Docker Up Running, 3rd Edition (Final Release) (Sean P. Kane, Karl Matthias) (Z-Library)

📄 File Format: PDF

💾 File Size: 5.1 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

(This page has no text content)

📄 Page 2

Praise for Docker: Up & Running Docker: Up & Running moves past the Docker honeymoon and prepares you for the realities of running containers in production. —Kelsey Hightower, Principal Developer Advocate, Google Cloud Platform Docker: Up & Running takes you from the basics underlying concepts to invaluable practical lessons learned from running Docker at scale. —Liz Rice, Chief Open Source Officer with eBPF specialists, Isovalent Docker: Up & Running will steer you toward building modern, reliable, and highly available distributed systems. —Mihai Todor, Senior Principal Engineer, TLCP A few years ago, I had to switch my workflow away from virtual machines and start focusing on containers. For me, the best way to understand how something works is by getting hands-on experience as a user, and only then diving into the technology. Docker: Up & Running made the process of getting hands-on with Docker and containers a smooth process, allowing me to easily get up to speed with containers. —Fabiano Fidêncio, Cloud Orchestration Software Engineer, Intel Corporation

📄 Page 3

Docker: Up & Running THIRD EDITION Shipping Reliable Containers in Production Sean P. Kane with Karl Matthias

📄 Page 4

Docker: Up & Running by Sean P. Kane with Karl Matthias Copyright © 2023 Sean P. Kane and Karl Matthias. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (https://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com. Acquisitions Editor: John Devins Development Editor: Michele Cronin Production Editor: Elizabeth Faerm Copyeditor: Sonia Saruba Proofreader: Piper Editorial Consulting, LLC Indexer: Sue Klefstad Interior Designer: David Futato Cover Designer: Randy Comer Illustrator: Kate Dullea April 2023: Third Edition Revision History for the Third Edition

📄 Page 5

2023-04-13: First Release See https://oreilly.com/catalog/errata.csp?isbn=9781098131821 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Docker: Up & Running, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the author, and do not represent the publisher’s views. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights. 978-1-098-13182-1 [LSI]

📄 Page 6

Dedication For my wife and children, who make everything worth it. For my parents, who pointed me toward the beautiful intersection between logic and passion. And for my sister, who challenges me to explore the world through the perception of others. —Sean P. Kane For my mom, who got me to read, and my dad, who read to me. And for my wife and daughters, who are my bedrock. —Karl Matthias

📄 Page 7

Foreword Containers are ubiquitous. From local development, to continuous integration, to managing large-scale production workloads, containers are everywhere. Why did this come about, where is it going, and what do you, the reader, need to know about this revolution that has taken over our industry? Many older technologies offer the promise of “write once, run anywhere.” However, not all runtimes offered this facility, and even those that did still required the runtime (and any additional dependencies) to be available in order for an application to run. Containers offer the promise of “build once, run anywhere.” They allow you to package your applications, the runtime required to run it, configuration files, and any and all file dependencies it needs into one artifact. As long as you have a container runtime on the target machine, your application just works. This allows your infrastructure to be truly application agnostic. “It works on my machine,” begone! Containers offer a standard application programming interface (API) to manage the lifecycle of a container and the applications packaged within the container. This API provides a homogenous interface to an otherwise heterogeneous deployment landscape, relieving operations teams from having to know the nitty-gritty of deploying and running applications and, consequently, being able to focus on the what they do best—managing infrastructure, enforcing security and compliance, and keeping the lights on. This interface also forms the basis for a ton of innovation. Container orchestrators like Kubernetes and Nomad leverage this control plane to raise the level of abstraction, making it easier to manage containerized workflows at scale. Service mesh technologies, like Istio, work hand in glove with orchestrators, decoupling cross-cutting concerns like service discovery and security from the application stack. All the benefits of a standard interface also flow upstream, making the daily lives of developers easier. A single command can produce an entire development environment. Within continuous integration (CI), containers can be easily spun up to house databases, queues, or whatever dependencies

