Docker enables developers to easily pack, ship, and run any application as a lightweight, portable, self-sufficient container. Docker is very popular in the industry because of the easiness to use and light weight nature as compared to the Virtual Machines. Now with the new DevOps and NoOps conventions, almost all the companies are using Docker to speed up the development and delivery of the software applications.
One of the main thing that people forgets while using Docker is its security and best practices. Docker can be easily installed on Windows, Linux and Mac OS. Containers can be deployed in docker within seconds. But what about security and best practices ?. Are you aware of that ?
How to ensure the best practices in Docker while deploying in production ?
Few points to consider for security are listed below. These can be considered as the hardening steps for docker
- Use third party images carefully. We do not know the contents of images present in some third party repositories. So always pull images from known and trusted repositories.
- Set resource limit for your container. By default, the container can use the max resources in your host machine. If something goes wrong within the container or if the process consumes more resources, it may lead to the crash of other processes within the server or even the crash of the server itself. So always set resource limit for every container.
- Enable Docker Content Trust – This is a new security feature available in Docker from versions 1.8 and above. This feature helps us to verify the authenticity of the containers present in the Docker Registry. This feature is disabled by default. This will block the images if it is not signed properly. This property can be enabled by setting the environment variable export DOCKER_CONTENT_TRUST=1
- Use open source tools like docker bench security to scan and check for the best practices.
The detailed steps to execute the docker bench security tool is mentioned in the github. This is a free and opensource utility (Apache 2.0 License). This is a very easy to use utility with a large number of automated tests.