Docker开发指南
前言 ..........................................................................................................................................................xi
第一部分 背景与基础
第1 章 何谓容器,为何需要它 .....................................................................................................3
1.1 容器与虚拟机的比较 .................................................................................................................4
1.2 Docker 与容器 ............................................................................................................................5
1.3 Docker 的历史 ............................................................................................................................7
1.4 插件与基础设施 .........................................................................................................................8
1.5 64 位Linux .................................................................................................................................9
第2 章 安装 .......................................................................................................................................10
2.1 在 Linux 上安装Docker ...........................................................................................................10
2.1.1 将SELinux 置于宽容模式下运行 ..............................................................................11
2.1.2 不使用sudo 命令执行Docker ....................................................................................11
2.2 在Mac OS 及Windows 上安装Docker ..................................................................................12
2.3 快速确认 ...................................................................................................................................13
第3 章 迈出第一步 .........................................................................................................................15
3.1 运行第一个镜像 .......................................................................................................................15
3.2 基本命令 ...................................................................................................................................16
3.3 通过Dockerfile 创建镜像 ........................................................................................................20
3.4 使用寄存服务 ...........................................................................................................................22
3.5 使用Redis 官方镜像 ................................................................................................................24
3.6 总结 ...........................................................................................................................................27
第4 章 Docker 基本概念 ...............................................................................................................28
4.1 Docker 系统架构 ......................................................................................................................28
4.1.1 底层技术 ......................................................................................................................29
4.1.2 周边技术 ......................................................................................................................30
4.1.3 Docker 托管 ..................................................................................................................31
4.2 镜像是如何生成的 ...................................................................................................................32
4.2.1 构建环境的上下文 ......................................................................................................32
4.2.2 镜像层 ..........................................................................................................................33
4.2.3 缓存 ..............................................................................................................................35
4.2.4 基础镜像 ......................................................................................................................35
4.2.5 Dockerfile 指令.............................................................................................................37
4.3 使容器与世界相连 ...................................................................................................................39
4.4 容器互联 ...................................................................................................................................40
4.5 利用数据卷和数据容器管理数据 ...........................................................................................41
4.5.1 共享数据 ......................................................................................................................43
4.5.2 数据容器 ......................................................................................................................44
4.6 Docker 常用命令 ......................................................................................................................45
4.6.1 run 命令 ........................................................................................................................46
4.6.2 容器管理 ......................................................................................................................48
4.6.3 Docker 信息 ..................................................................................................................50
4.6.4 容器信息 ......................................................................................................................50
4.6.5 镜像管理 ......................................................................................................................52
4.6.6 使用寄存服务器 ..........................................................................................................54
4.7 总结 ...........................................................................................................................................55
第二部分 Docker 与软件生命周期
第5 章 在开发中应用Docker ......................................................................................................59
5.1 说声“Hello World!” ...............................................................................................................59
5.2 通过Compose 实现自动化 ......................................................................................................67
5.3 总结 ...........................................................................................................................................69
第6 章 创建一个简单的Web 应用 ............................................................................................71
6.1 创建一个基本网页 ...................................................................................................................72
6.2 利用现有镜像 ...........................................................................................................................73
6.3 实现缓存功能 ...........................................................................................................................78
6.4 微服务 .......................................................................................................................................81
6.5 总结 ...........................................................................................................................................81
第7 章 镜像分发 ..............................................................................................................................82
7.1 镜像及镜像库的命名方式 .......................................................................................................82
7.2 Docker Hub ...............................................................................................................................83
7.3 自动构建 ...................................................................................................................................85
7.4 私有分发 ...................................................................................................................................86
7.4.1 运行自己的寄存服务 ..................................................................................................86
7.4.2 商业寄存服务 ..............................................................................................................92
7.5 缩减镜像大小 ...........................................................................................................................92
7.6 镜像出处 ...................................................................................................................................94
7.7 总结 ...........................................................................................................................................94
第8 章 Docker 持续集成与测试 .................................................................................................95
8.1 为identidock 添加单元测试 ....................................................................................................95
8.2 创建Jenkins 容器 ...................................................................................................................100
8.3 推送镜像 .................................................................................................................................106
8.3.1 给镜像正确的标签 ....................................................................................................106
8.3.2 准生产及生产环境 ....................................................................................................108
8.3.3 镜像数量激增的问题 ................................................................................................108
8.3.4 使用Docker 部署Jenkins slaves ...............................................................................109
8.4 备份Jenkins 数据 ...................................................................................................................109
8.5 持续集成的托管解决方案 .....................................................................................................109
8.6 测试与微服务 .........................................................................................................................110
8.7 总结 .........................................................................................................................................111
第9 章 部署容器 ............................................................................................................................113
9.1 通过Docker Machine 配置资源 ............................................................................................114
9.2 使用代理 .................................................................................................................................117
9.3 执行选项 .................................................................................................................................122
9.3.1 shell 脚本 ....................................................................................................................122
9.3.2 使用进程管理器(或用systemd 控制所有进程) ..................................................124
9.3.3 使用配置管理工具 ....................................................................................................127
9.4 主机配置 .................................................................................................................................130
9.4.1 选择操作系统 ............................................................................................................130
9.4.2 选择存储驱动程序 ....................................................................................................130
9.5 专门的托管方案 .....................................................................................................................132
