Category

Web Application Development

5 Ways to Instantly Improve Your Angular Codebase

Angular is not that easy. It requires deep learning. Building easy to read and maintain apps is no doubt an art. This article shares 5 ways to improve your Angular codebase quality. It includes everything from naming your file, complicated topics such as redux to state management. Learn how you can use all these tips for improving the way you code your Angular apps.

Let’s Begin!

1. Follow the Rules

People choose Angular over other frameworks for its rules. Angular app framework is clear about how things are to be done. This means that it comes with certain rules of its own which are to be followed to create a uniform code base across organization. 

This approach is quite useful when working across cooperation borders. That’s because it helps the newcomers to gel into the team quickly due to familiarity with the code.

In other words, you need to follow Angular design guidelines to get the most out of its framework. This will not only add quality to your code but will also make your life a lot easier.

Given below are a set of rules which you may have already familiar with. Angular Style Guide

“We  love to do things our way! We don’t want to follow someone else’s rules!”

If you don’t want to follow Angular’s rules, then you should not choose it as your front-end framework. A number of frameworks are available to suit your expectations.  You won’t feel happy working with Angular.

Naming the Files 

Naming Files is one example of some of the Angular’s rules you have to follow. Files in Angular have a very particular theme, also known as the naming convention. Every file containing an angular-structure, like a component, a pipe or a module is named in this way:

[name].[structure].[file-extension]

So, if you want to create a component to display to customers, name it “customer.” The structure would be a component and the file extension which is either “.ts”, “.css” or “.html”.

Custumer.component.ts

The Angular-cli takes care of all this stuff. It uses ng-generate command to create a structure. The file created as a result follows the naming convention. Check this tutorial to learn more about angular-cli.

2. Group Code into Modules

Placing everything into the app-module is common among developers and messes up everything. Try to avoid it and use modules. 

Modules help to organize your code into small chunks. This makes it easy to read and find errors when troubleshooting it. In addition to the cosmetic advantage, you also get to increase the user-experience by downloading only those parts that require working. 

Read a guide on modules to learn about modules if you are unfamiliar with them. However, don’t structure your modules the way you want. This would only make things worse. Luckily, Angular has defined some ways to help you structure your apps into modules.

Feature Modules

Feature Modules are one of the categories of available modules in the Angular framework. As the name gives it away, they are used to include one specific feature. These modules are created in another folder with the feature name.

For instance, the feature module for the feature “feature” is included into a directory named feature. This module follows the naming convention shared above: feature.module.ts.

Why do you need feature modules?

They structure our code in a way that makes it easy to understand and read. They also mark different features. This helps in overcoming any confusion or potential bugs that are otherwise caused due to overlapping. 

Another benefit of the feature module is lazy loading. Lazy loading is a technique which helps in downloading only the required module to a client’s device. The other modules are not downloaded.

For instance, in case of an administrative section of a blog, it is unwise to serve that code to every user visiting that site.

This code is separated into the admin section and placed into a feature module. It is loaded with the help of lazy loading. When the user visits the site, he/she only downloads the code for the blog section when visiting the blog. The other JavaScript is only loaded when he/she visits other sections.

Core and Shared-Module

Feature modules encapsulate everything into a separate module. This way it wont be used in other parts of the application, without importing it. However, in some situations, it won’t make much sense.

Going back to the same example of the blog section, suppose we have to import the admin-module to use a simple utility-directive. This would make things quite confusing and also rule out the benefits of lazy loading. For this reason, Core and Shared modules are used.

Shared Modules

  • Shared modules are used for pieces of your application that need to be used across several areas (features) of your application.
  • If a component is going to be re-used in several features, then it will be considered as a shared module.
  • Services and Pipes are usually stated as shared modules.
  • Shared modules provide a way to share common pieces to fill out feature module “sections”.

A text-formatting module is a good example of a shared module. It contains a bunch of pipes to format text in specific manner.

This module is then used by all the feature modules without breaking the encapsulation of the other modules.

