Docker (Glossary, Certification helps, Ecosystem)

An index to tutorials, support sites, rock stars, and Docker Captains

                       

Overview

• Docker glossary:
• Docker support websites
• Docker Certified Associate (DCA) exam
  • Sample tests
• Swarm Mode
• Enterprise features
• Resources
  • Labs
  • Articles
  • Pluralsight video courses
  • Other videos
  • YouTube videos
• Moby Project
• References
• More on DevOps

This is the first of several articles about Docker:

• Docker glossary, ecosystem, certification
• Docker setup

• How to Dockerize apps

• Docker in CI-CD pipeline automated

• Docker is managed by Kubernetes
• Docker is fundamental to Istio Service Mesh

• Docker is monitored by Prometheus

• Windows on Apple macOS

---

Docker glossary:

• image: a read-only template with instructions for creating a Docker container

• container: a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI

• volume: persists data generated by and used by Docker containers

• dangling: unused image or volume

• network: connects Docker containers and services

• node: an individual Docker Engine instance in a Swarm

Three Linux Kernel technologies enable Docker:

• Namespaces isolate resources from each other: processes, network interfaces, IPC (InterProcess Communication), disk mount points, UTS (Unix Timesharing System), etc. Namespaces were first introduced in 1973 when syscall chroot() was added to UNIX*. “change root” made it such that a program running in the chroot environment has its own root catalog of folders (bin, sys, lib, etc.).

• Control groups control resources consumed by each process group by prioritizing, measuring usage, and freezing groups of processes.

• Union File System begins with a base image of (overlays) branches (layers) of file changes merged. Branches can be read-only or read-write.

Docker support websites

There is no subsitute for reading through Docker’s documentation at https://docs.docker.com

• https://forums.docker.com

• Register at http://dockr.ly/community for the Docker community” Slack channel at https://blog.docker.com/2016/11/introducing-docker-community-directory-docker-community-slack/

• https://stackoverflow.com/questions/tagged/docker

• Logan Rakai’s Docker in Depth 8-hour video Learning Path was developed with Docker, Inc. concludes with a sample exam of 30 questions in 50 minutes.

  • Placement preferences

Docker Certified Associate (DCA) exam

The real (remote) exam is to answer 60% of 55 English multiple-choice questions in 90 minutes.

PROTIP: Take sample exams for a humbling experience, so you get an accurate sense of how prepared you really are.

PROTIP: Take sample exams several times until you answer all questions for a 100% score. This is not a waste of time because most questions people get wrong are due to misreading rather than lack of knowledge. So you retrain your “muscle memory” like learning to type some words you always type incorrectly.

It costs $195 to Examity for a two year badge. Phone Support: 855-392-6489.

The official Study Guide at https://success.docker.com/certification provides two dimensions of content: domains and skills:

Domains listed here have links to https://github.com/DevOps-Academy-Org/dca-prep-guide from DevOpsAcademy.org lists for each domain resources from various sources.

1. 25% Orchestration (swarm mode, cluster, replicas, mount volumes)
2. 20% Image Creation, Management, and Registry
3. 15% Installation and Configuration
4. 15% Networking
5. 15% Security (EE signing, RBA, Mutual TLS, UCP, DTR)
6. 10% Storage and Volumes
   
   

PROTIP: Topics within each domain are not arranged in order of learning (such as Installation first, etc.) and thus not numbered.

Skills listed in the certification study guide:

• Run​​ containerized​​ applications​​ from​​ pre-existing​​ images​​ stored​​ in​​ a​​ centralized​​ registry
• ​​​​​​​​​​​​Deploy​​ images ​​across​ ​the ​​cluster
• ​​​​​​​​​​​Install,​​ maintain,​​ and​​ operate​ ​the ​​Docker ​​platform
• Triage​ ​issue​​ reports​​ from​​ stakeholders​ ​and​ ​resolve
• Standup​ ​new​ ​Docker​ ​environments​ and ​​perform​​ general​ ​maintenance​ ​and​ ​configuration
• Migrate​ ​traditional​ ​applications​ ​to​ ​containers
• ​​​​​​Configure​​ and​ ​troubleshoot​​ Docker​​ engine
  
  

Links to Docker documentation for each Domain topic (in 2018) is in one file Docker Certified Associate Exam Preparation Guide from Evgeny Shmarnev, the Containers Guy in Prague.

Sample tests

Some questions are also in the Study Guide on Docker’s certification PDF from September 2017.

PROTIP: Write down your answer, then check how you did at the bottom of the page.

A free 15-question sample test is also available from Whizlabs which provides training by south Indians. They also off two paid full-length 55-question sample tests.

