Atjaunināt sīkdatņu piekrišanu

Podman in Action [Mīkstie vāki]

4.38/5 (57 ratings by Goodreads)
  • Formāts: Paperback / softback, 310 pages, height x width x depth: 235x188x16 mm, weight: 540 g
  • Izdošanas datums: 26-Jan-2023
  • Izdevniecība: Manning Publications
  • ISBN-10: 1633439682
  • ISBN-13: 9781633439689
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 62,51 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Podman in ActionPalielināt
  • Formāts: Paperback / softback, 310 pages, height x width x depth: 235x188x16 mm, weight: 540 g
  • Izdošanas datums: 26-Jan-2023
  • Izdevniecība: Manning Publications
  • ISBN-10: 1633439682
  • ISBN-13: 9781633439689
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781633439689.html
Keywords:
Discover Podman, a next-generation container engine that manages containers rootlessly and provides extra layers of exceptional security unavailable in Docker and other container platforms.

In   Podman in Action  you will learn how to:





Build and run containers in rootless mode Develop and manage pods Use SystemD to oversee a container's lifecycle Work with the Podman service via Python Keep your containers confined using Podman security features Manage containerized applications on edge devices



Podman in Action  shows you how to deploy containerized applications on Linux, Windows, and MacOS systems using Podman. Written by Daniel Walsh, who leads the Red Hat Podman team, this book teaches you how to securely manage the entire application lifecycle without human intervention. It also demonstrates how, with Podman, you can easily convert containerized applications into Kubernetes-based microservices. about the technology Podman is a daemonless container engine that lets you build and run containers on all Linux distributions, Windows, and MacOS. It supports the fork exec model for running containers, which allows for better integration with a system and makes it easier to run rootless. It also boasts unique advanced features, such as the ability to create and run Pods that are similar to Kubernetes, and execute Kubernetes YAML. And if you're not ready to completely move on from Docker, Podman can run as a service and support the Docker API in a way that works with docker-compose and docker-py. about the reader For developers or system administrators experienced with Linux and the basics of Docker.
Preface xi
Acknowledgments xii
About this book xiii
About the author xvi
About the Cover Illustration xvii
Part 1 Foundations
1(86)
1 Podman: A next-generation container engine
3(24)
1.1 About all these terms
4(3)
1.2 A brief overview of containers
7(8)
Container images: A new way to ship software
9(2)
Container images lead to microservices
11(2)
Container image format
13(1)
Container standards
14(1)
1.3 Why use Podman when you have Docker?
15(11)
Why have only one way to run containers?
15(1)
Rootless containers
16(1)
Fork/exec model
17(2)
Podman is daemonless
19(1)
User-friendly command line
19(2)
Support for REST API
21(1)
Integration with systemd
21(1)
Pods
22(1)
Customizable registries
23(2)
Multiple transports
25(1)
Complete customizability
25(1)
User-namespace support
26(1)
1.4 When not to use Podman
26(1)
2 Command line
27(40)
2.1 Working with containers
28(13)
Exploring containers
28(2)
Running the containerized application
30(4)
Stopping containers
34(1)
Starting containers
35(1)
Listing containers
36(1)
Inspecting containers
36(1)
Removing containers
37(1)
Exec-inginto a container
38(1)
Creating an image from a container
39(2)
2.2 Working with container images
41(19)
Differences between a container and an image
42(2)
Listing images
44(1)
Inspecting images
45(1)
Pushing images
46(2)
Podman login: Logging into a container registry
48(2)
Tagging images
50(3)
Removing images
53(2)
Pulling images
55(3)
Searching for images
58(1)
Mounting images
59(1)
2.3 Building images
60(7)
Format of a Containerfile or Dockerfile
61(3)
Automating the building of our application
64(3)
3 Volumes
67(9)
3.1 Using volumes with containers
68(8)
Named volumes
70(2)
Volume mount options
72(3)
Podman Run Mount Command Option
75(1)
4 Pods
76(11)
4.1 Running pods
76(3)
4.2 Creating a pod
79(1)
4.3 Adding a container to a pod
80(2)
4.4 Starting a pod
82(1)
4.5 Stopping a pod
83(1)
4.6 Listing pods
84(1)
4.7 Removing pods
84(3)
PART 2 Design
87(38)
5 Customization and configuration files
89(17)
