Securing the Docker Platform

by Nigel Brown

The Docker platform is a key ingredient in the packaging and delivery of container-based application services. This course will give you all the knowledge you need to enable you to securely manage the operation of a Docker platform.

Preview this course

What you'll learn

Docker containers are in widespread use as the distribution vehicle for cloud native application services. An important enabler in the process of building, packaging, and running those containers is the Docker platform, which is comprised of several parts. In this course, Securing the Docker Platform, you'll learn about the fundamental aspects of security that relate to the platform components. First, you'll gain a better understanding of the platform components involved and the means of measuring compliance against an industry benchmark standard. Next, you'll discover how to configure the Docker daemon for best practice security, as well as for more flexible access control and authentication. Finally, you'll explore how to apply security controls to other aspects of the platform including a self-hosted Docker registry and a Swarm cluster. By the end of this course, you'll have the necessary knowledge to configure, measure, and optimize effective Docker platform security.

Course Overview

2mins

Course Overview 2m

Establishing a Baseline for Docker Platform Security

28mins

Module Outline 3m
Defining the Docker Platform 7m
Acting on Docker Platform Security Vulnerabilities 2m
Determining What Needs to Be Secured 7m
Measuring How Secure a Docker Platform Is 3m
Testing a Docker Platform for CIS Docker Benchmark Compliance 5m
Module Summary 1m

Optimizing the Configuration of the Docker Host

45mins

Module Outline 4m
Employing Minimal Operating Systems 7m
Deploying Docker on RancherOS in the Cloud 10m
Hardening the Host Operating System 2m
Keeping the Docker Engine Current 5m
Auditing Important Docker Artifacts 7m
Creating Audit Rules for the Docker Host 8m
Module Summary 2m

Configuring the Docker Daemon for Security

45mins

Module Outline 3m
Controlling Access to the Docker Daemon Socket 6m
Using TLS to Protect the Docker Daemon 9m
Configuring TLS for the Docker Client and Daemon 11m
Minimizing the Risk Associated with a Container Breakout 8m
Implementing User Namespaces for Containers 5m
Module Summary 3m

Enhancing Access Control to the Docker Platform

36mins

Module Outline 2m
Enhancing the Default Access Control Mechanism 5m
The Docker Plugin API 8m
Introducing the Open Policy Agent Docker Authorization Plugin 5m
Defining Authorization Policy with Rego 7m
Implementing Fine-grained Access Control to the Docker Platform 7m
Module Summary 2m

Deploying a Secure Docker Registry

51mins

Module Outline 2m
Enabling the Use of Insecure Registries 6m
Securing Communication with a Self-hosted Docker Registry 7m
Configuring TLS for the Docker Daemon and Registry 11m
Controlling Access with Basic Authentication 7m
Controlling Access with Token-based Authentication 5m
Implementing Authentication for a Self-hosted Registry 11m
Module Summary 2m

Managing Security in a Docker Swarm Cluster

38mins

Module Outline 3m
Securing Communication Between Cluster Nodes 9m
Using Secrets to Manage Sensitive Artifacts 6m
Autolocking a Cluster to Protect the Encryption Key 3m
Managing the Availability of a Swarm Cluster 8m
Recovering from a Lost Quorum 7m
Module Summary 2m

Wrapping Up

4mins

Recapping the Journey 2m
Where to Go Next 1m
Final Words 1m

About the author

Nigel Brown

Nigel is an IT professional with over 25 years of experience, gained in technical and management roles. He started his career in IT Operations, before co-founding and leading a company focused on delivering systems management solutions to some of the UK's largest companies. Recently, he has returned to his technical roots, and swapped the world of proprietary software for the open source domain. Nigel has an avid interest in the contemporary domain of microservices and container technologies. In... more

See more courses by Nigel Brown

Ready to upskill? Get started

2022 Tech Forecast and
Build Better Blueprint

Prepare for shifts and trends in the industry

Securing the Docker Platform

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Solutions

Platform

Company

Resources

Support

2022 Tech Forecast and Build Better Blueprint

Prepare for shifts and trends in the industry

Securing the Docker Platform

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Solutions

Platform

Company

Resources

Support

2022 Tech Forecast and
Build Better Blueprint

Ready to skill up
your entire team?

Ready to skill up
your entire team?