Docker

Up & Running: Shipping Reliable Containers in Production

by Karl Matthias • 2015 • 232 pages

3.77

458 ratings

Programming Technology Computer Science

Send EPUB to your Kindle

Chapters summary Summary FAQ Reviews

Key Takeaways

1. Docker revolutionizes application deployment and scaling

Docker sits right in the middle of some of the most enabling technologies of the last decade.

Simplified deployment. Docker allows developers to package applications with all their dependencies into standardized units called containers. This approach dramatically simplifies the deployment process, ensuring consistency across different environments.

Improved scalability. By abstracting away the underlying infrastructure, Docker enables applications to be easily scaled horizontally. Containers can be quickly spun up or down based on demand, allowing for more efficient resource utilization.

DevOps enablement. Docker bridges the gap between development and operations teams by providing a common language and toolset. This facilitates better collaboration and smoother workflows throughout the application lifecycle.

2. Containers offer lightweight, portable, and efficient virtualization

Containers are a fundamentally different approach where all containers share a single kernel and isolation is implemented entirely within that single kernel.

Resource efficiency. Containers share the host system's kernel, making them significantly lighter than traditional virtual machines. This allows for higher density of applications on a single host and faster startup times.

Portability. Docker containers encapsulate the application and its dependencies, ensuring consistent behavior across different environments. This "build once, run anywhere" approach simplifies development and deployment workflows.

Isolation. While not providing the same level of isolation as virtual machines, containers offer sufficient separation for most use cases. They utilize Linux kernel features like namespaces and cgroups to create isolated environments for applications.

3. Docker architecture: client, server, and registry

Docker consists of at least two parts: the client and the server/daemon (see Figure 2-3). Optionally there is a third component called the registry, which stores Docker images and metadata about those images.

Client-server model. Docker uses a client-server architecture where the Docker client communicates with the Docker daemon, which handles building, running, and distributing containers.

Docker registry. The registry is a centralized repository for storing and distributing Docker images. Docker Hub is the public registry maintained by Docker, but organizations can also set up private registries.

Components interaction:

Docker client: Sends commands to the Docker daemon
Docker daemon: Manages Docker objects (images, containers, networks, volumes)
Docker registry: Stores Docker images

4. Building and managing Docker images and containers

Containers are normally designed to be disposable, you may still find that standard testing is not always sufficient to avoid all problems and that you will want some tools for debugging running containers.

Image creation. Docker images are built using Dockerfiles, which contain a series of instructions for creating the image. Each instruction creates a new layer, allowing for efficient storage and transfer of images.

Container lifecycle:

Create: docker create
Start: docker start
Run: docker run (combines create and start)
Stop: docker stop
Remove: docker rm

Debugging tools:

docker logs: View container logs
docker exec: Run commands inside a running container
docker inspect: Get detailed information about Docker objects

5. Networking and storage in Docker environments

Docker allocates the private subnet from an unused RFC 1918 private subnet block. It detects which network blocks are unused on startup and allocates one to the virtual network.

Networking models:

Bridge: Default network driver, creating a private network for containers
Host: Removes network isolation, using the host's network directly
Overlay: Enables communication between containers across multiple Docker hosts
Macvlan: Assigns a MAC address to a container, making it appear as a physical device on the network

Storage options:

Volumes: Preferred mechanism for persistent data, managed by Docker
Bind mounts: Map a host file or directory to a container
tmpfs mounts: Store data temporarily in the host's memory

6. Debugging and monitoring Docker containers

There are times when you really just want to stop our container as described above. But there are a number of times when we just don't want our container to do anything for a while.

Debugging techniques:

docker logs: View container output
docker exec: Run commands inside a running container
docker inspect: Get detailed information about containers
docker stats: Monitor container resource usage in real-time

Monitoring tools:

cAdvisor: Provides resource usage and performance data
Prometheus: Collect and store metrics from containers
Grafana: Visualize container metrics and create dashboards

7. Scaling Docker with orchestration tools

Probably the first publicly available tool in this arena is Fleet from CoreOS, which works with systemd on the hosts to act as a distributed init system.

