You're reading from Docker for Developers Develop and run your application with Docker containers using DevOps tools for continuous delivery

Product type Paperback

Published in Sep 2020

Publisher Packt

ISBN-13 9781789536058

Length 468 pages

Edition 1st Edition

Tools

Docker

Concepts

Containerization

Authors (3):

Richard Bullington-McGuire

Michael Schwartz

Andrew K. Dennis

View More author details

Table of Contents (21) Chapters

Preface

1. Section 1: An Introduction to Docker – Containers and Local Development

2. Chapter 1: Introduction to Docker FREE CHAPTER

3. Chapter 2: Using VirtualBox and Docker Containers for Development

4. Chapter 3: Sharing Containers Using Docker Hub

5. Chapter 4: Composing Systems Using Containers

6. Section 2: Running Docker in Production

7. Chapter 5: Alternatives for Deploying and Running Containers in Production

8. Chapter 6: Deploying Applications with Docker Compose

9. Chapter 7: Continuous Deployment with Jenkins

10. Chapter 8: Deploying Docker Apps to Kubernetes

11. Chapter 9: Cloud-Native Continuous Deployment Using Spinnaker

12. Chapter 10: Monitoring Docker Using Prometheus, Grafana, and Jaeger

13. Chapter 11: Scaling and Load Testing Docker Applications

14. Section 3: Docker Security – Securing Your Containers

15. Chapter 12: Introduction to Container Security

16. Chapter 13: Docker Security Fundamentals and Best Practices

17. Chapter 14: Advanced Docker Security – Secrets, Secret Commands, Tagging, and Labels

18. Chapter 15: Scanning, Monitoring, and Using Third-Party Tools

19. Chapter 16: Conclusion – End of the Road, but not the Journey

20. Other Books You May Enjoy

Leave a review - let other readers know what you think

A note on cgroups

Linux cgroups are a mechanism used to control the number of processes that can be spawned and so prevent a system from suffering severe performance loss or worse, crashing.

By using cgroups, we can set a limit to the number of processes that can be spawned through the fork() and clone() operations. Once a limit is hit, it's not possible to generate any further processes under the cgroup. Additionally, cgroups support the ability to set CPU and memory limits. You can read about their comprehensive list of options at https://www.man7.org/linux/man-pages/man7/cgroups.7.html

Using this feature enables you to have more granular control over the system resources that your container is using. In an unfortunate event where a container is compromised, preventing it from over-consuming system resources is a useful mechanism to limit the damage until you can remediate the problem.

Having looked at how Docker Engine and containerd use best practices from Linux...