Meeting Notes

Resources

• Docker Certification site w/Study Guide
• Docker Certified Associate Exam Prep Guide - w/links from exam bullets
• Sample test questions
• Practice tests on Udemy

Exercises

• Interactive Scenarios - Kubernetes, Docker, etc - Katakoda
• Deploy sample app to Swarm
• Docker Swarm Workshop, J. Petazzo
• Linux Container from Scratch, Joshua Hoffman

Sandboxes:

• Play with Kubernetes
• Play with Docker Enterprise

Docker Deep Dive Notes

1. Chapter 1-4 notes

   Exercises:

   • Configure Docker daemon to start on boot
   • Which storage driver should be used on what OS? Per node decision. Overlay2 becoming favored.
   • Configure devicemapper for production

2. Docker Engine

3. Images

   Exercises

   • Display layers and create new for writes
   • Tag with multiple and push image to registry
   • Invalidate image cache and optimize for writing files
   • Search Docker Hub with docker search <name>

4. Containers

5. Containerizing an app

   Exercises

   • create multi-stage build dockerfile

6. Deploying Apps with Docker Compose

7. Swarm

   Exercises

   • Setup a swarm, create 2nd node and join it, run container as service
   • Run app as stack
   • Scale
   • Update app
   • Run replicated and global service
   • Apply node labels to manage placement of tasks
   • Raft consensus to manage cluster state, to keep master replicas have same state - allows (N-1)/2 failures, and requires quorum of (N/2)+1

8. Docker Networking

9. Docker overlay networking

   Exercises

   • create overlay network on 2+ node swarm, attach a service to it

     1. docker network create -d overlay my-swarm-overlay
     2. docker service create --name test --network my-swarm-overlay --replicas=2 ubuntu sleep infinity

10. Volumes and persistent data

11. Deploying apps with Docker Stacks

12. Security in Docker

    Docker works with its own and latest OS tech for security.

    • Docker tech: secrets management, docker content trust, security scanning
    • OS (linux) tech: seccomp, mandatory access control, capabilities, control groups, kernel namespaces
      • Docker utilizes these namespaces: pid, net, mnt, ipc, user, uts
      • All new containers get a sensible default seecomp profile
    • Rotate swarm join token, docker swarm join-token --rotate manager

13. Tools for the enterprise

    • Installing and backing up/restoring Swarm, UCP, DTR
    • Disaster Recovery for UCP & DTR

14. Enterprise-grade features

    • UCP RBAC, Docker Content Trust (DTC), HTTP routing mesh