You're reading from Mastering Docker, Fourth Edition Enhance your containerization and DevOps skills to deliver production-ready applications

Product type Paperback

Published in Oct 2020

Publisher Packt

ISBN-13 9781839216572

Length 568 pages

Edition 4th Edition

Tools

Docker

Concepts

Containerization

Author (1):

Russ McKendrick

View More author details

Table of Contents (22) Chapters

Preface

1. Section 1: Getting Up and Running with Docker

2. Chapter 1: Docker Overview FREE CHAPTER

3. Chapter 2: Building Container Images

4. Chapter 3: Storing and Distributing Images

5. Chapter 4: Managing Containers

6. Chapter 5: Docker Compose

7. Chapter 6: Docker Machine, Vagrant, and Multipass

8. Section 2: Clusters and Clouds

9. Chapter 7: Moving from Linux to Windows Containers

10. Chapter 8: Clustering with Docker Swarm

11. Chapter 9: Portainer – A GUI for Docker

12. Chapter 10: Running Docker in Public Clouds

13. Chapter 11: Docker and Kubernetes

14. Chapter 12: Discovering other Kubernetes options

15. Chapter 13: Running Kubernetes in Public Clouds

16. Section 3: Best Practices

17. Chapter 14: Docker Security

18. Chapter 15: Docker Workflows

19. Chapter 16: Next Steps with Docker

20. Assessments

21. Other Books You May Enjoy

Leave a review - let other readers know what you think

Docker commands

There are two commands that we will be looking at. The first will be the docker container run command so that you can see some of the items that you can use to your advantage with this command. Secondly, we will take a look at the docker container diff command, which you can use to view what has been done with the image that you are planning to use.

Let's take a look at how we can use these two commands to help secure our containers.

The Docker Run command

With respect to the docker run command, we will mainly focus on the option that allows you to set everything inside the container as read-only, instead of a specified directory or volume. This helps to limit the amount of damage that can be caused by malicious "applications" that could also hijack a vulnerable application by updating its binaries.

Let's take a look at how to launch a read-only container, and then break down what it does, as follows: