SlideShare a Scribd company logo

Docker for developers

A
andrzejsydor

This document provides an overview of Docker for developers. It discusses Docker's capabilities for solving portability issues, its advantages over traditional virtualization through operating system-level virtualization using containers that share the same kernel, and how it addresses challenges like slow development times and inefficient resource usage. It also covers Docker concepts like images, containers, registries, networking, security best practices using tools like Docker Bench Security, and cluster management using Docker Swarm.

1 of 44
Downloaded 19 times
Docker for Developers ANDRZEJ SYDOR
Docker  Docker is the leading software container platform  Founded in 2013 as Linux developer tool  Fundamentally solves the „works on my machine” problem  Container industry inventor, leader and innovative  Transform app and infrastructure security, portability, agility and efficiency
One Application on One Physical Server  Limitations  Slow development times  Huge costs  Wasted resources  Difficult to scale  Difficult to migrate  Vendor lock in
Hypervisior – Based Virtualization  Benefit:  Better resource pooling  One physical machine divided into multiple virtual machines  Easier to scale  VMs in the cloud  Rapid elasticity  Pay as you go model  Limitations:  Each VM stills requires:  CPU limitations  Storage  RAM  An entire guest operating system  Full guest OS means wasted resources  Application portability not guaranteed
Docker  Standarized packaging for software and dependencies  Isolate apps from each other  Share the same OS kernel  Works with all major Linux and Windows Server
Docker for developers
Key Benefits of Docker Containers  Speed  No OS to boot – applications online in seconds  Portability  Less dependencies between proces layers = ability to move between infrastructure  Efficiency  Less OS overhead  Improved resource efficiency
WORA / PODA  WORA = Write Once Run Anywhere {J,W,E}AR  PODA = Package Once Deploy Anywhere
Docker  Image  The basis of a Docker container  Registry  Stores, distributes and manages Docker images  Container  The image when it is ‚running’  Swarm Cluster  Cluster of Docker hosts  Control Pane  Management plane for container and cluster orchestration
Docker  Docker Compose  Define and share multi-container definitions  Docker Machine  A tool to launch Docker hosts on multiple platforms  Docker Hub  Repository for Docker Images  Docker Store  A storefront for official Docker images and plugins as well as licensed products  Docker Swarm  A multi-host-aware orchestration tool  Docker Cloud  Docker’s Container as a Service (CaaS)
Docker Images Layers  Layers are read only  An image is a collection of files and some meta data  Images are comprised of multiple layers  A layer is also contains software you want to run  Each image contains a base layer  Every image contains a base layer  Docker uses a copy on write systems
Docker Sharing Layers  Images can share layers in order to speed up transfer times and optimize disk and memory usage  Parent images that already exists on the host do not have to be downloaded
Portainer  Docker UI  „The easiest way to manage docker”  https://www.portainer.io/
Portainer docker volume create portainer_data docker run –name=portainer -d -p 9000:9000 --restart always -v /var/run/docker.sock:/var/run/docker.sock -v /opt/portainer:/data portainer/portainer
Portainer  https://portainer.io/overview.html  Detailed overview  Containers (List, Details, Stats, Logs, Console, Creation)  Images (List, Details)  Network (List)  Volumes (List)  Container Templates  Cluster overview  Services Management  Endpoint Management  User Management and User Access Control
Kitematic  Visual Docker Container Management on Mac & Windows  Run containers through a simple, yet powerful graphical user interface.  https://kitematic.com/  Legacy desktop solution boundled with Docker Toolbox.
Kitematic  Fast and Easy Setup  Docker Hub Integration  Seamless Experience Between CLI and GUI  Advantaged Features  Automatically map ports  Configuring volumes  Change environment variables  Streamline logs  CLI access to containers
Kitematic
Docker Desktop for Windows  Docker Desktop for Windows is the best way to get started with Docker on Windows  https://docs.docker.com/docker-for-windows/  Native application on UI  Auto update capability  No additional software required, e.g. Virtualbox  Windows: Hyper-V VM  Better networking and filesystem mounting/notification  Requires Windows 10 64-bit (Yosemite 10.10+)
Rancher OS  A simplified Linux distribution build from containers, for containers.  https://rancher.com/rancher-os/  https://github.com/rancher/os
Build Container Images  Dockerfile  FROM – Docker base  FROM alpine:latest  LABEL – extra information  LABEL maintainer = ‘”Andrzej Sydor”  RUN – commands to install software and run scripts  RUN mkdir –p /tmp/myapp/  COPY/ADD  COPY build/app.jar /etc/app.jar  ADD http://resource/files/html.tar.gz /usr/share/nginx/  EXPOSE – the port and the protocol exposed in runtime  EXPOSE 80/tcp  ENTRYPOINT/CMD  USER / WORKDIR / ONBUILD / ENV
Docker Build  docker image build –file <Dockerfile> --tag <REPO>:<TAG>  <REPO> - typically username on Docker Hub  <TAG> - unique container value  docker image build --tag local:dockerfile-example .  .(dot) – current folder
Storing images  Docker Registry Docker Hub Docker Store
