第1页 / 共306页
第2页 / 共306页
第3页 / 共306页
第4页 / 共306页
第5页 / 共306页
第6页 / 共306页
第7页 / 共306页
第8页 / 共306页
Docker in action.pdf
Docker in Action
contents
foreword
preface
acknowledgments
about this book
Roadmap
Code conventions and downloads
About the author
Author Online
about the cover illustration
Part 1 Keeping a Tidy Computer
1 Welcome to Docker
1.1 What is Docker?
1.1.1 Containers
1.1.2 Containers are not virtualization
1.1.3 Running software in containers for isolation
1.1.4 Shipping containers
1.2 What problems does Docker solve?
1.2.1 Getting organized
1.2.2 Improving portability
1.2.3 Protecting your computer
1.3 Why is Docker important?
1.4 Where and when to use Docker
1.5 Example: “Hello, World”
1.6 Summary
2 Running software in containers
2.1 Getting help with the Docker command line
2.2 Controlling containers: building a website monitor
2.2.1 Creating and starting a new container
2.2.2 Running interactive containers
2.2.3 Listing, stopping, restarting, and viewing output of containers
2.3 Solved problems and the PID namespace
2.4 Eliminating metaconflicts: building a website farm
2.4.1 Flexible container identification
2.4.2 Container state and dependencies
2.5 Building environment-agnostic systems
2.5.1 Read-only file systems
2.5.2 Environment variable injection
2.6 Building durable containers
2.6.1 Automatically restarting containers
2.6.2 Keeping containers running with supervisor and startup processes
2.7 Cleaning up
2.8 Summary
3 Software installation simplified
3.1 Identifying software
3.1.1 What is a repository?
3.1.2 Using tags
3.2 Finding and installing software
3.2.1 Docker Hub from the command line
3.2.2 Docker Hub from the website
3.2.3 Using alternative registries
3.2.4 Images as files
3.2.5 Installing from a Dockerfile
3.3 Installation files and isolation
3.3.1 Image layers in action
3.3.2 Layer relationships
3.3.3 Container file system abstraction and isolation
3.3.4 Benefits of this toolset and file system structure
3.3.5 Weaknesses of union file systems
3.4 Summary
4 Persistent storage and shared state with volumes
4.1 Introducing volumes
4.1.1 Volumes provide container-independent data management
4.1.2 Using volumes with a NoSQL database
4.2 Volume types
4.2.1 Bind mount volumes
4.2.2 Docker-managed volumes
4.3 Sharing volumes
4.3.1 Host-dependent sharing
4.3.2 Generalized sharing and the volumes-from flag
4.4 The managed volume life cycle
4.4.1 Volume ownership
4.4.2 Cleaning up volumes
4.5 Advanced container patterns with volumes
4.5.1 Volume container pattern
4.5.2 Data-packed volume containers
4.5.3 Polymorphic container pattern
4.6 Summary
5 Network exposure
5.1 Networking background
5.1.1 Basics: protocols, interfaces, and ports
5.1.2 Bigger picture: networks, NAT, and port forwarding
5.2 Docker container networking
5.2.1 The local Docker network topology
5.2.2 Four network container archetypes
5.3 Closed containers
5.4 Bridged containers
5.4.1 Reaching out
5.4.2 Custom name resolution
5.4.3 Opening inbound communication
5.4.4 Inter-container communication
5.4.5 Modifying the bridge interface
5.5 Joined containers
5.6 Open containers
5.7 Inter-container dependencies
5.7.1 Introducing links for local service discovery
5.7.2 Link aliases
5.7.3 Environment modifications
5.7.4 Link nature and shortcomings
5.8 Summary
6 Limiting risk with isolation
6.1 Resource allowances
6.1.1 Memory limits
6.1.2 CPU
6.1.3 Access to devices
6.2 Shared memory
6.2.1 Sharing IPC primitives between containers
6.2.2 Using an open memory container
6.3 Understanding users
6.3.1 Introduction to the Linux user namespace
6.3.2 Working with the run-as user
6.3.3 Users and volumes
6.4 Adjusting OS feature access with capabilities
6.5 Running a container with full privileges
6.6 Stronger containers with enhanced tools
6.6.1 Specifying additional security options
6.6.2 Fine-tuning with LXC
6.7 Build use-case-appropriate containers
6.7.1 Applications
6.7.2 High-level system services
6.7.3 Low-level system services
6.8 Summary
Part 2 Packaging Software for Distribution
7 Packaging software in images
7.1 Building Docker images from a container
7.1.1 Packaging Hello World
7.1.2 Preparing packaging for Git
7.1.3 Reviewing file system changes
7.1.4 Committing a new image
7.1.5 Configurable image attributes
7.2 Going deep on Docker images and layers
7.2.1 An exploration of union file systems
7.2.2 Reintroducing images, layers, repositories, and tags
7.2.3 Managing image size and layer limits