Core Module

The feature and shared modules are not enough for covering our requirements. We also require another module to place the  once used app-wide services. These are encapsulated into CoreModule in a directory known as “core.”

We mention all our app-wide services used just once in this module. It is imported into the app-module.

This keeps our app-module nice and clean.

However, the core-module is not used only for services. Everything which is used app-wide but is not suitable for a shared module can be done in the core-module.

Loading spinners at the start of an app are a good example. They are not used anywhere in the app which is why creating an extra shared module is highly unsuitable for them.

Doing Private Services in Components

Usually the services in angular are provided on a global scope. But some are also provided at an application level. The global scope will only be helpful if the practice of the global-singleton-pattern is compulsory. For example if your service is responsible for storing things, you require one global instance. Otherwise, every component has its separate cache due to the scoped dependency injection in angular.

There are other services that do not need to be provided globally and are used by just one component. It’s better to provide that service inside of the component, instead of the service. Especially when that service is linked to that component.

Otherwise you would have to define the services in a module to make it accessible everywhere it may be needed.

This makes services related to features (feature-modules), which makes them easier to find and understand in the right context. This also enables benefits of lazy-loading capabilities. It also reduces the hazard of dead code.

3. Don’t Use Logic in Your Components

Keeping Logic outside your components is always a good idea. This also increases the quality of your code.

There are following reasons why you should keep your logic out of your components:

  • Testing the user-interface and testing components testing is quite difficult in comparison to pure logic testing. This is why your business logic should be in a separate service.
  • Secondly having your business logic in a separate service can help you write more effective tests efficiently and quickly. Other components can also use your logic,  when placed separately as a service. It helps to reuse more of the code and consequently write less of it.  Code that does not exist also increases the code-quality more.
  • Last but not the least the code becomes easy to read when you have logic in a separate file.

State

If we talk about the state, there are a lot of challenges that arise from each component having its own state. It confuses you and makes you lose track of which component is in which state fast. That can make fixing errors quite difficult and results in errors that no one wants to have. This could be a big problem especially in large applications.

4. Make Sure Your Async Code is Correct

As discussed above angular is a framework with strict rules to achieve code-consistency. Same is the case with asynchronous code. The angular team uses the rxjs library for all asynchronous functions. The library makes use of the observer-pattern.

Avoid Promises

RxJs somewhat joins its functionality with the standard JavaScript promise. Both are predestined to handle asynchronous code but rxjs is far better. The purported rxjs-observables can resolve to more than just one value. This means that they are multiple values, you will have to see.

You can also pass only one result to that stream, which creates an overlap with the promise. One question comes to mind in this situation. 

What should we use? The simple promise which allows us to use the TypeScript await operator? or should we use the powerful rxjs-observables? What if we use them both.

Here is my opinion;

I usually like the style of the await operator for promises, but according to my point of view, we should stick to the opinion of the framework. and that is to use rxjs everywhere.

Use rxjs everywhere.

We can see that, by observing at the angular HTTP-client, it yields rxjs-observables, even when it is clear,  A HTTP-call can never give you output in more than one response.

Joining it up will not be a good solution. That way you get different implementations which are also not compatible with each other within the application. This is not something you would want to do.

Using the Async Pipe

As stated above, rxjs-observables are a little complicated. Using them incorrectly can lead to serious bugs.

The most communal mistake I make is forgetting to unsubscribe from the observable. This not only causes memory leaks, but also results in unwanted calculations and changes in your application.

public result;
  ngOnInit() {
    this.http.get('').subscribe(result => {
      this.result = result;
    })
  }

But evading this mistake is easy in angular. You must use the angular async pipe. This pipe will inevitably unsubscribe from the observable, once the component is deleted.

public result$;
  ngOnInit() {
    this.result$ = this.http.get('');
  }

and stick in the pattern to the observable using the async pipe:

<p&gt;{{result$ | async}}</p&gt;

This way the code looks simple and clean.

