DevOps Hunter Security Automation

In this blog-post, I would like to discuss Docker Storage and storage drivers and Application data management using Docker Volumes. Every fact we explore in detailed experimented and collected and published here. Docker Container Persistent Storage When you see the word 'Storage' we get in mind that HARD disk, CD, DVD, pen drive, shared NFS, etc., For Docker storage that referred to the storage of images, containers, volumes and we need to store the data that belongs to an application. It may be an application code or database that referred to in the application service. Each one has its own isolation with others.  Actual physical Storage deals with different devices. Linux got the Logical storage devices where you can make use of single disk into multiple disks drives called logical drives as we see in Windows (C: D:). Disk space can be shared across multiple containers partition of disks and a group of partitions. Docker uses this capability with special storage dr...

This post is a continuous post of Docker Enterprise edition  on CentOS7 usage. Let's understand the usage of the DTR. How we can integrate it with Docker UCP? How the DTR help us to maintain the docker repository easy way. What benefits we can get with DTR? As we had already installed docker-ee and UCP deployed on it with swarm cluster on a CentOS7. What is new in Docker Trusted Registry? Here I've collected some of the DTR Primary Usage Scenarios CI/CD with Docker • Image repository - Centrally located base images • Simple upgrades - Store individual build images • Scan and Pull tested images to production Containers as a Service (CaaS) • Deploy Jenkins executors or nodes • Instant-on developer environment • Selected curated apps from a catalog • Dynamic composition of micro-services (“PAAS”) General Features • Organizations, Teams & Repositories permissions UI • Search index, API & UI • Interactive API documentation • Image deletion from ind...

Hey, dear Docker DevOps enthusiast! In this post we will discuss about docker security, docker service security, docker engine-level security, etc. SELinux is Security-Enhanced Linux it provides a mechanism for supporting access control security policies SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distros. The 'root' user by default owns the processes spawned by a container are run. secgroup limits the disk quota. Security Issue Rotate your join-token for both worker and manager when there is a suspicion that someone might have got access to the token for adding managers to the cluster. Secretes are immutable in a docker swarm cluster. They cannot be updated sof if you want to modify the secret then you have to create a new secret file and update that to the existing service. step 1: First we need to Create new secret, step 2: Attach the newly created secret with an update option the service to use this n...

Hello DevOps enthusiast, In this post, We will discuss docker-compose why we need and how it can resolve the multi-container application issues. What is it's limitations? How Docker-compose works? What is Docker-compose? why? If we are working on multi-container apps then it is a hassle because we would be doing repeatedly the following tasks: Build images from Dockerfiles  Pull images from the Hub or a private registry  Configure and create multiple containers for each service required to run the application Start and stop containers individually each one Stream their logs to check the status and troubleshoot In contrast to all the above hassles, The Docker compose developed as best tool for defining & running multi-container docker applications. We can use YAML files to configure application services (docker-compose.yml) Simplified control for multi-container applications - we can start all services with a single command: docker compose up and can st...

Hello, dear DevOps enthusiast, welcome back to DevOpsHunter learners site! In this post, we would like to explore the docker networking models and different types of network drivers and their benefits. What is Docker Networking? Understanding docker networking Docker provided multiple network drivers plugin installed as part of Library along with Docker installation. You have choice and flexibilities. Basically the classification happen based on the number of host participation. SinbleHost WILL  Let's see the types of network drivers in docker ecosystem. docker network overview Docker Contianers are aim to built tiny size so there may be some of the regular network commands may not be available. We need to install them inside containers. Issue #1 Inside my container ip or ifconfig not working, How to resolve 'ip' command not working? Solution: apt update; apt install -y iproute2 Issue #2: ping command not working how to resolve this ...