My Notes from the book “O`Reilly — Docker Up & Running”

These are my personal notes from the book “O`Reilly — Docker Up & Running”. They are not organised, neither do they present a concise understanding on the topic, so I suggest the reader to consider them as the highlights of the book and do their own research. These are just some of the pointers which I found interesting.

— Docker has the OCI layer — Open Container Initiative

— Docker uses the containers over a bridge, where all the containers can talk to themselves

— Reduction of Docker image size :

1. All lines in Dockerfile below a changed line will be re-compiled
2. All layers are additive in nature, using && command before saving a layer(to remove caches) in a single Dockerline
3. Multi-stage(Build-kit) to remove build tools, like npm. Once the binary is generated, copy the binary and remove space taken by the build tool.
4. Use mount type as caching, so that even inside requirements.txt, the dependencies are not generated again

— Docker logging should be done as non-blocking, with backpressure not enabled, so that logs are not hindering the application. Sending logs over UDP is better but not secure.

— Security considerations in Docker

1. Cgroups are used for resource limiting
2. Namespaces isolate process resources from one another
3. Rootless containers…