5. Use a Central State Management (Such as Redux)

As your app becomes larger, the code-quality can decline intensely. Hundreds of components, each having their own state not only become confusing but also becomes difficult to debug at the same time.

Centralized state management is the solution in all such conditions. What is a centralized state management? Centralized state management states that all of our application state is stored in one single location, instead of being dispersed all over the app. The overall state is controlled by one instance, that is the only one to make changes to the state. There are many advantages of this state management.

Centralized state management is the solution in all such conditions. What is a centralized state management? Centralized state management states that all of our application state is stored in one single location, instead of being dispersed all over the app. The overall state is controlled by one instance, that is the only one to make changes to the state. There are many advantages of this state management. 

  • You don’t have to search for it. As it is all in one place, you don’t need to search through the component tree.
  • It’s easy to transfer between applications or limits the state to disk. It does not have to be obtained from several places, as it’s just one object.
  • Problems like component to component communication are resolved by this, as well. They just react to state-changes.
  • Based on which form of the central state management you select; you also get nice features like time-travel-debugging (Redux/ngrx).

Should Redux/ngrx be used?

Again, there are different opinions about this out there. Here is my point of view;

According to my personal view I don’t think that everyone should begin re-writing their apps to include redux. Even if you start from scratch, I don’t think redux needs to be used in most cases.

It totally depends on the kind of application you want to build. Here are different conditions;

  • If you want to generate large applications with several components, developed by a large team then redux will be the best option.
  • In case of medium sized-applications, not larger than the average app available on the app store, working with around 10 people, Redux must be avoided. Thats because it comes with a variety of boilerplate code which would unnecessarily complicate your app.
  • It’s a big No in case of small apps.

Because in these medium and small size applications using redux would overcomplicate the code through its hundreds of boilerplate-files. I am not in favor of boilerplate code at all.

But there is a library that is under development and it provides zero boiler-plate code while working with redux and ngrx. Its called Angular-ngrx-data and is worth checking out.

Conclusion

I hope my 5 commendations on how to increase the quality of your angular code base will help you a lot. 

Share this article with your friends and colleagues and help them become a better angular developer.

Good Luck!

AWS Lambda with Node.js: Getting Started

AWS Lambda service is used for building event-driven applications that are highly scalable, but many people are unclear about using it. You may have heard about terms such as serverless, function-as-a-service or AWS Lambda. If you want to learn more about these terms, then you are in luck. This article shares details about AWS Lambda serverless and to build a scalable image processing app with AWS Lambda and Node.js .

Defining Serverless: An Overview

There was a time when everything online was hosted on physical machines known as servers. The servers were kept in server rooms and companies mostly built and looked after their own data centers. However, this required a lot of resources, time and cost. 

In recent years, a new technology known as cloud computing has emerged in the market.  Today, all types of applications can be hosted on it easily. This means that you don’t need a data center of your own.

You can easily deploy your applications on a cloud server in minutes in any part of the world. Yet, scaling, server provisioning and maintenance was a hectic task. Fortunately, Serverless, a new shift in cloud computing technology has emerged. This has resolved the issue of server provisioning, logging, monitoring and maintenance of the entire infrastructure. This helps you to break your business logic into small single-purpose functions and work on it:

Serverless takes away the responsibility of managing servers from you, but it still requires servers and is not completely Serverless. Amazon Web Services is one such entity that falls under this category. It takes care of servers.

What are Amazon Web Services?

Amazon Web Service or commonly referred as the AWS is a renowned name in the cloud computing industry. According to their statistics, AWS offers an extremely dependable, scalable and economical infrastructure. It also hosts hundreds of thousands of businesses around 190 countries in the world.  As per Canalys’ 2018 report, AWS owns a 32.6% market share which is greater than any other company.

With this fact established, let’s move on to teaching you something that will completely blow you away.

AWS Lambda Functions

Computing service provided by AWS is called Lambda. This helps you run your code without having to deal with the cloud servers. With the help of an event, a lambda function will be triggered and die down after execution. The Lambda function only performs one thing such as fetching or creating a blog post or sending an email.

