Securing the Docker Platform

Course Description

The Docker platform is a key ingredient in the packaging and delivery of container-based application services. This course will give you all the knowledge you need to enable you to securely manage the operation of a Docker platform.

Table of Contents

  • Course Overview
  • Establishing a Baseline for Docker Platform Security
    • Module Outline
    • Defining the Docker Platform
    • Acting on Docker Platform Security Vulnerabilities
    • Determining What Needs to Be Secured
    • Measuring How Secure a Docker Platform Is
    • Testing a Docker Platform for CIS Docker Benchmark Compliance
    • Module Summary
  • Optimizing the Configuration of the Docker Host
    • Module Outline
    • Employing Minimal Operating Systems
    • Deploying Docker on RancherOS in the Cloud
    • Hardening the Host Operating System
    • Auditing Important Docker Artifacts
    • Creating Audit Rules for the Docker Host
    • Module Summary
  • Configuring the Docker Daemon for Security
    • Module Outline
    • Controlling Access to the Docker Daemon Socket
    • Using TLS to Protect the Docker Daemon
    • Configuring TLS for the Docker Client and Daemon
    • Minimizing the Risk Associated with a Container Breakout
    • Implementing User Namespaces for Containers
    • Module Summary
  • Enhancing Access Control to the Docker Platform
    • Module Outline
    • Enhancing the Default Access Control Mechanism
    • The Docker Plugin API
    • Introducing the Open Policy Agent Docker Authorization Plugin
    • Defining Authorization Policy with Rego
    • Implementing Fine-grained Access Control to the Docker Platform
    • Module Summary
  • Deploying a Secure Docker Registry
    • Module Outline
    • Enabling the Use of Insecure Registries
    • Securing Communication with a Self-hosted Docker Registry
    • Configuring TLS for the Docker Daemon and Registry
    • Controlling Access with Basic Authentication
    • Controlling Access with Token-based Authentication
    • Implementing Authentication for a Self-hosted Registry
    • Module Summary
  • Managing Security in a Docker Swarm Cluster
    • Module Outline
    • Securing Communication Between Cluster Nodes
    • Using Secrets to Manage Sensitive Artifacts
    • Autolocking a Cluster to Protect the Encryption Key
    • Managing the Availability of a Swarm Cluster
    • Recovering from a Lost Quorum
    • Module Summary
  • Wrapping Up
    • Recapping the Journey
    • Where to Go Next
    • Final Words

Take the course!

Photo by Patryk GrÄ…dys