9.5.1 Triton ...........................................................................................................................132
9.5.2 谷歌容器引擎 ............................................................................................................134
9.5.3 亚马逊EC2 容器服务 ...............................................................................................135
9.5.4 Giant Swarm ...............................................................................................................136
9.6 持久性数据和生产环境容器 .................................................................................................138
9.7 分享秘密信息 .........................................................................................................................139
9.7.1 在镜像中保存秘密信息 ............................................................................................139
9.7.2 通过环境变量传递密钥 ............................................................................................139
9.7.3 通过数据卷传递密钥 ................................................................................................140
9.7.4 使用键值存储 ............................................................................................................140
9.8 网络连接 .................................................................................................................................141
9.9 生产环境的寄存服务 .............................................................................................................141
9.10 持续部署/ 交付 ....................................................................................................................141
9.11 总结 .......................................................................................................................................142
第10 章 日志记录和监控 ............................................................................................................143
10.1 日志记录 ...............................................................................................................................144
10.1.1 Docker 默认的日志记录 ........................................................................................144
10.1.2 日志汇总 .................................................................................................................145
10.1.3 使用ELK 进行日志记录 .......................................................................................146
10.1.4 通过syslog 实现日志管理 .....................................................................................155
10.1.5 从文件抓取日志 .....................................................................................................160
10.2 监控和警报 ...........................................................................................................................161
10.2.1 使用Docker 工具进行监测 ...................................................................................161
10.2.2 cAdvisor ..................................................................................................................162
10.2.3 集群解决方案 .........................................................................................................163
10.3 商用的监听及日志记录解决方案 .......................................................................................166
10.4 总结 .......................................................................................................................................166
第三部分 工具和技术
第11 章 联网和服务发现 ............................................................................................................169
11.1 大使容器 ...............................................................................................................................170
11.2 服务发现 ...............................................................................................................................173
11.2.1 etcd ..........................................................................................................................173
11.2.2 SkyDNS ...................................................................................................................177
11.2.3 Consul ......................................................................................................................181
11.2.4 服务注册 .................................................................................................................185
11.2.5 其他解决方案 .........................................................................................................186
11.3 联网选项 ...............................................................................................................................187
11.3.1 网桥模式 .................................................................................................................187
11.3.2 主机模式 .................................................................................................................188
11.3.3 容器模式 .................................................................................................................188
11.3.4 未联网模式 ............................................................................................................188
11.4 全新的Docker 联网功能 .....................................................................................................188
11.5 网络解决方案 .......................................................................................................................190
11.5.1 Overlay ....................................................................................................................191
11.5.2 Weave ......................................................................................................................193
11.5.3 Flannel .....................................................................................................................196
11.5.4 Calico 项目 ..............................................................................................................201
11.6 总结 .......................................................................................................................................205
第12 章 编排、集群和管理 .......................................................................................................207
12.1 集群和编排工具 ...................................................................................................................208
12.1.1 Swarm ......................................................................................................................208
12.1.2 fleet ..........................................................................................................................214
12.1.3 Kubernetes ...............................................................................................................219
12.1.4 Mesos 和 Marathon .................................................................................................226
12.2 容器管理平台 .......................................................................................................................235
12.2.1 Rancher ....................................................................................................................236
12.2.2 Clocker ....................................................................................................................237
12.2.3 Tutum ......................................................................................................................238
12.3 总结 .......................................................................................................................................239
第13 章 容器安全与限制容器 ...................................................................................................241
13.1 需要考虑的事项 ...................................................................................................................242
13.2 纵深防御 ...............................................................................................................................244
13.3 如何保护identidock .............................................................................................................245
13.4 以主机隔离容器 ...................................................................................................................246
13.5 进行更新 ...............................................................................................................................246
13.6 镜像出处 ...............................................................................................................................249
13.6.1 Docker 摘要 ............................................................................................................250
13.6.2 Docker 的内容信任机制 ........................................................................................250
13.6.3 可复制及可信任的Dockerfile ...............................................................................254
13.7 安全建议 ...............................................................................................................................256
13.7.1 设置用户 .................................................................................................................256
13.7.2 限制容器联网 .........................................................................................................257
13.7.3 删除setuid 和setgid 的二进制文件 ......................................................................258
13.7.4 限制内存使用 .........................................................................................................259
13.7.5 限制CPU 使用 .......................................................................................................260
13.7.6 限制重新启动 .........................................................................................................261
13.7.7 限制文件系统 .........................................................................................................261
13.7.8 限制内核能力 .........................................................................................................262
13.7.9 应用资源限制 .........................................................................................................263
13.8 运行加固内核 .......................................................................................................................264
13.9 Linux 安全模块 ....................................................................................................................265
13.9.1 SELinux ...................................................................................................................265
13.9.2 AppArmor ...............................................................................................................268
13.10 审核 .....................................................................................................................................268
13.11 事件响应 .............................................................................................................................269
13.12 未来特性 .............................................................................................................................269
13.13 总结 .....................................................................................................................................270
作者简介 ..............................................................................................................................................271
关于封面 ..............................................................................................................................................271
Docker容器轻量和可移植的特性尤其适用于动态和分布式的环境,它的兴起给软件开发流程带来了一场革命。Docker开发指南对Docker进行了全面讲解,包括开发、生产以到维护的整个软件生命周期,并对其中可能出现的一些问题进行了探讨,如软件版本差异、开发环境与生产环境的差异、系统安全问题,等等。