Docker Registry  Service that storing your Docker images  Open source – Apache license  Tightly control where your images are being stored  Fully own your images distribution pipeline  Integrate image storage and distribution tightly into your in-house development Filesystem /var/lib/registry
Storing images  Docker Hub  Free for public images  Organizations  Repository  Automated build (GitHub, BitBucket)
Storing images  Docker Store  Docker images and plugins  Docker Certified
Third-party registries  Red Hat Container Catalog  OpenShift  Jfrog  Quay.io  Amazon EC2 Container Registry  Others: Microbadger e.g. inspect image
Networking & Volumes  IPAM (IP address management)  Planning, tracking and managing IP addressess within the network  IPAM has DNS and DHCP services
Docker – CPU/Memory  By default, a container can consume all available resources on the host machine if it requires it  Limit CPU usage  -c / --cpu-shares=1024  --cpu-period=25000 (microseconds)  --cpu-quota=25000 (microseconds)  Limit memory usage  --memory 1024M  --memory-swap 1024M  By default, when you set --memory, docker will set the --memory-swap size twice  --kernel-swap 1024M
Docker Security Scanning  Security Scanning feature (Non Free):  Docker Hub  Docker Cloud
Docker Security non-events  https://docs.docker.com/engine/security/non-events/  CVE-2013-1956, 1957, 1958, 1959, 1979, CVE-2014- 4014, 5206, 5207, 7970, 7975,CVE-2015-2925, 8543, CVE-2016-3134, 3135,  CVE-2014-0181, CVE-2015-3339  CVE-2014-4699  CVE-2014-9529  CVE-2015-3214, 4036  CVE-2016-0728  CVE-2016-2383  CVE-2016-3134, 4997, 4998
Docker Security Scanning  https://docs.docker.com/docker-cloud/builds/image-scan/  Free for Docker Cloud users  Clair  free  Peekr  Atomic Scan  docker diff  docker run --read-only …  docker run -v directory:/directory:ro ..
Docker Bench Security - examples  Host configuration  [WARN] 1.1 – Create a separate partition for containers  [WARN] 1.5 – Audit Docker daemon - /usr/bin/docker  [WARN] 1.6 – Audit Docker files and directories - /var/lib/docker  [WARN] 1.7 – Audit Docker files and directories - /etc/docker  [WARN] 1.8 – Audit Docker files and directories - /etc/default/docker
Docker Bench Security - examples  Docker daemon configuration  [WARN] 2.1 – Restrict network traffic between containers  [WARN] 2.8 – Enable user namespace support  [WARN] 2.11 – Use Authorization plugin  [WARN] 2.12 – Configure centralized and remote logging  [WARN] 2.13 – Disable operations on legacy registry (v1)  [WARN] 2.14 – Enable live restore  [WARN] 2.18 – Disable Userland Proxy
Docker Bench Security - examples  Docker daemon configuration files  Container images and build files  [WARN] 4.1 – Create a user and build files  [WARN] 4.5 – Enable Content trust for Docker  [WARN] 4.6 – Add HEALTHCHECK instruction to the container image
Docker Bench Security - examples  Container runtime  [WARN] 5.2 – Verify SELinux security options, if applicable  [PASS] – 5.1 – Do not disable AppArmor Profile  [WARN] 5.4 – Do not use privileged containers  [WARN] 5.6 – Do not run ssh within containers  [WARN] 5.10 – Limit memory usage for container  [WARN] 5.11 – Set container CPU priority appriopriately  [WARN] 5.12 – Mount container’s root files as read only  [WARN] 5.13 – Bind incoming container traffic to a specific host interface  [WARN] 5.14 – Set the ‘on-failure’ container restart policy to 5
Docker Bench Security - examples  Docker security operations  [INFO] 6.1 – Perform regular security audits of your host system and containers  [INFO] 6.2 – Monitor Docker container usage, performance and metering  [INFO] 6.3 – Backup container data  [INFO] 6.4 – Avoid image sprawl  [INFO] 6.5 – Avoid container sprawl
Third Party Security services  Quay  https://quay.io/  Clair  https://github.com/coreos/clair/
Docker Swarm  Docker Clusters  Distribute containers across multiple hosts  Scale Containers  Docker Swarm standalone ended suport for version 1.11 in the first quarter in 2017  Docker 1.12 introduced Docker Swarm mode  All function introduced
Docker Swarm Roles  Swarm Manager  Central management point of all Swarm hosts  Commands to control nodes: switch between nodes, join nodes, remove nodes, manipulate hosts  Each cluster can run several Swarm managers  Recomended run a minimum of five Swarm managers (two noes failure before start have any errors)  Swarm Worker  Run docker containers
Docker - best practices  One application per container  Only install what you need  Review who has access to your Docker hosts  Use the latest version  Use the resources
Docker Bench Security  https://github.com/docker/docker-bench-security  The Docker Bench Security is a script that checks for dozens of common best-practices around deploying Docker containers in production  The tool will inspect:  The host configuration  The docker daemon configuration  The docker daemon configuration files  Container images and build files  Container runtime  The docker security operations
Tools  cAdvisor https://github.com/google/cadvisor/  Analyzes resource usage and performance characteristics of running containers  Node-exporter https://github.com/prometheus/node_exporter/  Exporter for machine metrics http://prometheus.io/  Prometheus https://prometheus.io/  Power your metrics and alerting with a leading open-source monitoring solution  Grafana https://grafana.com/  The open platform for beautiful analytics and monitoring
Links  https://labs.play-with-docker.com/  https://training.play-with-docker.com  https://cloud.docker.com  https://docs.docker.com/develop/develop-images/dockerfile_best- practices  https://circleci.com/pricing/  https://app.codeship.com/
Ad