📄 Page 8

your application needs to allow for integration, smoke, and end-to-end tests to check and verify your work. And finally, the portability of containers allows development teams to take ownership of their work in production, making many facets of DevOps a reality. In a world where runtimes upgrade major versions regularly, teams and organizations are polyglot, DevOps practices like blue-green and canary releases are the norm, and scale is unprecedented, the technology that teams throughout the world are using to build and deploy their applications is containers. Containers are no longer new or novel—rather, they represent the rule of how organizations are packaging and deploying applications. However, working with containers isn’t easy. Having used containers for almost a decade, and having spent time teaching it to audiences around the world, I can attest to how nuanced this subject is. Sean and Karl have distilled years of experience into a highly readable, yet comprehensive guide to using containers with Docker. Everything you need to get started and be productive with Docker can be found within the pages of this book—from installation, to understanding how to use and build images, to working with containers, introspecting builds and the runtime, as well as productionizing containers, can be all found here. And that’s not all—Sean and Karl aren’t afraid to dive into microscopic details—elaborating on how simple Linux primitives like cgroups and namespaces make this magical thing called containers a reality. Finally, the Docker ecosystem is ever growing and expanding—and you’ll find coverage on that landscape as well. In the foreword of Docker: Up & Running, second edition, Laura Tacho made an astute observation—cloud native technologies like VMs and containers are not exclusive. Rather, they are additive. This statement couldn’t be truer today—the rise of technologies like Kata Containers that combine the use of lightweight virtual machines to run containers, thus allowing us to have the best of both worlds (the isolation of VMs with the portability of containers), are an attestation to Laura’s commentary.

📄 Page 9

Containers are ubiquitous. A journey of a thousand miles begins with a single step—and indeed, the journey to truly grokking containers is a long one. If this book is your first step, you’ve made the right choice. You have two very experienced guides showing you the way, and while I realize you don’t need it, I still wish you the very best of luck. Happy containerizing. Raju Gandhi Founder, DefMacro Software, LLC, and author of Head First Software Architecture, Head First Git, and JavaScript Next @looselytyped Columbus, Ohio April 2023

📄 Page 10

Preface This book is designed for anyone who needs a practical understanding of Linux containers and how they can be used to improve development and production practices. Most modern integration workflows and production systems require developers and operations engineers to have a firm understanding of Linux containers and how they can be leveraged to significantly improve repeatability and predictability across the system. Along the way we’ll explore how to build, test, deploy, and debug Linux containers within the Docker ecosystem. We’ll also cover a few of the significant orchestration tools that leverage Linux containers. And finally, we’ll round all of that out with some guidance on security and best practices for your container environment. Who Should Read This Book This book is intended for anyone who is looking to solve the complex workflow problems involved in developing and deploying software to production at scale. If you’re interested in Linux containers, Docker, Kubernetes, DevOps, and large, scalable, software infrastructures, then this book is for you. Why Read This Book? Today there are many conversations, projects, and articles on the internet about Docker, and some of them have even started predicting the demise of Docker. So why should you devote precious hours to reading this book? Although there are other alternatives today, Docker single-handedly made Linux containers accessible to all engineers. Before Docker created the

📄 Page 11

container image format and helped build many of the core libraries used in containerization systems today, Linux containers were very difficult to use and primarily remained the tools of very large cloud-hosting companies that needed to provide scalability while also protecting their systems from untrusted user code. Docker changed all of that. Even though there is a lot of information about Docker and Linux containers out there, the landscape is still actively evolving, and best practices are shifting. Imagine that you just read a blog post, published four years ago, about Docker. It might still work, but it might not be the best approach anymore. During the time it took us to write the first edition of this book, Docker, Inc., released four versions of Docker plus a few major tools into their ecosystem. In the seven years between the first and third editions of this book, the landscape has changed significantly. Docker has stabilized, and there are now many additional tools that fill similar roles. Instead of suffering from a complete lack of tools, there are now many robust choices for almost every aspect of the DevOps workflow. Wrapping your arms around the scope of what Linux containers and Docker provide, understanding how they fit into your workflow, and getting all the various integrations right are not trivial tasks. We have worked with multiple companies for over nine years building and operating a mix of production Linux container platforms, including Docker, Mesos, and Kubernetes. We originally implemented Docker in production only months after its release and can share with you some of the experience we gained from evolving our production platforms since then. Our goal with this book is for you to benefit from this experience by avoiding many of the bumps in the road that we suffered through. Even though the online documentation for the Docker project is very useful, we will attempt to give you a much bigger picture and expose you to many of the best practices that we have learned along the way. When you finish this book, you should have enough information to understand what Linux containers are, what Docker provides, why they are