3 Ways to create a Lambda Function on AWS:

  1. You can use AWS console, a web interface offered by AWS for accessing and managing their services. However, it takes a lot of time and effort to write an application from the console and hence it’s not a recommended option.
  2. AWS also provides  Cloud based IDE. you can write, run and debug your code from the browser through it.
  3. Lastly, you can always use your local development environment with any text editor. Deploy the code with a single command. This article explores this option.

Creating an AWS Account

You must have a AWS account to trigger a lambda function.The account requirements include an email address, phone number and a legitimate credit card. You can always opt for a free tier account by AWS which allows you to use almost all the AWS services without paying anything for a year.

Here are the steps for Account Setup:

  1. Visit the AWS console.
  2. Choose “Create a Free Account.”
  3. Enter your email address, choose a strong password, contact and credit card details. Make sure all the details entered are correct.
  4. Complete identity verification process via Amazon’s phone call.
  5. You will receive a 4-digit number on your computer screen. Enter it on your phone’s keypad.
  6. Choose the free plan.
  7. Welldone! You have signed up for a brand new AWS account.

Local Development Environment Set Up

This article tutorial uses serverless framework, a CLI tool written inNode.js to write and deploy Lambda functions. It is compatible with AWS, Microsoft Azure, Google Cloud Platform, Spotinst, Kubeless, IBM OpenWhisk and more.

It is also easy to install the Serverless framework. First, you require a Node.js runtime. Install Node.js 8.10 runtime version which is compatible with AWS Lambda. Also, make sure your local development environment is close to the production environment including the runtime.

If you already have other Node.js versions installed, make use of NVM to install Node.js 8.10 runtime. NVM also helps to switch between Node.js versions.

$ nvm install v8.10

For switching between Node.js versions, do this:

$ nvm use 8.10

After Node.js runtime is ready, you need to to install the Serverless framework:

$ npm install -g serverless

For checking the Serverless framework installation.

$ serverless --version
1.40.0

How to Create a Programmatic User on AWS

The Lambda function doesn’t live in your local environment permanently. It must be transferred into the AWS environment. This procedure is called deployment. Serverless framework requires a way to access AWS resources and deploy your Lambda functions. 

This requires a programmatic user account. This account does not log into AWS console. It provides access to AWS resources through API calls with the help of access keys that you will create next.

Steps to Create a Programmatic User Account

  1. Sign in to AWS console and choose the IAM user.

2. Select Add user to start the account creation process.

3. Type lambda-example-cli as username. Enable programmatic access by checking the checkbox and click on Next: permissions to proceed.

4. Select Attach existing policy directly and search Administrator access. Check the AdinistratorAccess box. The policy is an object that defines the permissions of a user, group or role.

5. Click on the Create user button to view this screen.

6. Download or copy a CSV file that has your access Key ID and access key secret. Keep this file safe. These access keys help  to make API calls. Anyone who gets it can make API calls and can control your AWS account.

7. Configure serverless CLI through AWS credentials in order to deploy the code.

serverless config credentials --provider aws --key <your_access_key_id&gt; --secret <your_access_key_secret&gt;

Let’s first create a simple hello world app with Lambda and Node.js to get started. After that we will create an advanced app that downloads an image from a URL, rescale it and upload it to AWS S3, a scalable object storage service.

Start by using the Serverless CLI tool: 

$ serverless create --template hello-world

If the above command runs successfully, you will be able to have two files with you.

.
├── handler.js
└── serverless.yml

We supplied the –template argument to let Serverless CLI know our choice of templates. There are dozens of templates the Serverless CLI tool supports. You can find them in this repository.

This command supplies the -template argument to indicate Serverless CLI about our templates choice. Serverless CLI supports a variety of templates available in a repository.

Handler.js

Handler.js is a Lambda function where you will make your logic:

'use strict';
module.exports.helloWorld = (event, context, callback) =&gt; {
...

It accepts three arguments: event, context, and a callback.