7.3 Exporting and importing flat file systems
7.4 Versioning best practices
7.5 Summary
8 Build automation and advanced image considerations
8.1 Packaging Git with a Dockerfile
8.2 A Dockerfile primer
8.2.1 Metadata instructions
8.2.2 File system instructions
8.3 Injecting downstream build-time behavior
8.4 Using startup scripts and multiprocess containers
8.4.1 Environmental preconditions validation
8.4.2 Initialization processes
8.5 Building hardened application images
8.5.1 Content addressable image identifiers
8.5.2 User permissions
8.5.3 SUID and SGID permissions
8.6 Summary
9 Public and private software distribution
9.1 Choosing a distribution method
9.1.1 A distribution spectrum
9.1.2 Selection criteria
9.2 Publishing with hosted registries
9.2.1 Publishing with public repositories: Hello World via Docker Hub
9.2.2 Publishing public projects with automated builds
9.2.3 Private hosted repositories
9.3 Introducing private registries
9.3.1 Using the registry image
9.3.2 Consuming images from your registry
9.4 Manual image publishing and distribution
9.4.1 A sample distribution infrastructure using the File Transfer Protocol
9.5 Image source distribution workflows
9.5.1 Distributing a project with Dockerfile on GitHub
9.6 Summary
10 Running customized registries
10.1 Running a personal registry
10.1.1 Reintroducing the Image
10.1.2 Introducing the V2 API
10.1.3 Customizing the Image
10.2 Enhancements for centralized registries
10.2.1 Creating a reverse proxy
10.2.2 Configuring HTTPS (TLS) on the reverse proxy
10.2.3 Adding an authentication layer
10.2.4 Client compatibility
10.2.5 Before going to production
10.3 Durable blob storage
10.3.1 Hosted remote storage with Microsoft’s Azure
10.3.2 Hosted remote storage with Amazon’s Simple Storage Service
10.3.3 Internal remote storage with RADOS (Ceph)
10.4 Scaling access and latency improvements
10.4.1 Integrating a metadata cache
10.4.2 Streamline blob transfer with storage middleware
10.5 Integrating through notifications
10.6 Summary
Part 3 Multi-Container and Multi-Host Environments
11 Declarative environments with Docker Compose
11.1 Docker Compose: up and running on day one
11.1.1 Onboarding with a simple development environment
11.1.2 A complicated architecture: distribution and Elasticsearch integration
11.2 Iterating within an environment
11.2.1 Build, start, and rebuild services
11.2.2 Scale and remove services
11.2.3 Iteration and persistent state
11.2.4 Linking problems and the network
11.3 Starting a new project: Compose YAML in three samples
11.3.1 Prelaunch builds, the environment, metadata, and networking
11.3.2 Known artifacts and bind-mount volumes
11.3.3 Volume containers and extended services
11.4 Summary
12 Clusters with Machine and Swarm
12.1 Introducing Docker Machine
12.1.1 Building and managing Docker Machines
12.1.2 Configuring Docker clients to work with remote daemons
12.2 Introducing Docker Swarm
12.2.1 Building a Swarm cluster with Docker Machine
12.2.2 Swarm extends the Docker Remote API
12.3 Swarm scheduling
12.3.1 The Spread algorithm
12.3.2 Fine-tune scheduling with filters
12.3.3 Scheduling with BinPack and Random
12.4 Swarm service discovery
12.4.1 Swarm and single-host networking
12.4.2 Ecosystem service discovery and stop-gap measures
12.4.3 Looking forward to multi-host networking
12.5 Summary
index
Symbols
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Docker in Action-back
IN ACTION
Jeff Nickoloff
M A N N I N G
Docker in Action
Licensed to Stephanie Bernal
ii
Licensed to Stephanie Bernal
Docker in Action
JEFF NICKOLOFF
M A N N I N G
SHELTER ISLAND
Licensed to Stephanie Bernal
iv
For online information and ordering of this and other Manning books, please visit
www.manning.com. The publisher offers discounts on this book when ordered in quantity.
For more information, please contact
Special Sales Department
Manning Publications Co.
20 Baldwin Road
PO Box 761
Shelter Island, NY 11964
Email: orders@manning.com
©2016 by Manning Publications Co. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in
any form or by means electronic, mechanical, photocopying, or otherwise, without prior written
permission of the publisher.
Many of the designations used by manufacturers and sellers to distinguish their products are
claimed as trademarks. Where those designations appear in the book, and Manning
Publications was aware of a trademark claim, the designations have been printed in initial caps
or all caps.
