Whether you’re one of the early adopter organizations that have been using Docker for a while, or you’re just exploring Docker and trying to figure out how to jump on the container bandwagon, you want to make sure that you keep a few things in mind. These tips provide a good foundation to ensure you can implement and manage Docker containers effectively.
Docker is not the only container technology out there, but it is the de facto standard bearer for containers and it’s the most recognizable brand among the container players. Support for Docker has been integrated into a wide array of products and platforms and many organizations are either already using Docker containers or trying to understand how to get on the bandwagon.
It isn’t too difficult to succeed with Docker, but there are some tips and tricks you should follow to use it more effectively. Here are five Docker best practices you should keep in mind whether you’re already using Docker, or just thinking about it:
1. Beware of inheritance and dependencies
Your containers inherit a parent image that generally includes its base operating system and dependencies—things like dependent packages, default users, etc. Those inherited attributes and dependencies might expose your containers to unnecessary risk. Make sure you’re aware of the inherited attributes and take any additional steps necessary to further isolate and protect your containers.
2. Limit container interaction
Container security has emerged as a serious concern for many organizations—specifically how containers interact with one another and with the outside world. Your containers should not accept connections on exposed ports through any network interface. You should take steps both to control how—and how much—containers interact with each other internally, and limit the number of containers that have contact with the outside world so you can minimize exposure to external risks.
3. Monitor containers for vulnerabilities
One of the challenges of using a code repository like Docker Hub is that once a container image is uploaded to the repository nobody takes responsibility for keeping it patched and secure. It might be fine when originally created, but over time new vulnerabilities and exploits are discovered and you need to scan for those before using containers in production. A tool like Twistlock can help you monitor for and identify vulnerabilities in your container images.
Read the full post at ContainerJournal: 5 Docker Best Practices You Should Follow.