Recommended

Docker Understanding, What is Docker? Why Docker? How do I containerize somet...
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...Docker Understanding, What is Docker? Why Docker? How do I containerize somet...
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...
Yogesh Wadile
 
Docker Commands With Examples | Docker Tutorial | DevOps Tutorial | Docker Tr...
Docker Commands With Examples | Docker Tutorial | DevOps Tutorial | Docker Tr...Docker Commands With Examples | Docker Tutorial | DevOps Tutorial | Docker Tr...
Docker Commands With Examples | Docker Tutorial | DevOps Tutorial | Docker Tr...
Edureka!
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
Balaji Rajan
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Instruqt
 
Docker Container Introduction
Docker Container IntroductionDocker Container Introduction
Docker Container Introduction
Innfinision Cloud and BigData Solutions
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based Deployments
Ben Hall
 
docker installation and basics
docker installation and basicsdocker installation and basics
docker installation and basics
Walid Ashraf
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with docker
Bangladesh Network Operators Group
 
Docker : Container Virtualization
Docker : Container VirtualizationDocker : Container Virtualization
Docker : Container Virtualization
Ranjan Baisak
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707
Clarence Ho
 
Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30
Khelender Sasan
 
Docker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDocker 101 - High level introduction to docker
Docker 101 - High level introduction to docker
Dr Ganesh Iyer
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT Campus
Ajeet Singh Raina
 
Docker, the Future of DevOps
Docker, the Future of DevOpsDocker, the Future of DevOps
Docker, the Future of DevOps
andersjanmyr
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To Docker
Hamilton Turner
 
Docker Overview - Rise of the Containers
Docker Overview - Rise of the ContainersDocker Overview - Rise of the Containers
Docker Overview - Rise of the Containers
Ryan Hodgin
 
