DevOps Tools Introduction #08: Container Infrastructure
While Docker and Kubernetes make it easy to start and manage containers, there must still be a base system hosting the containers. These systems form the infrastructure on which containers run and are covered by objective 702.3 of the DevOps Tools Engineer exam.
Docker provides Docker Machine which supports setting up Docker hosts on a local machine as well as in the the cloud. The Docker Machine overview describes these features in greater detail. Installing Docker Machine is pretty easy. Do your first experiments by setting up Docker hosts on your local computer and in the cloud.
Once you are familiar with the basics, review the concepts of Docker Machine. To learn more Docker Machine commands, consult the command-line reference. The Machine driver page provides additional information on hypervisors and cloud platforms supported by Docker Machine.
While Docker Machine makes it easy to set up Docker hosts, LPI ask you to know more about the components which form a container. While you’ve already configured all these aspects within a container, it’s time to learn what Docker does behind the scenes. Consult the documentation on Docker network concepts, Swarm networking, including overlay networks and do a refresh on the Docker commands for network management. Likewise, take a look at Docker’s storage concepts, details on volumes, bind mounts, the storage driver overview and at the details on how images, containers and volumes relate to each other.
When expanding a Docker setup beyond a single node, shared volumes and shared networks become an important topic. LPI asks you to ‘be aware’ of these topics which basically means that you should know that these projects exist and what their purposes are. The GitHub pages of Flocker and Flannel do a great job in providing this information. Similar, LPI asks you to understand the features of CoreOS Container Linux, rkt and etcd.
In a dynamic environment such as most containerized microservice applications, services need to find each other. This is where service discovery comes into play. LPI expects you to understand the concept of service discovery. Sreenivas Makam’ blog on service discovery using Consul is an interesting read with illustrative examples. Focus on the concepts, not on Consul, which is not mentioned in the DevOps Tools Engineer objectives.
Finally, objective 702.3 mentions security, which is a huge and important topic. Docker provides a technical overview of the details on how it isolates and secures containers. At a higher level, Daniel Oh’s article, 10 layers of Linux container security, is a comprehensive overview of major container threats and ways to mitigate their impact. Jack Wallen’s article, 5 tips for securing your Docker containers, as well as Adrian Mouat’s article, Assessing the Current State of Container Security, add additional perspectives. Finally, Chris Tozzi wrote a blog entitled The Ultimate Guide to Container Security which comes with a lot of practical advice.
Objective 702.3 is the last container specific topic on the LPI DevOps Tools Engineer exam. Next week, we’ll leave the container and start focussing on virtual machines and their deployment.