E-Book, Englisch, 240 Seiten
Raj Learning Docker
1. Auflage 2024
ISBN: 978-1-78439-193-5
Verlag: De Gruyter
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
Optimize the power of Docker to run your applications quickly and easily
E-Book, Englisch, 240 Seiten
ISBN: 978-1-78439-193-5
Verlag: De Gruyter
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
Docker is a next-generation platform for simplifying application containerization life-cycle. Docker allows you to create a robust and resilient environment in which you can generate portable, composable, scalable, and stable application containers.
This book is a step-by-step guide that will walk you through the various features of Docker from Docker software installation to the impenetrable security of containers. The book starts off by elucidating the installation procedure for Docker and a few troubleshooting techniques. You will be introduced to the process of downloading Docker images and running them as containers. You'll learn how to run containers as a service (CaaS) and also discover how to share data among containers. Later on, you'll explore how to establish the link between containers and orchestrate containers using Docker Compose. You will also come across relevant details about application testing inside a container. You will discover how to debug a container using the docker exec command and the nsenter tool. Finally, you will learn how to secure your containers with SELinux and other proven methods.
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
Table of Contents - Getting started
- Handling containers
- Building images
- Publishing images
- Running your private Docker infrastructure
- Running services in a container
- Sharing data with containers
- Orchestrating containers
- Testing with Docker
- Debugging containers
- Securing containers
Working with Docker images
In the previous chapter, we demonstrated the typical example by using a image. Now there is a need for a close observation of the output of the subcommand, which is a standard command for downloading the Docker images. You would have noticed the presence of the text in the output text, and we will explain this mystery in a detailed manner by bringing in a small twist to the subcommand by adding the option, as shown here:
Surprisingly, you will observe that the Docker engine downloads a few more images with the option. You can easily check the images that are available on the Docker host by running the subcommand, which comes in handy, and it reveals more details with respect to and the additional images that are downloaded by running this command. Let us run this command:
You will get the list of images, as follows:
Evidently, we have five items in the preceding list, and to gain a better understanding of those, we need to comprehend the information that is printed out by the Docker images subcommand. Here is a list of the possible categories:
- : This is the name of the repository or image. In the preceding example, the repository name is .
- : This is the tag associated with the image, for example , , . One or more tags can be associated with one image.
Note
The * tagged images are built by using the Ubuntu package and the * tagged images are built from scratch by using the tool-chain.
- : Every image is associated with a unique . The image is represented by using a 64 Hex digit long random number. By default, the Docker images subcommand will only show 12 Hex digits. You can display all the 64 Hex digits by using the flag (for example: ).
- : Indicates the time when the image was created.
- : Highlights the virtual size of the image.
You might be wondering how, in the preceding example, a single command with the option was able to download five images, even though we had only specified one image by the name of . This happened because each Docker image repository can have multiple variants of the same image and the option downloads all the variants that are associated with that image. In the preceding example, the variants are tagged as , , , and . A closer observation of the image IDs will reveal that both and share the image ID .
By default, Docker always uses the image that is tagged as . Each image variant can be directly identified by qualifying it with its tag. An image can be tag-qualified by appending the tag to the repository name with a that is added between the tag and the repository name (). For instance, you can launch a container with the tag, as shown here:
The subcommand will always download the image variant that has the tag in that repository. However, if you choose to download an image variant other than the latest, then you can do so by qualifying your image with the tag name by using the following command:
Docker Hub Registry
In the previous section, when you ran the subcommand, the image got downloaded mysteriously. In this section, let's unravel the mystery around the subcommand and how the Docker Hub immensely contributed toward this unintended success.
The good folks in the Docker community have built a repository of images and they have made it publicly available at a default location, . This default location is called the Docker index. The subcommand is programmed to look for the images at this location. Therefore, when you a image, it is effortlessly downloaded from the default registry. This mechanism helps in speeding up the spinning of the Docker containers. The Docker Index is the official repository that contains all the painstakingly curated images that are created and deposited by the worldwide Docker development community.
This so-called cure is enacted to ensure that all the images stored in the Docker index are secure and safe through a host of quarantine tasks. There are proven verification and validation methods for cleaning up any knowingly or unknowingly introduced malware, adware, viruses, and so on, from these Docker images. The digital signature is a prominent mechanism of the utmost integrity of the Docker images. Nonetheless, if the official image has been either corrupted, or tampered with, then the Docker engine will issue a warning and then continue to run the image.
In addition to the official repository, the Docker Hub Registry also provides a platform for the third-party developers and providers for sharing their images for general consumption. The third-party images are prefixed by the user ID of their developers or depositors. For example, is a third-party image, wherein is the user ID and is the image repository name. You can download any third-party image by using the subcommand, as shown here:
Apart from the preceding repository, the Docker ecosystem also provides a mechanism for leveraging the images from any third-party repository hub other than the Docker Hub Registry, and it provides the images hosted by the local repository hubs. As mentioned earlier, the Docker engine has been programmed to look for images in by default, whereas in the case of the third-party or the local repository hub, we must manually specify the path from where the image should be pulled. A manual repository path is similar to a URL without a protocol specifier, such as , and . Following is an example of pulling an image from a third party repository hub:
Searching Docker images
As we discussed in the previous section, the Docker Hub repository typically hosts both the official images as well as the images that have been contributed by the third-party Docker enthusiasts. At the time of writing this book, more than 14,000 images (also called the Dockerized application) were available for the users. These images can be used either as is, or as a building block for the user-specific applications.
You can search for the Docker images in the Docker Hub Registry by using the subcommand, as shown in this example:
The search on will list 400 odd images, as follows:
As you can see in the preceding search output excerpts, the images are ordered based on their star rating. The search result also indicates whether or not the image is official. In order to stay in focus, in this example, we will show only two images. Here, you can see the official version of , which pulls a star rating image as its first result. The second result shows that this version of the image was published by the user ....
