Hello. I’m quite new to docker, but I’ve started using it for various things.
I have one question. Is docker secure enough to use for client projects alongside my infrastructure systems? For example, can I run a client’s website in a docker container on the same host as my dns, vpn, etc… also running inside docker containers?
This, of course, assumes I have configured everything properly for security. I’m not asking if there is some sort of guarantee there are no vulnerabilities in Docker.
But in general, is this doable or is it just asking for trouble? I’m at a small company with limited infrastructure resources and I’d love to start moving things into containers as opposed to each being in their own VM…if the security is there.
Docker itself is quite secure. Securing Docker use fully is up to the user, but there are constructs provided by Docker which allow apps running in Docker to be far more secure than traditional apps. Do your homework and make sure not to make mistakes such as exposing the Docker API port unencrypted, running containers as root, running outdated kernel versions, and so on.
The bigger question is whether or not you feel comfortable with applications using the same kernel as each other. If they’d be fine as separate unprivileged processes on the same machine, they’ll be fine running in Docker.