Docker introduction for the beginners
Docker introduction for the beginnersDocker introduction for the beginners
Docker introduction for the beginners
Juneyoung Oh
 
Docker
DockerDocker
Docker
Mutlu Okuducu
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
Thomas Tong, FRM, PMP
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
Araf Karsh Hamid
 
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
Edureka!
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Christophe Muller
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
Runcy Oommen
 
Why Docker
Why DockerWhy Docker
Why Docker
dotCloud
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Jian Wu
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Phuc Nguyen
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
Simplilearn
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
Jeffrey Ellin
 
Docker for developers z java
Docker for developers z javaDocker for developers z java
Docker for developers z java
andrzejsydor
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
양재동 코드랩
 
Ad

More Related Content

What's hot (20)

Docker : Container Virtualization
Docker : Container VirtualizationDocker : Container Virtualization
Docker : Container Virtualization
Ranjan Baisak
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707
Clarence Ho
 
Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30
Khelender Sasan
 
Docker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDocker 101 - High level introduction to docker
Docker 101 - High level introduction to docker
Dr Ganesh Iyer
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT Campus
Ajeet Singh Raina
 
Docker, the Future of DevOps
Docker, the Future of DevOpsDocker, the Future of DevOps
Docker, the Future of DevOps
andersjanmyr
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To Docker
Hamilton Turner
 
Docker Overview - Rise of the Containers
Docker Overview - Rise of the ContainersDocker Overview - Rise of the Containers
Docker Overview - Rise of the Containers
Ryan Hodgin
 
Docker introduction for the beginners
Docker introduction for the beginnersDocker introduction for the beginners
Docker introduction for the beginners
Juneyoung Oh
 
Docker
DockerDocker
Docker
Mutlu Okuducu
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
Thomas Tong, FRM, PMP
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
Araf Karsh Hamid
 
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
Edureka!
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Christophe Muller
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
Runcy Oommen
 
Why Docker
Why DockerWhy Docker
Why Docker
dotCloud
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Jian Wu
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Phuc Nguyen
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
Simplilearn
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
Jeffrey Ellin
 
Docker : Container Virtualization
Docker : Container VirtualizationDocker : Container Virtualization
Docker : Container Virtualization
Ranjan Baisak
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707
Clarence Ho
 
Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30
Khelender Sasan
 
Docker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDocker 101 - High level introduction to docker
Docker 101 - High level introduction to docker
Dr Ganesh Iyer
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT Campus
Ajeet Singh Raina
 
Docker, the Future of DevOps
Docker, the Future of DevOpsDocker, the Future of DevOps
Docker, the Future of DevOps
andersjanmyr
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To Docker
Hamilton Turner
 
Docker Overview - Rise of the Containers
Docker Overview - Rise of the ContainersDocker Overview - Rise of the Containers
Docker Overview - Rise of the Containers
Ryan Hodgin
 
Docker introduction for the beginners
Docker introduction for the beginnersDocker introduction for the beginners
Docker introduction for the beginners
Juneyoung Oh
 
Docker
DockerDocker
Docker
Mutlu Okuducu
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
Thomas Tong, FRM, PMP
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
Araf Karsh Hamid
 
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
Edureka!
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Christophe Muller
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
Runcy Oommen
 
Why Docker
Why DockerWhy Docker
Why Docker
dotCloud
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Jian Wu
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Phuc Nguyen
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
Simplilearn
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
Jeffrey Ellin
 

Similar to Docker for developers (20)

Docker for developers z java
Docker for developers z javaDocker for developers z java
Docker for developers z java
andrzejsydor
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
양재동 코드랩
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 aug
Vincent De Smet
 
Docker: A New Way to Turbocharging Your Apps Development
Docker: A New Way to Turbocharging Your Apps DevelopmentDocker: A New Way to Turbocharging Your Apps Development
Docker: A New Way to Turbocharging Your Apps Development
msyukor
 
Faster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker PlatformFaster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker Platform
msyukor
 
Docker
DockerDocker
Docker
Narato
 
containers and virtualization tools ( Docker )
containers and virtualization tools ( Docker )containers and virtualization tools ( Docker )
containers and virtualization tools ( Docker )
Imo Inyang
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Patrick Chanezon
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET Developers
Taswar Bhatti
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
Roman Rodomansky
 
