A Docker Host is a physical or virtual machine with a Linux Operation System and (at least) the Docker Engine first. The Docker Engine takes care of everything around building Docker Images or running Docker Containers and connects Docker clients to Docker servers.
You MUST use one of the following Linux Distributions:
- CentOS/Redhat
- Debian/Ubuntu
- CoreOS
A Docker Host is basically a Linux server an MUST follow all Operation and Security Guidelines that are already established at Haufe.
A Docker Host might be treated as an "immutable" host and after the initial provisioning process, NO further modifications are allowed.
As a consequence, ANY changes based on feature or security requests are introduced by switching to a new server that meets ALL THE NEW REQUIREMENTS but is identical otherwise.
IF you are planning to use the Docker Host (later) in production, you MUST install a Docker version > 1.10.2.
You MUST verify that the host is configured correctly for Docker by running The Docker Bench for Security.
Out of experience, you SHOULD treat section "1.1 Create a separate partition for containers " like a "MUST".
You MUST only install services that are required by security or operations directly on the Dockerhost:
- docker
- sshd (remote access to "bare" machine)
- monitoring tools (EXAMPLES)
- cAdvisor (metrics)
- nrpe (Nagios Remote Plugin Executor for availability checks etc.)