This article contains information about the Docker application that can be deployed on Cloudpanda.
This application features Docker on the CentOS 7 x64 operating system.
After the one-click Docker app finishes deploying, you will be able to log into it and start running container applications. As a basic test, the Docker engine can be started with:
docker run hello-world
For security purposes, a
docker user and group has been added to the system. It is a best practice to run containers as a limited user, such as
root. You can switch to the
docker user by logging in as
root then typing:
su - docker
If you would like users other than
docker to have the ability to run containers, simply add them to the
Fully securing a system that runs containers is an involved task. This task includes minimizing the attack surface on the Docker daemon. For a system that intends to run containers comparable to how a normal system would run binary apps, it is not as much of a concern. But for multi-tenant container configurations, or container configurations that need isolation (such as for credit card processing), securing the Docker daemon is more important.
The Docker team and RHEL team offers Selinux support for Docker on CentOS 7. It has been disabled on the Cloudpanda one-click application, but can be enabled again by editing the
/etc/selinux/config file. Instructions on how to secure Docker with Selinux are outside the scope of this document. See the links below for more information on this topic.
Visit the container category on Cloudpanda Docs for tips, tricks, and guides on Docker.
Cloudpanda applications use modern releases of software packages. Applications are configured to be deployed with specific versions of software. Over time, the Cloudpanda team will update the application offerings to include newer operating systems, package versions, etc. This document only provides up-to-date information about the latest version of this application. Cloudpanda applications are updated without notice. If you plan to build a project or infrastructure based on our application templates, we recommend taking a snapshot of the application used in your initial deployment.