Recognizing the importance of preserving what has been written, it is Manning’s policy to have
the books we publish printed on acid-free paper, and we exert our best efforts to that end.
Recognizing also our responsibility to conserve the resources of our planet, Manning books are
printed on paper that is at least 15 percent recycled and processed without elemental chlorine.
Manning Publications Co.
20 Baldwin Road
PO Box 761
Shelter Island, NY 11964
Development editor: Cynthia Kane
Technical development editor: Robert Wenner
Technical proofreader: Niek Palm
Copyeditor: Linda Recktenwald
Proofreader: Corbin Collins
Typesetter: Marija Tudor
Cover designer: Marija Tudor
ISBN: 9781633430235
Printed in the United States of America
1 2 3 4 5 6 7 8 9 10 – EBM – 21 20 19 18 17 16
Licensed to Stephanie Bernal
contents
foreword xi
preface
xiii
acknowledgments
about this book
about the cover illustration xix
xv
xvii
PART 1 KEEPING A TIDY COMPUTER ............................ 1
1 Welcome to Docker
1.1 What is Docker? 4
3
Containers 4 ■ Containers are not virtualization 5
Running software in containers for isolation 5 ■ Shipping
containers 7
1.2 What problems does Docker solve? 7
Getting organized 8 ■ Improving portability 9 ■ Protecting
your computer 10
1.3 Why is Docker important? 11
1.4 Where and when to use Docker 11
1.5 Example: “Hello, World” 12
1.6
Summary 14
2 Running software in containers
15
2.1 Getting help with the Docker command line 15
v
Licensed to Stephanie Bernal
vi
CONTENTS
2.2 Controlling containers: building a website monitor 16
Creating and starting a new container 17 ■ Running
interactive containers 18 ■ Listing, stopping, restarting, and
viewing output of containers 20
Solved problems and the PID namespace 21
2.3
2.4 Eliminating metaconflicts: building a website farm 24
Flexible container identification 25 ■ Container state and
dependencies 28
2.5 Building environment-agnostic systems 30
Read-only file systems 30 ■ Environment variable
injection 32
2.6 Building durable containers 35
Automatically restarting containers 36 ■ Keeping containers
running with supervisor and startup processes 37
2.7 Cleaning up 39
2.8
Summary 40
3 Software installation simplified 41
Identifying software 42
3.1
What is a repository? 42 ■ Using tags 43
3.2
Finding and installing software 44
Docker Hub from the command line 44 ■ Docker Hub from the
website 46 ■ Using alternative registries 48 ■ Images as
files 48 ■ Installing from a Dockerfile 50
3.3
Installation files and isolation 51
Image layers in action 51 ■ Layer relationships 53
Container file system abstraction and isolation 53 ■ Benefits of
this toolset and file system structure 54 ■ Weaknesses of union
file systems 54
Summary 55
3.4
4 Persistent storage and shared state with volumes
Introducing volumes 57
4.1
56
Volumes provide container-independent data management 58
Using volumes with a NoSQL database 58
4.2 Volume types 61
Bind mount volumes 62 ■ Docker-managed volumes 64
Licensed to Stephanie Bernal
CONTENTS
vii
4.3
Sharing volumes 66
Host-dependent sharing 66 ■ Generalized sharing and the
volumes-from flag 67
4.4 The managed volume life cycle 69
Volume ownership 69 ■ Cleaning up volumes 70
4.5 Advanced container patterns with volumes 71
Volume container pattern 72 ■ Data-packed volume
containers 73 ■ Polymorphic container pattern 74
4.6
Summary 75
5 Network exposure
77
5.1 Networking background 78
Basics: protocols, interfaces, and ports 78 ■ Bigger picture:
networks, NAT, and port forwarding 79
5.2 Docker container networking 81
The local Docker network topology 81 ■ Four network container
archetypes 82
5.3 Closed containers 83
5.4 Bridged containers 85
Reaching out 85 ■ Custom name resolution 86 ■ Opening
inbound communication 89 ■ Inter-container
communication 91 ■ Modifying the bridge interface 92
5.5
Joined containers 94
5.6 Open containers 96
5.7
Inter-container dependencies 97
Introducing links for local service discovery 97 ■ Link
aliases 99 ■ Environment modifications 100 ■ Link nature
and shortcomings 102
5.8
Summary 103
6 Limiting risk with isolation 104
6.1 Resource allowances 105
Memory limits 105 ■ CPU 107 ■ Access to devices 109
6.2
Shared memory 109
Sharing IPC primitives between containers 110 ■ Using an
open memory container 111
Licensed to Stephanie Bernal
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