Event

The event argument contains event data. There are different event types, and each often contains different attributes. Understanding how Lambda functions work can be a bit hard to grasp at first.

Event argument has event data. There are different event types and each type has attributes. The way Lambda functions work are a bit hard to understand at first. First thing you must know is that a Lambda function is triggered by a service and doesn’t run on its own.  Here is a list of services to invoke Lambda functions.

Context

The context argument is used to pass the runtime parameter to Lambda function.

Callback

Callback argument is used to return responses to the caller.

Serverless.yml

Serverless.yml  has API definition and other resources. These are required by your application to work properly. The article covers S3 for storing images.

Make some changes to serverless.yml. Change the runtime property to nodejs8.10. Add a new property region to the provider object. This will deploy the app to the specified region (we will do it). However, specifying it is optional and AWS will use us-east-1 by default unless specified by us. However, always choose regions close to users in production due to latency.

service: serverless-hello-world
# The `provider` block defines where your service will be deployed
provider:
  name: aws
  runtime: nodejs8.10
  region: eu-west-1
....

Deploying the App

Deploy the app with a deploy argument. Enter the  following command from the console:

$ serverless deploy

You will see the result in your console on completion. Note the endpoint here, as it’s quite important.

...
api keys:
  None
endpoints:
  GET - https://ss7n639ye3.execute-api.eu-west-1.amazonaws.com/dev/hello-world
functions:
  helloWorld: serverless-hello-world-dev-helloWorld
...

When you can access the endpoint in your browser, you will also see a request printed back to you. Pat yourself on the back. You have done your first Lambda app.

Going Advanced

Hello world app built previously was quite simple. Lets go a bit advance and build the image processing app discussed above.

You can start a new project or modify Hello World app.

Edit serverless.yml as follows:

# filename: serverless.yml
service: ImageUploaderService

# The `provider` block defines where your service will be deployed
custom:
  bucket: getting-started-lambda-example
provider:
  name: aws
  runtime: nodejs8.10
  region: eu-west-1
  stackName: imageUploader
  iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "s3:PutObject" 
      Resource: 
        - "arn:aws:s3:::${self:custom.bucket}/*" 

# The `functions` block defines what code to deploy
functions:
  UploadImage:
    handler: uploadImage.handler
    # The `events` block defines how to trigger the uploadImage.handler code
    events:
      - http:
        path: upload
        method: post
        cors: true
    environment:
      Bucket: ${self:custom.bucket} 
resources:
  Resources:
    StorageBucket:
      Type: "AWS::S3::Bucket"
      Properties:
        BucketName: ${self:custom.bucket}

The YAML file has a custom object and the bucket’s name of the bucket is defined here. You can choose a different bucket name, as you won’t be able to choose the same name I have used unless i delete it. According to the AWS documentation, “Amazon S3 bucket name is globally unique and the namespace is shared by all AWS accounts.” This means that you can not use the same bucks name after it’s created by a user through another AWS account in any AWS region until the bucket is deleted.

You will also see that we have renamed stackName as ImageUploader. A stack is a collection of AWS resources which one manages as a single unit. IamRoleStatement is also defined as global. Lambda function needs permission for accessing these AWS resources. In our case, we require permission for writing to S3 bucket. This permission is given in the IAM role statements.

Below Lambda function Upload Image, a new object named environment is added. This helps to set environment variables. We can get these via process.env object during execution. Note the handler’s name here.

We concluded it by defining the S3 bucket resource for storing images.

Adding npm packages

Dont start from scratch. Use your favorite npm packages in Lambda apps. They will be packaged with your functions on deployment.

Use uuid package to generate unique names for images and jimp for manipulating the uploaded images.Create a package.json file.

npm init

Answer the questions to get started. 

npm install jimp uuid

Update the handler’s function. Rename the function to UploadImage.js. It’s a good convention to name your function after its functionality.

