
Limit Container Networking
Remove Setuid/Setgid Binaries
Limit Memory
Limit CPU
Limit Restarts
Limit Filesystems
Limit Capabilities
Apply Resource Limits (ulimits)
Run a Hardened Kernel
Linux Security Modules
SELinux
AppArmor
Auditing
Incident Response
Future Features
Conclusion
Index