Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Learning Docker Networking
Credits
About the Authors
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
1. Docker Networking Primer
Networking and Docker
Linux bridges
Open vSwitch
NAT
IPtables
AppArmor/SELinux
The docker0 bridge
The --net default mode
The --net=none mode
The --net=container:$container2 mode
The --net=host mode
Port mapping in Docker container
Docker OVS
Unix domain socket
Linking Docker containers
Links
What's new in Docker networking?
Sandbox
Endpoint
Network
The Docker CNM model
Summary
2. Docker Networking Internals
Configuring the IP stack for Docker
IPv4 support
IPv6 support
Configuring a DNS server
Communication between containers and external networks
Restricting SSH access from one container to another
Configuring the Docker bridge
Overlay networks and underlay networks
Summary
3. Building Your First Docker Network
Introduction to Pipework
Multiple containers over a single host
Weave your containers
Open vSwitch
Single host OVS
Creating an OVS bridge
Multiple host OVS
Networking with overlay networks – Flannel
Summary
4. Networking in a Docker Cluster
Docker Swarm
Docker Swarm setup
Docker Swarm networking
Kubernetes
Deploying Kubernetes on AWS
Kubernetes networking and its differences to Docker networking
Deploying the Kubernetes pod
Mesosphere
Docker containers
Deploying a web app using Docker
Deploying Mesos on AWS using DCOS
Summary
5. Security and QoS for Docker Containers
Filesystem restrictions
Read-only mount points
sysfs
procfs
/dev/pts
/sys/fs/cgroup
Copy-on-write
Linux capabilities
Securing containers in AWS ECS
Understanding Docker security I – kernel namespaces
pid namespace
net namespace
Basic network namespace management
Network namespace configuration
User namespace
Creating a new user namespace
Understanding Docker security II – cgroups
Defining cgroups
Why are cgroups required?
Creating a cgroup manually
Attaching processes to cgroups
Docker and cgroups
Using AppArmor to secure Docker containers
AppArmor and Docker
Docker security benchmark
Audit Docker daemon regularly
Create a user for the container
Do not mount sensitive host system directories on containers
Do not use privileged containers
Summary
6. Next Generation Networking Stack for Docker: libnetwork
Goal
Design
CNM objects
Sandbox
Endpoint
Network
Network controller
CNM attributes
CNM lifecycle
Driver
Bridge driver
Overlay network driver
Using overlay network with Vagrant
Overlay network deployment Vagrant setup
Overlay network with Docker Machine and Docker Swarm
Prerequisites
Key-value store installation
Create a Swarm cluster with two nodes
Creating an overlay network
Creating containers using an overlay network
Container network interface
CNI plugin
Network configuration
IP allocation
IP address management interface
Project Calico's libnetwork driver
Summary
Index
← Prev
Back
Next →
← Prev
Back
Next →