Have you actually ever verified it? If you are a developer, you probably deal with already set up environment and your only job is to write a Dockerfile and push an image to a registry (or even less work if use Continues Integration). Altough I’m going to focus on production environment where Docker images are pulled and running, which is set up by DevOps or sysAdmiss, there’s still a good few things to check on your end to increase the level of security:
How to organize multi-container application Sidecar pattern Let’s start with a single node. It’s a common practice to seperate concerns also on the container levels. One container could act as a static content server, and the other could perform computations. They both exist on the same node and both have access to the same resources - although you may allocate different CPU and memory consumption. Another popular scenario is to have a seperate container that handles logs of the other container as both share the same disk volume.
Build your network of containers There’s a lot of tutorials showing how to link containers using the docker run –link option, but the link flag is a depricated feature of Docker and may be eventually removed. I will show you how to link containers via docker network providing a template of Dockerfile for your Golang application, but the focus here is really on the process. It’s there already… Assuming you haven’t created any networks yet, executing docker network ls should list the default Docker networks:
Be pragmatic I’m currently looking for a job and I found a weird pattern about Docker questions. Once I confirmed I had worked with Docker, no more questions were asked… Lucky me you may think, but that made me wonder why is that. Working with Docker is failry easy. Docker simplified the process of working with isolated resources providing a high-level API to run processes in isolation, but does it not deserve to a little chat about it during an interview?