|
|
|
|
|
|
by bigmac
3585 days ago
|
|
|
Great points, we're working on a bunch of this stuff. Docker 1.12 in swarm mode, for example, does automatic key rotation and issuance of the TLS certs assigned to every node in the cluster. These certs are used for automatic TLS between every node in the control plane of the Docker Swarm. This is all automatic and transparent to the user -- no manual management of certificates is required. Now that we have cryptographic identities assigned to every node in the cluster we can use that to build secrets/key management in to the system. Additionally Docker 1.12 is swarm mode has overlay networking with encryption possible for container to container communications. In terms of logs, Docker supports log drivers that allow all logs within Docker containers to be exported to off-host logging services. |
|
|