Overview
Docker is an open-source technology that allows users to deploy applications to software containers. A Docker container is an instance of a Docker image, where the Docker image is the application, including the file system and runtime parameters.
You can create a Docker image from an installed and configured API Gateway instance and then run the Docker image inside a Docker container. To facilitate running API Gateway in a Docker container, API Gateway provides a script to use to build a Docker image and then load or push the resulting Docker image to a Docker registry hosted on-premise or in webMethods Integration Cloud.
Support for API Gateway with Docker 1.12.11 and later is available on Linux and UNIX systems for which Docker provides native support.
For details on Docker and container technology, see
Docker documentation.
Recommendations for using Docker with API Gateway
If you opt to run API Gateway in a Docker container, Software AG recommends the following:
Create a Docker image for an installed, fully configured on-premise API Gateway. Make sure the server configuration is complete before creating the image.
Consider a Docker image of API Gateway to be immutable. Software AG does not recommend making configuration or content changes on an API Gateway running in Docker container. Instead, make any changes on the on-premise API Gateway, recreate the Docker image, load or push the Docker image to the Docker repository, and then start a Docker container for the image.
Docker security
Docker, by default, has introduced a number of security updates and features, which have made Docker easier to use in an enterprise. There are certain guidelines or best practices that apply to the following layers of the Docker technology stack, that an organization can look at:
Docker image and registry configuration
Docker container runtime configuration
Host configuration
For detailed guidelines on security best practices, see the official Docker Security documentation at
https://docs.docker.com/engine/security/security/.
Docker has also developed Docker Bench, a script that can test containers and their hosts' security configurations against a set of best practices provided by the Center for Internet Security. For details, see
https://github.com/docker/docker-bench-security.
For details on how to establish a secure configuration baseline for the Docker Engine, see
Center for Information Security (CIS) Docker Benchmark (Docker CE 17.06).
For information on the potential security concerns associated with the use of containers and recommendations for addressing these concerns, see
NIST SP 800-190 publication (Application Container Security Guide)
Prerequisites for Building a Docker Image
Prior to building a Docker image for API Gateway, you must complete the following:
Install Docker client on the machine on which you are going to install API Gateway and start Docker as a daemon. The Docker client should have connectivity to Docker server to create images.
Install API Gateway, packages, and fixes on a Linux or UNIX system using the instructions in Installing Software AG Products, and then configure API Gateway and the hosted products