Understanding security in swarm mode
Docker's security-in-depth approach covers the whole software life cycle, from image signing and scanning at build time through to container isolation and management at runtime. I'll end this chapter with an overview of the security features implemented in swarm mode.
Distributed software offers a lot of attractive attack vectors. Communication between components can be intercepted and modified. Rogue agents can join the network and gain access to data or run workloads. Distributed data stores can be compromised. Docker swarm mode, built on top of the open source SwarmKit project, addresses these vectors at a platform level so your application is running on a secure base by default.
Nodes and join tokens
You switch to swarm mode by running docker swarm init. The output of this command gives you a token to use for other nodes to join the swarm. There are separate tokens for workers and managers. Nodes cannot join a swarm without the token, so you need to...