Orchestration platforms:

Docker Swarm: Native clustering for Docker
Kubernetes: Open-source container orchestration platform
Apache Mesos: Distributed systems kernel that can run Docker containers

Key features:

Service discovery
Load balancing
Scaling
Rolling updates
Self-healing

8. Security considerations for Docker deployments

Because it's a daemon that runs with privilege, and because it has direct control of your applications, it's probably not a good idea to expose Docker directly on the Internet.

Security best practices:

Run containers as non-root users
Use minimal base images to reduce attack surface
Implement network segmentation
Regularly update and patch Docker and container images
Use Docker Content Trust for image signing and verification

Security tools:

AppArmor/SELinux: Mandatory access control systems
Docker Bench Security: Automated security assessment tool
Clair: Open-source vulnerability scanner for containers

9. Designing a production-ready Docker platform

If, instead of simply deploying Docker into your environment, you take the time to build a well-designed container platform on top of Docker, you can enjoy the many benefits of a Docker-based workflow while protecting yourself from some of the sharper exposed edges that typically exist in such a high-velocity project.

Key considerations:

High availability and fault tolerance
Scalability and performance
Monitoring and logging
Backup and disaster recovery
Continuous integration and deployment (CI/CD)

Best practices:

Use orchestration tools for managing large-scale deployments
Implement proper logging and monitoring solutions
Develop a robust CI/CD pipeline for container builds and deployments
Regularly test and update your Docker infrastructure

10. The Twelve-Factor App methodology for containerized applications

Although not required, applications built with these 12 steps in mind are ideal candidates for the Docker workflow.

Key principles:

Codebase: One codebase tracked in revision control, many deploys
Dependencies: Explicitly declare and isolate dependencies
Config: Store config in the environment
Backing services: Treat backing services as attached resources
Build, release, run: Strictly separate build and run stages
Processes: Execute the app as one or more stateless processes
Port binding: Export services via port binding
Concurrency: Scale out via the process model
Disposability: Maximize robustness with fast startup and graceful shutdown
Dev/prod parity: Keep development, staging, and production as similar as possible
Logs: Treat logs as event streams
Admin processes: Run admin/management tasks as one-off processes

Benefits for Docker applications:

Improved scalability and maintainability
Easier deployment and operations
Better alignment with cloud-native architectures

Last updated: May 10, 2025

Report Issue

FAQ

What’s "Docker: Up & Running" by Karl Matthias about?

Comprehensive Docker introduction: The book offers a thorough overview of Docker and Linux containers, explaining what Docker is, how it works, and its role in modern software delivery.
Production-focused guidance: It walks readers from installation to deploying and managing containers at scale, emphasizing production readiness, orchestration, and security.
Practical experience shared: The authors draw on real-world experience running Docker in production at New Relic, providing actionable advice and lessons learned.
Audience and approach: Targeted at developers, operations engineers, and architects, the book balances technical depth with practical workflow improvements and organizational benefits.

Why should I read "Docker: Up & Running" by Karl Matthias?

Real-world expertise: The authors share insights from building and operating Docker platforms in production, going beyond official documentation to address practical challenges.
Covers full Docker lifecycle: Readers learn about installation, image building, container management, deployment, scaling, and advanced topics, gaining a holistic understanding of Docker.
Actionable best practices: The book helps readers avoid common pitfalls, improve workflows, and leverage Docker’s strengths for faster, more reliable software delivery.
Advanced topics included: It explores orchestration, security, and platform design, making it valuable for both beginners and experienced users.

What are the key takeaways from "Docker: Up & Running" by Karl Matthias?

Docker’s transformative impact: Docker standardizes application packaging and deployment, reducing complexity and improving collaboration between development and operations.
Production readiness is essential: The book emphasizes best practices for deploying, securing, and managing containers in real-world environments.
Workflow improvements: Readers learn how Docker streamlines development, testing, and deployment pipelines, supporting modern DevOps practices.
Scalability and resilience: The book covers orchestration tools and design principles for building scalable, maintainable, and secure container platforms.

What are the main concepts and benefits of Docker explained in "Docker: Up & Running"?

Containers vs. virtual machines: Docker containers are lightweight, sharing the host OS kernel, which makes them faster and more resource-efficient than traditional VMs.
Immutable infrastructure: Docker encourages stateless, throwaway containers, reducing configuration drift and deployment errors.
Portability and consistency: Docker images bundle applications and dependencies, ensuring consistent environments across development, testing, and production.
Simplified workflows: Standardized containers reduce “works on my machine” issues and streamline deployment pipelines.