📄 Page 12

important, and how you can leverage them to streamline everything from local development through production. It should be a fascinating trip through a few interesting technologies that have some very practical applications. Navigating This Book This book is organized as follows: Chapters 1 and 2 provide an introduction to Docker and explain what it is and how you can use it. Chapter 3 takes you through the steps required to install Docker. Chapters 4 through 6 dive into the Docker client, images, and containers, exploring what they are and how you can work with them. Chapter 7 discusses how to debug your images and containers. Chapter 8 introduces Docker Compose and how it can be used to significantly simplify the process of developing complex container- based services. Chapter 9 explores the considerations that are important to ensure a smooth transition into production. Chapter 10 delves into deploying containers at scale in public and private clouds. Chapter 11 dives into advanced topics that require some familiarity with Docker and can be important as you start to use Docker in your production environment. Chapter 12 explores a few alternative tools that can be useful in containerized Linux environments. Chapter 13 explores some of the core concepts that have solidified in the industry about how to design the next generation of internet-scale

📄 Page 13

production software. Chapter 14 wraps everything up and ties it with a bow. It includes a summary of what has been covered and how it should help you improve the way you deliver and scale software services. We realize that many people don’t read technical books front to back and that something like the preface is incredibly easy to skip, but if you’re still with us, here is a quick guide to some different approaches to reading this book: If you are new to Linux containers, start at the beginning. The first two chapters are intended to help you get your head around the basics of Docker and Linux containers, including what they are, how they work, and why you should care. If you want to jump right in and install and run Docker on your workstation, then skip to Chapters 3 and 4, which show you how to install Docker, create and download images, run containers, and much more. If you are familiar with the Docker basics but would like to learn more about how to utilize it for development, take a look at Chapters 5 through 8, which go over a lot of the skills that will make working with Docker on a day-to-day basis easy, and conclude with a thorough exploration of Docker Compose. If you are already using Docker for development but need some help getting it into production, consider starting with Chapter 9 and continuing on through Chapter 12. These sections delve into deploying containers, leveraging advanced container platforms, and many other advanced topics. If you are a software or platform architect, you might find Chapter 13 an interesting place to investigate, as we dive into some of the current thinking regarding containerized applications and horizontally scalable service design.

📄 Page 14

Conventions Used in This Book The following typographical conventions are used in this book: Italic Indicates new terms, URLs, email addresses, filenames, and file extensions. Constant width Used for program listings, as well as within paragraphs to refer to program elements such as variable or function names, databases, data types, environment variables, statements, and keywords. Constant width bold Shows commands or other text that should be typed literally by the user. <Constant width in angle brackets> Shows text that should be replaced with user-supplied values or by values determined by context. TIP This element signifies a tip or suggestion. NOTE This element signifies a general note. WARNING This element indicates a warning or caution.

📄 Page 15

Using Code Examples Supplemental material (code examples, exercises, etc.) is available for download at https://github.com/bluewhalebook/docker-up-and-running-3rd- edition. This book is here to help you get your job done. In general, if there is code that is offered along with this book, you may use it in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a collection of examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission. We appreciate but do not require attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: “Docker: Up & Running, 3e, by Sean P. Kane with Karl Matthias (O’Reilly). Copyright 2023 Sean P. Kane and Karl Matthias, 978-1-098-13182-1.” If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at permissions@oreilly.com. O’Reilly Online Learning NOTE For more than 40 years, O’Reilly Media has provided technology and business training, knowledge, and insight to help companies succeed. Our unique network of experts and innovators share their knowledge and expertise through books, articles, and our online learning platform. O’Reilly’s online learning platform gives you on-demand access to live

📄 Page 16

training courses, in-depth learning paths, interactive coding environments, and a vast collection of text and video from O’Reilly and 200+ other publishers. For more information, visit https://oreilly.com. How to Contact Us Please address comments and questions concerning this book to the publisher: O’Reilly Media, Inc. 1005 Gravenstein Highway North Sebastopol, CA 95472 800-998-9938 (in the United States or Canada) 707-829-0515 (international or local) 707-829-0104 (fax) We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at https://oreil.ly/docker- up-and-running-3e. Email bookquestions@oreilly.com to comment or ask technical questions about this book. For news and information about our books and courses, visit https://oreilly.com. Find us on LinkedIn: https://linkedin.com/company/oreilly-media. Follow us on Twitter: https://twitter.com/oreillymedia. Watch us on YouTube: https://youtube.com/oreillymedia.

