Docker offers a lot of advantages, simplifying both development and production environments, but there is still uncertainty around the security of containers. This page gathers resources about the Docker Security model,its limitations, and how to maximize Docker's security.
Table of Contents:
Below we have compiled publicly available sources from around the world that present views on Docker Security Basics.
Kubernetes Security Operating Kubernetes Clusters and Applications Safely
This article presents a list of best practices. Many of them are not unique to containers, but if they are “baked” into the devops process, they will have a much greater impact on the security posture of containerized applications than if they are “bolted” on after the fact.
Docker Security Basics — Docker offers a lot of advantages, simplifying both development and production environments, but there is still uncertainty around the security of containers. This page gathers resources about the Docker Security model, its limitations, and how to maximize Docker's security.
Docker Repository Security and Certificates — Docker runs via a non-networked Unix socket and TLS must be enabled in order to have the Docker client and the daemon communicate securely over HTTPS. This page gathers resources about how to ensure the traffic between the Docker registry and the Docker daemon is encrypted and a properly authenticated using certificate-based client-server authentication.
Docker Trusted Image Registry — Docker Trusted Registry (DTR) is the enterprise-grade image storage solution from Docker. It is installed behind a firewall so that Docker images can be securely stored and managed. This page gathers resources about the benefits of Docker trusted registry and how to work with it.
Docker AppArmor Security Profiles — AppArmor (Application Armor) is a Linux security module that protects an operating system and its applications from security threats. To use it, a system administrator associates an AppArmor security profile with each program. Docker expects to find an AppArmor policy loaded and enforced. This page gathers resources about Docker AppArmor security profiles and how to use them to enhance container security.
Isolating Docker Containers — Docker container technology increases the default security by creating isolation layers between applications and between the application and host and reducing the host surface area which protects both the host and the co-located containers by restricting access to the host.