Swarm Mode

Many use Docker with Kubernetes rather than Docker’s own Swarm. But it’s Docker’s exam, so there are questions about Swarm Mode.

Docker Enterprise nodes can be run by both Kubernetes and Docker Swarm in parallel.

Docker EE signs and scans Kubernetes apps as part of policies auto promoting apps.

Enterprise features

https://docs.docker.com/ee/

PROTIP: Most tutorials don’t cover Enterprise features Docker’s licensed Enterprise Edition (EE) documented at https://docs.docker.com/ee. Nevertheless, the DCA exam includes questions about additional enterprise features for businesses wanting a secure and supported container platform for their datacenter:

• Vulnerability scans

• Notary

• Version Packs in Desktop Enterprise to keep the client in sync (v 3.0 vs. 2.1)

• >docker app packaging command to install clients in swarm or kubernetes according to the vendor-neutral “Cloud Native Application Bundle” (CNAB) spec at https://github.com/deislabs/cnab-spec

• docker cluster command to create, ls, backup, restore clusters as code on AWS, Azure, and VSphere
• Docker Kubernetes Service support of all Docker Enterprise features such as
  docker stack deploy
• docker context enable a single Docker CLI to switch among multiple contexts of Swarm clusters, Kubernetes clusters, and individual Docker nodes.
• docker template
• docker buildx CLI plugin extends the docker command with features in the Moby BuildKit builder toolkit, such as creating scoped builder instances and building against multiple nodes concurrently.
• docker assemble (experimental) to build without Dockerfileby detecting Spring Boot and ASP.NET Core.
  
  

Docker Enterprise hosted trials at trial.docker.com last only 12 hours. https://trial.docker.com/demo has these menu itmes:

• Admin Console is a command-line terminal to the cluster. In it, directly run commands to deploy and manage applications. Run docker info to check the status of the cluster.

• Universal Control Plane (UCP) is a web interface to deploy and monitor applications across machines (as a cluster). See https://docs.docker.com/ucp

  

• Docker Trusted Registry (DTR) is a more secure DockerHub to host vetted Docker images, adding reports about scans for vulnerabilities. See https://www.docker.com/products/docker-trusted-registry.

  Examples to pull down an image from it:

  docker pull my-registry.net:5000/activemq
  docker pull 06c482d5-2c1a-48c2-a28c-6f3e53f3dde5.dtr.dockertrial.com/example/tomcat
   

  DTR holds digital signatures of apps by specific team members with Docker Content Trust policy enforcement. See https://docs.docker.com/registry.

  DTR was an early adopter of the TUF (“The Update Framework”) specification TAPS:

  TAP 3: Multi Role Delegations uses multiple keys and require a threshold quorum for action to minimize compromise. Roles are specific:

  TAP 4: Multiple Repository Consensus on entrusted targets

  TAP 6: Include specification version in metadata

  TAP 9: Mandatory Metadata signing schemes

  TAP 10: Remove native support for compressed metadata

  “compromise-resilience” which limits the impact of attacks and provide a mechanism for recovery even if the software repository becomes compromised.

  open-sourced by the Linux Foundation.

Resources

This article was assembled based on several sources.

https://docs.docker.com/get-started is the starting point.

https://www.bretfisher.com/docker-certified-associate/ Brett Fisher who wrote Docker Mastery

https://brianchristner.io/journey-to-docker-certified-associate/

https://medium.com/@manju712/docker-certified-associate-certification-dca-prepwork-tips-6a29db60155c

Labs

Google’s Intro to Docker Qwiklab include 40 minutes of FREE cloud instance time after you click “Start Lab”. And you get a certificate for your resume.

Articles

http://jdlm.info/articles/2016/03/06/lessons-building-node-app-docker.html March 6, 2016 by Dr John Lees-Miller (@jdleesmiller)

http://jdlm.info/ds-docker-demo

https://github.com/jdleesmiller/ds-docker-demo

• Docker is not designed for SSH to “get inside” a running image. You don’t need SSH to restart the process, tweak configurations, debug with gdb, strace, etc.

Pluralsight video courses

https://www.pluralsight.com/courses/docker-deep-dive-update Jan 4, 2018 [4h 40m]

Pluralsight’s Container Management using Docker skill path of video tutorials by Nigel Poulton (@NigelPoulton) excitedly catching his breath.