📄 Page 17

Acknowledgments We’d like to send a heartfelt thanks to the many people who helped make each edition of this book possible: Nic Benders, Bjorn Freeman-Benson, and Dana Lawson at New Relic, who went far above and beyond in supporting the first edition, and who ensured that we had time to pursue it. Roland Tritsch and Nitro Software for supporting Karl’s efforts on the second edition. Laurel Ruma at O’Reilly, who initially reached out to us about writing a Docker book, and Mike Loukides who helped get everything on track. A special thanks to our first-edition editor, Brian Anderson, who ensured that we knew what we were getting into and guided us along every step of the way. Nikki McDonald and Virginia Wilson, who helped shepherd us through the process of creating a much-needed second edition of this book. And to John Devins, Michele Cronin, and Elizabeth Faerm who worked incredibly hard to make sure that this third edition saw the light of day. Thank you to Yevgeniy (Jim) Brikman, the author of the excellent Terraform: Up & Running, who graciously let us heavily base the website design for https://dockerupandrunning.com on his previous work. Introducing a new audience to a new technology succinctly takes a special talent. We are very grateful to Lars Herrmann, Laura Frank Tacho, and Raju Ghandi for taking the time to create a foreword for one of the releases.

📄 Page 18

Our draft reviewers, who helped ensure that we were on the right track at various points throughout the writing process: Ksenia Burlachenko, who gave us our very first review as well as a full tech review, Andrew T. Baker, Sébastien Goasguen, Henri Gomez, Chelsey Frank, Rachid Zarouali, Werner Dijkerman, Predrag Knežević, and Vishwesh Ravi Shrimali. A special call-out is due to Alice Goldfuss and Tom Offermann, who gave us detailed and consistently useful feedback when we wrote the first edition, and to Mihai Todor for his encouragement, tech review, and full feedback on the second edition. Gillian McGarvey, Melanie Yarbrough, Justin Billing, Rachel Monaghan, and Sonia Saruba for their efforts in copyediting the manuscript and making it appear like we were paying attention in our high school English classes. 517 commas added and counting…. Sue Klefstad, who helped us ensure that the 3e index was a useful reference for all of our readers, and to Wendy Catalano and Ellen Troutman for their efforts in indexing the earlier editions. A special thanks to Nick Adams and everyone who worked behind the scenes at O’Reilly Media to help ensure that everything appeared just right in all of the distribution formats. All of our peers at New Relic and Nitro who have been along for the whole Docker ride. They provided us with much of the experience that’s reflected here. Grains of Wrath Brewery, World Cup Coffee, McMenamins Ringlers Pub, Old Town Pizza, A Beer at a Time!, Taylor’s Three Rock pub, and others who kindly let us use their tables and power long after our dishes were empty. Our families, for being supportive and giving us the required quiet time when we needed it.

📄 Page 19

And finally to everyone else who encouraged us, gave us advice, or supported us in any way throughout this process.

📄 Page 20

Chapter 1. Introduction Docker was first introduced to the world—with no pre-announcement and little fanfare—by Solomon Hykes, founder and CEO of a company then called dotCloud, in a five-minute lightning talk at the Python Developers Conference in Santa Clara, California, on March 15, 2013. At the time of this announcement, only about 40 people outside of dotCloud had been given the opportunity to play with Docker. Within a few weeks of this announcement, there was a surprising amount of press. The source code was quickly released on GitHub as a public and fully open source project. Over the next few months, more and more people in the industry started hearing about Docker and how it was going to revolutionize the way software was built, delivered, and run. And within a year, almost no one in the industry was unaware of Docker, but many were still unsure what it was exactly, and why people were so excited about it. Docker is a tool that promises to easily encapsulate the process of creating a distributable artifact for any application, deploying it at scale into any environment, and streamlining the workflow and responsiveness of Agile software organizations. The Promise of Docker Initially, many people who were unfamiliar with Docker viewed it as some sort of virtualization platform, but in reality, it was the first widely accessible tool to build on top of a much newer technology called containerization. Docker and Linux containers have had a significant impact on a wide range of industry segments that include tools and technologies like Vagrant, KVM, OpenStack, Mesos, Capistrano, Ansible, Chef, Puppet, and so on. There is something very telling about the list of products that have had their market share directly impacted by Docker, and maybe you’ve spotted it already. Looking over this list, most engineers