Goals
- Know the characteristics of a Linux container and discover Docker
- Install and use Docker, know the advanced features
- Control Docker images and their life cycle, write « Dockerfiles »
- Know and configure a Registry (public and private)
- Control Docker network concepts (drivers, links)
- Understanding and mastering data persistence (drivers, volumes)
- Mastering the notion of Docker service and stack with Docker-compose
- Using Docker Swarm to deploy a production-oriented stack
- Mastering the right ones practices
- Control the security of your docker platform
Program
The different forms of virtualization and their concept
Presentation of the advantages and use cases of containers
Presentation of Docker and its architecture
Install Docker
Use basic Docker client commands
Explain a container and its lifecycle
Instantiate a container (interactive mode, detached mode)
Administer and monitor a container from the docker host (exec, inspect, logs …)
Practical workshop : Setting up Docker, starting and administering a first micro service
Presentation of the concept of Docker images (Docker Hub, custom images)
The different methods of designing a Docker image
Create an image from a container (commit)
Create an image from a Dockerfile
Instructions in a Dockerfile (FROM, COPY, ADD, EXPOSE, ENTRYPOINT, CMD)
Manage the lifecycle of images (labels, tags, minor / major versioning)
Select and retrieve an image from the « Docker Hub » community
The concept of layers and cache ( optimization)
The registry and image storage (private registry, « Docker Hub » registry)
Practical workshop : Creation, installation of images. Setting up a private registry and managing its images
The container in its network (Docker network stack)
Port forwarding (PAT)
Connecting containers (links)
The different networks offered by Docker (drivers, impacts and partitions)
Practical workshop: Making containers communicate, setting up a LEMP from 3 containers: PHP, MySQL, nginx
The principle of volumes associated with a container
Create and persist docker volumes
Manage configuration models and their best practices
Practical workshop: Create volumes on your Docker host to persist and visualize container data
Introduction to DevOps
Docker-compose: the solution to create, assemble and administer your container service
Set up execution control
Practical workshop: Setting up a LEMP with Docker-compose from 3 containers previously discussed: PHP, MySQL, nginx
Docker-machine challenges (quickly create your Docker platform before going into production)
The Swarm orchestrator: nodes, services
Deployment of services and stacks in a Swarm
How to secure the Docker infrastructure (TLS / SSL, Apparmor and SeLinux)
Management interface (Portainer)
Presentation of deployment and configuration management tools (ansible, puppet, salt)
Presentation of the different orchestrators
Demonstrations: Create a Docker Swarm cluster. Deploy a Docker stack. Administer the stack (scale)
Duration
5 days
Price
£ 2832
Audience
Systems and Network Administrators - CIO
Prerequisites
Basics of system administration on Linux and Windows
Reference
OUT101043-F
Reminders on the design of « Dockerfiles »
Develop a design and fine management of the image lifecycle
Justify the management of the cache with « layers »
Break with the idempotence system
Build an image in « multi-stage builds »
Check the » application status in the image
Identify essential community projects: analysis, metrics, reverse-proxy, security
Practical workshop:
- Image creation via multistage-build
- Layer analysis, cache optimization
- Use of the private registry
- Use of community images
Reminders on concepts
Assemble resources (services, networks, volumes)
Intelligently integrate environment variables
Adapt build contexts: « Dockerfile »
Resolve dependencies between services
Set up execution control
Industrialize a stack docker-compose
Practical workshop:
- Design of an application through docker-compose and dockerfile
- Industrialization of the creation of docker-compose stack with the cookiecutter tool
Define the challenges of an orchestrator
Explain Swarm and its functionalities
Illustrate the notion of nodes (manager, worker)
Examine the network and the « mesh topologies »
Practical workshop:
- Installation of a swarm cluster (with docker-machine)
- Installation of infra visualization and monitoring tools
- Starting a service and scaling within the cluster
Consolidate resources through docker update commands
Delimit container execution domains (labels, node placements)
Use « rolling update » and « rollback » mechanisms
Practical workshop:
- On the basis of the infrastructure previously put in place, we will perform version upgrades, then perform rollbacks
- Optimization of the location of the containers
Secure the platform with TLS / SSL (client, hosts, registry)
Identify the risks: kernel, Docker service, containers, denial of service, network access
Use protection mechanisms: specific « subnet » by application, resource limitations by » cgroups « , access rights restrictions on sockets, container security policy
Examine docker » events «
Make images deployed in Docker more reliable: presentation of » Content Trust « to sign images
Practical workshop:
- Highlighting security flaws and best practices to adopt. Isolations and resource limitations
- Creation and deployment of signed images
Sessions
Contact us for more informations about session date