How does "Docker: Up & Running" by Karl Matthias explain Docker’s architecture and core components?

Client-server model: Docker consists of a client and a server (daemon), with the client sending commands to the daemon to manage containers.
Docker registry: Registries (public or private) store Docker images and metadata, enabling image distribution and sharing.
Networking and storage: Docker uses Linux kernel features like namespaces, cgroups, and virtual networking to isolate containers and manage resources.
Layered filesystems: Storage backends like AUFS and overlayfs enable efficient image layering and management.

How are Docker images built and managed according to "Docker: Up & Running"?

Layered image construction: Docker images are built from stacked filesystem layers, each representing a build step, enabling efficient reuse and caching.
Dockerfile usage: Images are defined using Dockerfiles, specifying base images, commands, file additions, environment variables, and default commands.
Building and tagging: The docker build command creates images, which are tagged for versioning and stored in registries for sharing and deployment.
Efficient updates: Only changed layers need to be rebuilt or transferred, optimizing build and deployment times.

How do Docker containers work and what are their key features in "Docker: Up & Running"?

Isolated processes: Containers are lightweight wrappers around processes, isolated via namespaces and cgroups but sharing the host kernel.
Ephemeral by design: Containers can be quickly created, started, stopped, paused, and destroyed, supporting rapid scaling and updates.
Configurable resources: Containers can be assigned names, labels, resource limits, and mounted volumes for persistent storage.
Stateless best practice: The book recommends designing containers to be stateless, with persistent data externalized for scalability and reliability.

What is the recommended Docker workflow in "Docker: Up & Running" by Karl Matthias?

Revision control and image building: Start with a single codebase in version control and build Docker images that encapsulate all dependencies.
Testing and packaging: Test the exact image that will run in production, using tools like Docker Compose for external dependencies.
Deployment and scaling: Deploy images consistently across servers, progressing from manual commands to orchestration tools as scale increases.
Automation integration: The workflow integrates with CI systems, automating builds, tests, and deployments for efficiency and reliability.

How does "Docker: Up & Running" by Karl Matthias address deploying and orchestrating containers in production?

Shipping container metaphor: Docker containers provide a standardized interface, simplifying deployment and reducing errors.
Deployment progression: Teams evolve from local builds to orchestrated, multi-server deployments, improving process fluidity and reliability.
Orchestration tools: The book covers tools like Swarm, Centurion, Helios, Kubernetes, and Mesos for managing container fleets and scaling applications.
Start simple, scale up: It advises beginning with basic tools and moving to more complex orchestration as organizational needs grow.

What are the best practices for testing and debugging Docker containers in "Docker: Up & Running"?

Test production images: Always test the exact image intended for production, using environment variables or arguments to switch behavior for testing.
Automate testing: Integrate builds and tests with CI systems, running test suites inside containers and tagging successful builds for deployment.
Debugging tools: Use docker top, ps, strace, and lsof to inspect container processes, and docker diff for filesystem changes.
Network and log inspection: Understand Docker’s network namespaces and proxy, and use logging drivers and external aggregation tools for monitoring.

How does "Docker: Up & Running" by Karl Matthias address Docker security and isolation?

Kernel sharing risks: Containers share the host kernel, so isolation is weaker than with VMs; root inside a container is root on the host.
Least privilege principle: Run containers as non-root users and avoid using --privileged unless absolutely necessary.
Selective capabilities: Add only required kernel capabilities to containers, minimizing potential attack surfaces.
Mandatory Access Control: Use SELinux or AppArmor profiles to enforce security policies and restrict container access to sensitive host resources.

What application and platform design principles does "Docker: Up & Running" by Karl Matthias recommend?

Twelve-Factor App alignment: Emphasizes single codebase, explicit dependencies, environment-based configuration, stateless processes, and attached backing services for portability and scalability.
Reactive Manifesto principles: Encourages building applications that are responsive, resilient, elastic, and message-driven, leveraging Docker’s dynamic container model.
Production platform design: Recommends fast startup/shutdown, concurrency, logging to stdout, and one-off admin tasks for robust container platforms.
Development/production parity: Stresses minimizing environment divergence to reduce risk and ensure reliable deployments.