Getting Started With Docker: Simplifying DevOps
Getting Started With Docker: Simplifying DevOpsGetting Started With Docker: Simplifying DevOps
Getting Started With Docker: Simplifying DevOps
demoNguyen
 
Docker how to
Docker how toDocker how to
Docker how to
Patryk Omiotek
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
Patrick Chanezon
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to Geek
wiTTyMinds1
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Hero
fazalraja
 
Docker In Brief
Docker In BriefDocker In Brief
Docker In Brief
Ritu Kamthan
 
How to _docker
How to _dockerHow to _docker
How to _docker
Abdur Rab Marjan
 
Docker 101 describing basic docker usage
Docker 101 describing basic docker usageDocker 101 describing basic docker usage
Docker 101 describing basic docker usage
ZiyanMaraikar1
 
IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and Docker
David Currie
 
Docker
DockerDocker
Docker
Ramchandra Koty
 
Docker for developers z java
Docker for developers z javaDocker for developers z java
Docker for developers z java
andrzejsydor
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
양재동 코드랩
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 aug
Vincent De Smet
 
Docker: A New Way to Turbocharging Your Apps Development
Docker: A New Way to Turbocharging Your Apps DevelopmentDocker: A New Way to Turbocharging Your Apps Development
Docker: A New Way to Turbocharging Your Apps Development
msyukor
 
Faster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker PlatformFaster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker Platform
msyukor
 
Docker
DockerDocker
Docker
Narato
 
containers and virtualization tools ( Docker )
containers and virtualization tools ( Docker )containers and virtualization tools ( Docker )
containers and virtualization tools ( Docker )
Imo Inyang
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Patrick Chanezon
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET Developers
Taswar Bhatti
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
Roman Rodomansky
 
Getting Started With Docker: Simplifying DevOps
Getting Started With Docker: Simplifying DevOpsGetting Started With Docker: Simplifying DevOps
Getting Started With Docker: Simplifying DevOps
demoNguyen
 
Docker how to
Docker how toDocker how to
Docker how to
Patryk Omiotek
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
Patrick Chanezon
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to Geek
wiTTyMinds1
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Hero
fazalraja
 
Docker In Brief
Docker In BriefDocker In Brief
Docker In Brief
Ritu Kamthan
 
How to _docker
How to _dockerHow to _docker
How to _docker
Abdur Rab Marjan
 
Docker 101 describing basic docker usage
Docker 101 describing basic docker usageDocker 101 describing basic docker usage
Docker 101 describing basic docker usage
ZiyanMaraikar1
 
IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and Docker
David Currie
 
Docker
DockerDocker
Docker
Ramchandra Koty
 
Ad

Recently uploaded (20)

Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptxLidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
RishavKumar530754
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Journal of Soft Computing in Civil Engineering
 
ELectronics Boards & Product Testing_Shiju.pdf
ELectronics Boards & Product Testing_Shiju.pdfELectronics Boards & Product Testing_Shiju.pdf
ELectronics Boards & Product Testing_Shiju.pdf
Shiju Jacob
 
Introduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICSIntroduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICS
narayanaswamygdas
 
π0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalizationπ0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalization
NABLAS株式会社
 
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G..."Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
Infopitaara
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E..."Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
Infopitaara
 
Metal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistryMetal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistry
mee23nu
 
DSP and MV the Color image processing.ppt
DSP and MV the Color image processing.pptDSP and MV the Color image processing.ppt
DSP and MV the Color image processing.ppt
HafizAhamed8
 
Degree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialistDegree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialist
shreyabhosale19
 
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
inmishra17121973
 
new ppt artificial intelligence historyyy
new ppt artificial intelligence historyyynew ppt artificial intelligence historyyy
new ppt artificial intelligence historyyy
PianoPianist
 
Mathematical foundation machine learning.pdf
Mathematical foundation machine learning.pdfMathematical foundation machine learning.pdf
Mathematical foundation machine learning.pdf
TalhaShahid49
 
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptxExplainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
MahaveerVPandit
 
Compiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptxCompiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptx
RushaliDeshmukh2
 