// filename: uploadImage.js

"use strict";

const AWS = require("aws-sdk");
const uuid = require("uuid/v4");
const Jimp = require("jimp");
const s3 = new AWS.S3();
const width = 200;
const height = 200;
const imageType = "image/png";
const bucket = process.env.Bucket;

module.exports.handler = (event, context, callback) =&gt; {
    let requestBody = JSON.parse(event.body);
    let photoUrl = requestBody.photoUrl;
    let objectId = uuid();
    let objectKey = `resize-${width}x${height}-${objectId}.png`;

    fetchImage(photoUrl)
        .then(image =&gt; image.resize(width, height)
            .getBufferAsync(imageType))
        .then(resizedBuffer =&gt; uploadToS3(resizedBuffer, objectKey))
        .then(function(response) {
            console.log(`Image ${objectKey} was uploaed and resized`);
            callback(null, {
                statusCode: 200, 
                body: JSON.stringify(response)
            });
        })
        .catch(error =&gt; console.log(error));
};

/**
* @param {*} data
* @param {string} key
*/
function uploadToS3(data, key) {
    return s3
        .putObject({
            Bucket: bucket,
            Key: key,
            Body: data,
            ContentType: imageType
        })
        .promise();
}

/**
* @param {url}
* @returns {Promise}
*/
function fetchImage(url) {
    return Jimp.read(url);
)

In the uploadImage.js we have used fetchimage method for getting the image from the URL. Read more about jimp package’s working in the readme file.

After you have rescaled the image, it’s time to store it in the S3 bucket with the help of putObject method in the AWS SDK.

How to log in AWS Lambda functions

Logging gives clarity about how the applications run in production. This saves time when troubleshooting a problem. There are different log aggregating services such as Retrace, AWS cloudwatch and Lambda that work well together.

AWS Lambda monitors functions on your behalf and shares metrics in a report through Amazon CloudWatch. The metrics include total requests, duration and error rates. In addition to logging and monitoring, you can also log an event with console.log from your code.

console.log('An error occurred')

The handler function (uploadImage.js) we log into AWS CloudWatch when an image is successfully processed and when an errors occurs.

Deploying and testing

Deploy the existing or a new app with this Serverless deploy command:

serverless deploy

This is the output which you will also get. Note the endpoint again.

.....
  None
endpoints:
  POST - https://0sdampzeaj.execute-api.eu-west-1.amazonaws.com/dev/upload
functions:
  UploadImage: ImageUploaderService-dev-UploadImage
layers:

Make a curl request to the endpoint, so that the image is downloaded from the URL, rescaled and stored to S3 bucket. Don’t forget to change the post endpoint to the one in your console.

curl -H "Content-type: application/json" -d '{"photoUrl":"https://www.petmd.com/sites/default/files/what-does-it-mean-when-cat-wags-tail.jpg"}' 'https://0sdampzeaj.execute-api.eu-west-1.amazonaws.com/dev/upload'

Check the logs in CloudWatch and images in S3 bucket.

Summary

You learned what AWS is and how to setup an AWS account with access keys. You also learned to build the hello world app using Lambda and Node.js running in the cloud. Lastly, you also learned to create a photo processing app using the Serverless framework! That’s a lot to cover for a beginner!

Move on and build your knowledge from there about the Serverless framework and how to test the Lambda functions. Check out “Serverless Local Development” by Gareth McCumskey, a serverless and web developer.

These resources provide a great learning path to understanding AWS Lambda with Node.js.

Challenges and Best Practices of Docker s Container security

In the recent years massive adoption rates of dockers have made the security an important point to consider for firms which are using these containers for the development and production of different things.Containers are complex when compared to virtual machines or other deployed technologies. The process to secure docker containers are also very complex.

We will take a view of docker security container and explain the reason behind the complexity of docker container. We will discuss the default environments for better security and practices to monitor containers for security.

Following is the complete guide for container security:

Challenges faced by dockers container security:

Many organisations used virtual machines or bare-metal servers before Docker to host applications. These technologies are quite simple when seen from a security perspective. When hardening your development and monitoring for security relevant events you need to focus on just two layers. As APIs, overlay networks or complex software defined storage configuration are not a major part of virtual machine or bare metal developments so you do not have to worry about these.

