Book Image

Docker Deep Dive - Second Edition

By : Nigel Poulton
5 (1)
Book Image

Docker Deep Dive - Second Edition

5 (1)
By: Nigel Poulton

Overview of this book

Most applications, even the funky cloud-native microservices ones, need high-performance, production-grade infrastructure to run on. Having impeccable knowledge of Docker will help you thrive in the modern cloud-first world. With this book, you will gain the skills you need in order to work with Docker and its containers. The book begins with an introduction to containers and explains their functionality and application in the real world. You will then get an overview of VMware, Kubernetes, and Docker and learn to install Docker on Windows, Mac, and Linux. Once you have understood the Ops and Dev perspective of Docker, you will be able to see the big picture and understand what Docker exactly does. The book then turns its attention to the more technical aspects, guiding you through practical exercises covering Docker engine, Docker images, and Docker containers. You will learn techniques for containerizing an app, deploying apps with Docker Compose, and managing cloud-native applications with Swarm. You will also build Docker networks and Docker overlay networks and handle applications that write persistent data. Finally, you will deploy apps with Docker stacks and secure your Docker environment. By the end of this book, you will be well-versed in Docker and containers and have developed the skills to create, deploy, and run applications on the cloud.
Table of Contents (2 chapters)

15: Security in Docker

Good security is all about layers and defence in depth. Docker supports all the major Linux security technologies as well as plenty of its own.

In this chapter, we’ll look at some of the technologies that make running containers very secure.

Large parts of the chapter will be specific to Linux. However, the Docker security technologies section is platform agnostic and applies equally to Linux and Windows.

Security in Docker - The TLDR

Security is about layers, and more layers = more secure. Fortunately, we can apply lots of layers of security to Docker. Figure 15.1 shows some of the security-related technologies we’ll cover in the chapter.

Figure 15.1
Figure 15.1

Docker on Linux leverages most of the common Linux security and workload isolation technologies. These include namespaces, control groups, capabilities, mandatory access control (MAC), and seccomp. For each one, Docker ships with “sensible defaults” for a moderately...