QA/QC Manager (Quality management Expert)
QA/QC Manager (Quality management Expert)QA/QC Manager (Quality management Expert)
QA/QC Manager (Quality management Expert)
rccbatchplant
 
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Journal of Soft Computing in Civil Engineering
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptxLidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
RishavKumar530754
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Journal of Soft Computing in Civil Engineering
 
ELectronics Boards & Product Testing_Shiju.pdf
ELectronics Boards & Product Testing_Shiju.pdfELectronics Boards & Product Testing_Shiju.pdf
ELectronics Boards & Product Testing_Shiju.pdf
Shiju Jacob
 
Introduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICSIntroduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICS
narayanaswamygdas
 
π0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalizationπ0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalization
NABLAS株式会社
 
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G..."Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
Infopitaara
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E..."Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
Infopitaara
 
Metal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistryMetal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistry
mee23nu
 
DSP and MV the Color image processing.ppt
DSP and MV the Color image processing.pptDSP and MV the Color image processing.ppt
DSP and MV the Color image processing.ppt
HafizAhamed8
 
Degree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialistDegree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialist
shreyabhosale19
 
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
inmishra17121973
 
new ppt artificial intelligence historyyy
new ppt artificial intelligence historyyynew ppt artificial intelligence historyyy
new ppt artificial intelligence historyyy
PianoPianist
 
Mathematical foundation machine learning.pdf
Mathematical foundation machine learning.pdfMathematical foundation machine learning.pdf
Mathematical foundation machine learning.pdf
TalhaShahid49
 
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptxExplainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
MahaveerVPandit
 
Compiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptxCompiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptx
RushaliDeshmukh2
 
QA/QC Manager (Quality management Expert)
QA/QC Manager (Quality management Expert)QA/QC Manager (Quality management Expert)
QA/QC Manager (Quality management Expert)
rccbatchplant
 
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Journal of Soft Computing in Civil Engineering
 