A typical Docker environment has many moving parts hence its security is much more complicated. Those moving parts include:

  • Probably you have multiple Docker container images and individual micro services will be hosted by each one of your containers. Also probably multiple intances of each imagine will be running at a time. Proper security and monitoring will be required for these intances and images.
  • To keep the containers and its host safe, the Docker daemon need to be secured.
  • Bare metal or virtual machine might be the host server.
  • Another layer to secure is service like ECS if you use it to host your containers.
  • Communication between containers is facilitated by APIs and Overlay networks.
  • Other storage system that exists externally from your containers is Data volume.

And if you are thinking that learning to secure Docker is tough because dockers security is undoubtely much more complex than any other security system.

Best practices of Docker container security:

Luckily we can overcome the challenges. this article is not a tiring guide to security of docker but you can use this official Docker documentation),as a reference. Below are some best practices:

#1 setting of reference quotes

One easy thing in docker is configuring of resource quotas. Resource quotas helps us to limit the memory amount and resources of cpu which is consumed by the container.

This is helpful for many reasons. It helps to keep the environment of docker efficient and saves one container from mixing with other system resources. It also increases the security by saving the container from using large space or resources so that it gets prevented from any harmful activity.

Resources quotas are easily set by use of commands. View this Docker documentation.

#2 Root should not be run

We all know the feeling when we are tired and dont want to get entangled in problems related to permission setting to get an application work properly so running in root is the only option left so you dont worry about issues related to permission restrictions.

if you are a beginner it is sometimes okay to use Docker testing environment but there is no reason good enough to let a Docker container run with roof permissions in production.

Because Docker doesn’t run containers as root by default so this is an easy docker security to be followed. So you don’t have to make amendments to prevent running as a root by default in a default configuration. letting a container as a root is a temptation that needs to be resisted as it is more convenient in some situations.

If you use kubernetes to orchestrate your containers for added Docker security, you can explicitly prevent containers from starting as root. We can use MustRunAsNonRoot directive in a pod security policy.

#3 Secure container registeries

Docker is powerful because of the container registeries.It makes it easy to set central repositories which helps us in downloading the container images.

Using the container registries is a security risk if one does not know the evaluation of the security constraints.We can use Docker Trusted Registry  which can be installed in the firewalls to eradicate the risk of viruses.

The registry can be accessed from the back of firewalls and we can limit the unknown access of uploading and downloading images from our registry. Using role based access can control explicitly of unknown users or access.It is nice to leave our registry open to others but it is useful only if it stops the access of viruses and harmful things.

#4 Use of trusted and secure images

We should be sure that the the images or  container images  we use are from a trusted source. This is obvious but there are many platforms from where we can download images and they might not be trusted or verified.

One should consider not using public container registries or try to use official trusted repositories, like the ones on Docker Hub.

One can use image scanning tools which help to identify harmful sources . Mostupper level containerhave embedded scanning tools. The ones like Clair.

#5 Identify the source of your code

Docker images contain some original code and packages from upstream sources. sometimes the image downloaded can come from a trusted registry, the image can have packages from untrusted sources. these unknown packages can be made up of code taken from multiple outside sources.

That is why analysis tools are important. Downloading the sources of the Docker images and scanning the code origin we can know if any of the code is from unknown sources.

#6 network security and API

As we have seen above Docker containers depend on APIs and networks for communication. It is important to make sure that your APIs and network architectures are secure and monitoring the APIs and network activity for any unusual activity must also be checked.

As APIs and networks are not a part of Docker and are resources of Dockers so steps for securing APIs and networks are not included in this article. But it is important to check the security of the sources.

In Conclusion

Docker is a complex concept and having no simple trick for maintaining Docker container security. But one has to think carefully about steps to secure your Docker containers, and strengthen your container environment at many levels. This is the only way to ensure that you can have all the benefits of Docker containers without having major security issues.