Containers have grown very popular for their flexibility for app development and hosting. For containers to be deployed effectively, they require a substrate to provision and manage resources, place workloads, and adapt to failures. Container orchestration tools like Docker Swarm, Kubernetes, and Marathon simplify the management of container workloads. Unfortunately, many of these systems have not been architected with security in mind and with container orchestrators, compromise of a less-privileged node can allow an attacker to gain control of the whole system or other private resources. We spoke with Diogo Mónica
, Docker’s Security Lead, about how the company has been working on secure blocks to allow you to run a “least privilege” infrastructure where any participant only has access to the resources strictly necessary.