Ad

Docker for developers

  • 2. Docker  Docker is the leading software container platform  Founded in 2013 as Linux developer tool  Fundamentally solves the „works on my machine” problem  Container industry inventor, leader and innovative  Transform app and infrastructure security, portability, agility and efficiency
  • 3. One Application on One Physical Server  Limitations  Slow development times  Huge costs  Wasted resources  Difficult to scale  Difficult to migrate  Vendor lock in
  • 4. Hypervisior – Based Virtualization  Benefit:  Better resource pooling  One physical machine divided into multiple virtual machines  Easier to scale  VMs in the cloud  Rapid elasticity  Pay as you go model  Limitations:  Each VM stills requires:  CPU limitations  Storage  RAM  An entire guest operating system  Full guest OS means wasted resources  Application portability not guaranteed
  • 5. Docker  Standarized packaging for software and dependencies  Isolate apps from each other  Share the same OS kernel  Works with all major Linux and Windows Server
  • 7. Key Benefits of Docker Containers  Speed  No OS to boot – applications online in seconds  Portability  Less dependencies between proces layers = ability to move between infrastructure  Efficiency  Less OS overhead  Improved resource efficiency
  • 8. WORA / PODA  WORA = Write Once Run Anywhere {J,W,E}AR  PODA = Package Once Deploy Anywhere
  • 9. Docker  Image  The basis of a Docker container  Registry  Stores, distributes and manages Docker images  Container  The image when it is ‚running’  Swarm Cluster  Cluster of Docker hosts  Control Pane  Management plane for container and cluster orchestration
  • 10. Docker  Docker Compose  Define and share multi-container definitions  Docker Machine  A tool to launch Docker hosts on multiple platforms  Docker Hub  Repository for Docker Images  Docker Store  A storefront for official Docker images and plugins as well as licensed products  Docker Swarm  A multi-host-aware orchestration tool  Docker Cloud  Docker’s Container as a Service (CaaS)
  • 11. Docker Images Layers  Layers are read only  An image is a collection of files and some meta data  Images are comprised of multiple layers  A layer is also contains software you want to run  Each image contains a base layer  Every image contains a base layer  Docker uses a copy on write systems
  • 12. Docker Sharing Layers  Images can share layers in order to speed up transfer times and optimize disk and memory usage  Parent images that already exists on the host do not have to be downloaded
  • 13. Portainer  Docker UI  „The easiest way to manage docker”  https://www.portainer.io/
  • 14. Portainer docker volume create portainer_data docker run –name=portainer -d -p 9000:9000 --restart always -v /var/run/docker.sock:/var/run/docker.sock -v /opt/portainer:/data portainer/portainer
  • 15. Portainer  https://portainer.io/overview.html  Detailed overview  Containers (List, Details, Stats, Logs, Console, Creation)  Images (List, Details)  Network (List)  Volumes (List)  Container Templates  Cluster overview  Services Management  Endpoint Management  User Management and User Access Control
  • 16. Kitematic  Visual Docker Container Management on Mac & Windows  Run containers through a simple, yet powerful graphical user interface.  https://kitematic.com/  Legacy desktop solution boundled with Docker Toolbox.
  • 17. Kitematic  Fast and Easy Setup  Docker Hub Integration  Seamless Experience Between CLI and GUI  Advantaged Features  Automatically map ports  Configuring volumes  Change environment variables  Streamline logs  CLI access to containers
  • 19. Docker Desktop for Windows  Docker Desktop for Windows is the best way to get started with Docker on Windows  https://docs.docker.com/docker-for-windows/  Native application on UI  Auto update capability  No additional software required, e.g. Virtualbox  Windows: Hyper-V VM  Better networking and filesystem mounting/notification  Requires Windows 10 64-bit (Yosemite 10.10+)
  • 20. Rancher OS  A simplified Linux distribution build from containers, for containers.  https://rancher.com/rancher-os/  https://github.com/rancher/os
  • 21. Build Container Images  Dockerfile  FROM – Docker base  FROM alpine:latest  LABEL – extra information  LABEL maintainer = ‘”Andrzej Sydor”  RUN – commands to install software and run scripts  RUN mkdir –p /tmp/myapp/  COPY/ADD  COPY build/app.jar /etc/app.jar  ADD http://resource/files/html.tar.gz /usr/share/nginx/  EXPOSE – the port and the protocol exposed in runtime  EXPOSE 80/tcp  ENTRYPOINT/CMD  USER / WORKDIR / ONBUILD / ENV
  • 22. Docker Build  docker image build –file <Dockerfile> --tag <REPO>:<TAG>  <REPO> - typically username on Docker Hub  <TAG> - unique container value  docker image build --tag local:dockerfile-example .  .(dot) – current folder
  • 23. Storing images  Docker Registry Docker Hub Docker Store
  • 24. Docker Registry  Service that storing your Docker images  Open source – Apache license  Tightly control where your images are being stored  Fully own your images distribution pipeline  Integrate image storage and distribution tightly into your in-house development Filesystem /var/lib/registry
  • 25. Storing images  Docker Hub  Free for public images  Organizations  Repository  Automated build (GitHub, BitBucket)