5.1 Configuration files for storage
91(1)
Storage location
91(3)
Storage drivers
94(2)
5.2 Configuration files for registries 96registries, conf
96(10)
5.3 Configuration files for engines
100(4)
5.4 System configuration files
104(2)
6 Rootless containers
106(19)
6.1 How does rootless Podman work?
109(1)
Images contain content owned by multiple user identifiers (UIDs)
110(8)
6.2 Rootless Podman under the covers
118(1)
Pulling the image
119(1)
Creating a container
120(1)
Setting up the network
120(1)
Starting the container monitor: conmon
121(1)
Launching the OCI runtime
121(3)
The containerized application runs until completion
124(1)
PART 3 Advanced topics
125(62)
7 Integration with systemd
127(24)
7.1 Running systemd within a container
128(6)
Containerized systemd requirements
131(1)
Podman container in systemd mode
131(1)
Running an Apache service within a systemd container
132(2)
7.2 Journald for logging and events
134(3)
Log driver
135(1)
Events
136(1)
7.3 Starting containers at boot
137(8)
Restarting containers
137(1)
Podman containers as systemd services
138(3)
Distributing systemd unit files to manage Podman containers
141(1)
Automatically updating Podman containers
142(3)
7.4 Running containers in notify unit files
145(2)
7.5 Rolling back failed containers after update
147(1)
7.6 Socket-activated Podman containers
147(4)
8 Working with Kubernetes
151(15)
8.1 Kubernetes YAML files
153(1)
8.2 Generating Kubernetes YAML files with Podman
153(4)
8.3 Generating Podman pods and containers from Kubernetes YAML
157(5)
Shutting down pods and containers based on a Kubernetes YAML file
158(1)
Building images using Podman and Kubernetes YAML files
159(3)
8.4 Running Podman within a container
162(4)
Running Podman within a Podman container
163(1)
Running Podman within a Kubernetes pod
164(2)
9 Podman as a service
166(21)
9.1 Introducing the Podman service
167(4)
Systemd services
168(3)
9.2 Podman-supported APIs
171(2)
9.3 Python libraries for interacting with Podman
173(4)
Using docker-py with the Podman API
174(1)
Using podman-py with the Podman API
175(1)
Which Python library should you use?
176(1)
9.4 Using docker-compose with the Podman service
177(3)
9.5 Podman Remote Local Connections
180(7)
Remote connections
182(2)
Setting up SSH on the client machine
184(1)
Configuring a connection
185(2)
PART 4 Container security
187(45)
10 Security container isolation
189(27)
10.1 Read-only Linux kernel pseudo filesystems
191(3)
Unmasking the masked paths
192(1)
Masking additional paths
193(1)
10.2 Linux capabilities
194(4)
Dropped Linux capabilities
195(1)
Dropped CAP SYS ADMIN
196(1)
Dropping capabilities
197(1)
Adding capabilities
197(1)
No new privileges
198(1)
Root with no capabilities is still dangerous
198(1)
10.3 UID isolation: User namespace
198(6)
Isolating containers using the --userns=auto flag
199(2)
User-namespaced Linux capabilities
201(1)
Rootless Podman with the --userns=auto flag
202(1)
User volumes with the --usems=auto flag
202(2)
10.4 Process isolation: PID namespace
204(1)
10.5 Network isolation: Network namespace
205(1)
10.6 IPC isolation: IPC namespace
206(1)
10.7 Filesystem isolation: Mount namespace
206(1)
10.8 Filesystem isolation: SELinux
207(6)
SELinux type enforcement
207(4)
SELinux Multi-Category Security separation
211(2)
10.9 System call isolation seccomp
213(1)
10.10 Virtual machine isolation
214(2)
11 Additional security considerations
216(16)
11.1 Daemon versus the fork/exec model
217(3)
Access to the docker.sock
217(1)
Auditing and logging
218(2)
11.2 Podman secret handling
220(1)
11.3 Podman image trust
221(7)
Podman image signing
224(4)
11.4 Podman image scanning
228(1)
Read-only containers
229(1)
11.5 Security in depth
229(3)
Podman uses all security mechanisms simultaneously
230(1)
Where should you run your containers?
230(2)
Appendix A Podman-related container tools 232(14)
Appendix B OCI runtimes 246(8)
Appendix C Getting Podman 254(5)
Appendix D Contributing to Podman 259(3)
Appendix E Podman on macOS 262(7)
Appendix F Podman on Windows 269(12)
Index 281
Daniel Walsh  leads the team that created Podman, Buildah, Skopeo, CRI-O and friends. Dan is a senior distinguished engineer at Red Hat, which he joined in 2001, and he has worked in the computer security field for over 40 years. He is sometimes referred to as Mr SELinux, after leading the development of SELinux at Red Hat prior to leading the container team.