1. Docker and Containers: The Big Picture Dec 22, 2015 / 1h 47m

2. Docker Deep Dive Jan 28, 2015 / 5h 38m 2s

3. Docker Swarm: Native Docker Clustering Mar 30, 2016 / 2h 22m 28s

4. Integrating Docker with DevOps Automated Workflows Sept 21, 2015 / 1h 1m 50s

Dan Wahlin

• Docker for Web Developers 28 Mar 2016 / 5h 19m

• Play by Play: Docker for Web Developers (conversation between) John Papa and Dan Wahlin (talking about Docker Toolbox) 12 Jul 2016 / 1h 34m

Other videos

BoltOps has a Docker Essentials (subscription) by Tung Nguyen, creator of Terraspace.

https://www.udemy.com/docker-certified-associate/ by Zeal Vora 6/2019 11.5 hours

http://amzn.in/d/8sr9WH3 book Docker Deep Dive book

Lynda (LinkedIn Learning) offers a 7-hour video course by David Davies (an American).

YouTube videos

1. Videos from HashiCorp DockerCon 2019

2. Continuous Delivery with Jenkins Workflow and Docker Explained by Cloudbees at DevOpsTV channel

3. Continuous Integration Using Docker by DevOpsTV

4. Moving from Jenkins to Docker for build pipelines from Matt Bostock

5. Continuous Delivery Pipeline with Docker and Jenkins Javaforum Göteborg

6. Introduction to Docker by Twitter University 47:14

7. Jenkins 2 and Beyond DevOpsTV

8. Jenkins 2.0. What? When? What is in it for me? on Praqma Channel

9. how-to-provision-and-manage-remote-docker-hosts-with-docker-machine-on-centos-7

10. Docker First Impressions on Ubuntu

Stefan Scherer (stefanscherer.github.io in Erlangen, Germany):

• https://github.com/StefanScherer/windows-docker-machine

• https://github.com/StefanScherer/packer-windows

• https://github.com/StefanScherer/dockerfiles-windows You can do this on Windows as well today with the Windows 10 1607 or Windows Server 2016 using Windows Containers.

Lightweight Docker Images in 5 Steps · 13 Dec 2016 · Semaphore Engineering Blog by Igor Šarčević

Bret Fisher (bretfisher.com) started a “Docker and DevOps” specific YouTube channel Nov 29, 2018 and since added weekly videos of his live chats.

https://github.com/sergiotocalini/zapgix

New in 2022 is Adrian Cantrill’s thorough and visual treatment for AWS, is now applied to Docker and Kubernetes training. https://github.com/acantril/docker-fundamentals

Moby Project

https://mobyproject.org includes all of Docker’s open-source efforts under one umbrella repo project.

https://blog.mobyproject.org/

References

Raju Gandhi https://learning.oreilly.com/live-events/-/0636920067968/0636920083663/ https://github.com/looselytyped/docker-compose-workshop

VIDEO: AZ-104 Microsoft Azure Administrator Exam Prep by T.

---

More on DevOps

This is one of a series on DevOps:

1. DevOps_2.0
2. ci-cd (Continuous Integration and Continuous Delivery)
3. User Stories for DevOps

4. Enterprise Software)

5. Git and GitHub vs File Archival
6. Git Commands and Statuses
7. Git Commit, Tag, Push
8. Git Utilities
9. Data Security GitHub
10. GitHub API

11. TFS vs. GitHub

12. Choices for DevOps Technologies
13. Pulumi Infrastructure as Code (IaC)
14. Java DevOps Workflow

15. Okta for SSO & MFA

16. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
17. AWS server deployment options

18. AWS Load Balancers

19. Cloud services comparisons (across vendors)
20. Cloud regions (across vendors)

21. AWS Virtual Private Cloud

22. Azure Cloud Onramp (Subscriptions, Portal GUI, CLI)
23. Azure Certifications

24. Azure Cloud

25. Azure Cloud Powershell
26. Bash Windows using Microsoft’s WSL (Windows Subsystem for Linux)

27. Azure KSQL (Kusto Query Language) for Azure Monitor, etc.

28. Azure Networking
29. Azure Storage
30. Azure Compute

31. Azure Monitoring

32. Digital Ocean

33. Cloud Foundry

34. Packer automation to build Vagrant images
35. Terraform multi-cloud provisioning automation

36. Hashicorp Vault and Consul to generate and hold secrets

37. Powershell Ecosystem
38. Powershell on MacOS

39. Powershell Desired System Configuration

40. Jenkins Server Setup
41. Jenkins Plug-ins
42. Jenkins Freestyle jobs

43. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

44. Docker (Glossary, Ecosystem, Certification)
45. Make Makefile for Docker
46. Docker Setup and run Bash shell script
47. Bash coding
48. Docker Setup
49. Dockerize apps

50. Docker Registry

51. Maven on MacOSX

52. Ansible
53. Kubernetes Operators

54. OPA (Open Policy Agent) in Rego language

55. MySQL Setup

56. Threat Modeling

57. SonarQube & SonarSource static code scan

58. API Management Microsoft

59. API Management Amazon

60. Scenarios for load
61. Chaos Engineering

---