  • 26. Storing images  Docker Store  Docker images and plugins  Docker Certified
  • 27. Third-party registries  Red Hat Container Catalog  OpenShift  Jfrog  Quay.io  Amazon EC2 Container Registry  Others: Microbadger e.g. inspect image
  • 28. Networking & Volumes  IPAM (IP address management)  Planning, tracking and managing IP addressess within the network  IPAM has DNS and DHCP services
  • 29. Docker – CPU/Memory  By default, a container can consume all available resources on the host machine if it requires it  Limit CPU usage  -c / --cpu-shares=1024  --cpu-period=25000 (microseconds)  --cpu-quota=25000 (microseconds)  Limit memory usage  --memory 1024M  --memory-swap 1024M  By default, when you set --memory, docker will set the --memory-swap size twice  --kernel-swap 1024M
  • 30. Docker Security Scanning  Security Scanning feature (Non Free):  Docker Hub  Docker Cloud
  • 31. Docker Security non-events  https://docs.docker.com/engine/security/non-events/  CVE-2013-1956, 1957, 1958, 1959, 1979, CVE-2014- 4014, 5206, 5207, 7970, 7975,CVE-2015-2925, 8543, CVE-2016-3134, 3135,  CVE-2014-0181, CVE-2015-3339  CVE-2014-4699  CVE-2014-9529  CVE-2015-3214, 4036  CVE-2016-0728  CVE-2016-2383  CVE-2016-3134, 4997, 4998
  • 32. Docker Security Scanning  https://docs.docker.com/docker-cloud/builds/image-scan/  Free for Docker Cloud users  Clair  free  Peekr  Atomic Scan  docker diff  docker run --read-only …  docker run -v directory:/directory:ro ..
  • 33. Docker Bench Security - examples  Host configuration  [WARN] 1.1 – Create a separate partition for containers  [WARN] 1.5 – Audit Docker daemon - /usr/bin/docker  [WARN] 1.6 – Audit Docker files and directories - /var/lib/docker  [WARN] 1.7 – Audit Docker files and directories - /etc/docker  [WARN] 1.8 – Audit Docker files and directories - /etc/default/docker
  • 34. Docker Bench Security - examples  Docker daemon configuration  [WARN] 2.1 – Restrict network traffic between containers  [WARN] 2.8 – Enable user namespace support  [WARN] 2.11 – Use Authorization plugin  [WARN] 2.12 – Configure centralized and remote logging  [WARN] 2.13 – Disable operations on legacy registry (v1)  [WARN] 2.14 – Enable live restore  [WARN] 2.18 – Disable Userland Proxy
  • 35. Docker Bench Security - examples  Docker daemon configuration files  Container images and build files  [WARN] 4.1 – Create a user and build files  [WARN] 4.5 – Enable Content trust for Docker  [WARN] 4.6 – Add HEALTHCHECK instruction to the container image
  • 36. Docker Bench Security - examples  Container runtime  [WARN] 5.2 – Verify SELinux security options, if applicable  [PASS] – 5.1 – Do not disable AppArmor Profile  [WARN] 5.4 – Do not use privileged containers  [WARN] 5.6 – Do not run ssh within containers  [WARN] 5.10 – Limit memory usage for container  [WARN] 5.11 – Set container CPU priority appriopriately  [WARN] 5.12 – Mount container’s root files as read only  [WARN] 5.13 – Bind incoming container traffic to a specific host interface  [WARN] 5.14 – Set the ‘on-failure’ container restart policy to 5
  • 37. Docker Bench Security - examples  Docker security operations  [INFO] 6.1 – Perform regular security audits of your host system and containers  [INFO] 6.2 – Monitor Docker container usage, performance and metering  [INFO] 6.3 – Backup container data  [INFO] 6.4 – Avoid image sprawl  [INFO] 6.5 – Avoid container sprawl
  • 38. Third Party Security services  Quay  https://quay.io/  Clair  https://github.com/coreos/clair/
  • 39. Docker Swarm  Docker Clusters  Distribute containers across multiple hosts  Scale Containers  Docker Swarm standalone ended suport for version 1.11 in the first quarter in 2017  Docker 1.12 introduced Docker Swarm mode  All function introduced
  • 40. Docker Swarm Roles  Swarm Manager  Central management point of all Swarm hosts  Commands to control nodes: switch between nodes, join nodes, remove nodes, manipulate hosts  Each cluster can run several Swarm managers  Recomended run a minimum of five Swarm managers (two noes failure before start have any errors)  Swarm Worker  Run docker containers
  • 41. Docker - best practices  One application per container  Only install what you need  Review who has access to your Docker hosts  Use the latest version  Use the resources
  • 42. Docker Bench Security  https://github.com/docker/docker-bench-security  The Docker Bench Security is a script that checks for dozens of common best-practices around deploying Docker containers in production  The tool will inspect:  The host configuration  The docker daemon configuration  The docker daemon configuration files  Container images and build files  Container runtime  The docker security operations
  • 43. Tools  cAdvisor https://github.com/google/cadvisor/  Analyzes resource usage and performance characteristics of running containers  Node-exporter https://github.com/prometheus/node_exporter/  Exporter for machine metrics http://prometheus.io/  Prometheus https://prometheus.io/  Power your metrics and alerting with a leading open-source monitoring solution  Grafana https://grafana.com/  The open platform for beautiful analytics and monitoring
  • 44. Links  https://labs.play-with-docker.com/  https://training.play-with-docker.com  https://cloud.docker.com  https://docs.docker.com/develop/develop-images/dockerfile_best- practices  https://circleci.com/pricing/  https://app.codeship.com/