In this chapter, we looked at deploying TLS to all the pieces of our Docker environment so that we can ensure that everything is communicating securely and the traffic can't be intercepted and then interpreted. We also understood how to utilize the read-only containers to our advantage in order to ensure the data that is being served up can't be manipulated. We then took a look at how to provide processes with their own abstraction of items, such as networks, mounts, users, and more. We then dove into control groups, or cgroups as their more commonly referred to as, as a way to limit the resources that a process or container has. We also took a look at the Linux kernel capabilities, that is, the restrictions that are placed on a container when it is started or launched. Lastly, we dove into mitigating risks against the Docker daemon attack surface.

In the next chapter, we will look at securing Docker with third-party tools and learn which third-party tools, beyond those offered by Docker, are out there to help secure your environments to help keep your application(s) secure when running on Docker.