Project 1: Containerization of a Two-Tier Application using Docker, Docker Compose, and Image Scanning with Docker Scout

Tools Required:

• Docker: For creating and managing containers.
• Docker Compose: For defining and running multi-container Docker applications.
• Docker Scout: For Scanning Docker images for vulnerabilities.
• Any code editor (like Visual Studio Code, Atom, etc.)
• Access to a basic two-tier application source code (e.g., a simple web app with a database backend).

Overview/Description:

This project involves containerizing a two-tier application (such as a web application with a database) using Docker and orchestrating the containers using Docker Compose. The project will also include using Docker Scout to scan the created Docker images for security vulnerabilities. This will give practical experience in containerization, orchestration, and security aspects of Dockerized applications.

Code Repository:

• Repository Platform: GitHub
• Repository Link: https://github.com/neamulkabiremon/flask-app.git
• Access Instructions: Clone the repository to your local machine using Git. Instructions on cloning a repository can be found on GitHub's help pages.

Requirements:

Functional Requirements:

1. Containerize each component of the two-tier application using Docker.
2. Use Docker Compose to define and run the multi-container application.
3. Ensure network communication between containers (e.g., web app container communicating with the database container).
4. Scan the Docker images with Docker Scout and address any reported vulnerabilities.

Non-Functional Requirements:

1. Performance: The containers should be optimized for performance, considering aspects like image size and startup time.
2. Security: Implement best practices for Docker security, including managing secrets and using least privilege principles.
3. Documentation: Provide a README file with clear instructions on how to build, run, and scan the application.

In this Project, I Successfully containerised a two-tier application using Docker and orchestrated the deployment with Docker Compose. Gained expertise in Docker image creation, and management, and performed vulnerability scanning using Docker Scout. This project enhanced my understanding of containerization, network communication between containers, and security practices in Docker environments.

Step-by-Step Deployment Guide:

1. Clone the application from GitHub:

git clone https://github.com/neamulkabiremon/flask-app.git        

1. Navigate to the cloned directory:

cd flask-app        

1. Create a Dockerfile for the web application. Example Dockerfile:

# Use an official Python runtime as the base image
FROM python:3.9-slim

# Set the working directory in the container
WORKDIR /app

# Install required packages for system
RUN apt-get update \
    && apt-get upgrade -y \
    && apt-get install -y gcc default-libmysqlclient-dev pkg-config \
    && rm -rf /var/lib/apt/lists/*

# Copy the requirements file into the container
COPY requirements.txt .

# Install app dependencies
RUN pip install mysqlclient
RUN pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application code
COPY . .

# Specify the command to run your application
CMD ["python", "app.py"]        

1. Create a Docker Compose file to define and run the multi-container application. Example docker-compose.yml:

version: '3'
services:
  
  backend:
    build:
      context: .
    ports:
      - "5000:5000"
    environment:
      MYSQL_HOST: mysql
      MYSQL_USER: admin
      MYSQL_PASSWORD: admin
      MYSQL_DB: myDb
    depends_on:
      - mysql

  mysql:
    image: mysql:5.7
    ports:
      - "3306:3306"
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: myDb
      MYSQL_USER: admin
      MYSQL_PASSWORD: admin
    volumes:
      - ./message.sql:/docker-entrypoint-initdb.d/message.sql   # Mount sql script into container's /docker-entrypoint-initdb.d directory to get table automatically created
      - mysql-data:/var/lib/mysql  # Mount the volume for MySQL data storage

volumes:
  mysql-data:         

1. Ensure network communication between containers is enabled. Update application configuration if needed.
2. Run Docker Compose to build and run the application:

docker-compose up -d --build        

Let's check if the application is running on the specified port or not.

HTTP://44.203.53.151:5000

1. Scan Docker images with Docker Scout:To conduct a thorough scan of your Docker image using Docker Scout, you'll require either the Docker-Scout CLI or the Docker Desktop Engine. If Docker Desktop is already installed on your system, you can seamlessly utilize the integrated Docker Scout feature. For demonstration purposes, I've uploaded the application's Docker image to Docker Hub and subsequently initiated a scan via the Docker Scout CLI on my MacBook, where Docker Desktop is installed.

docker-scout quickview neamulkabiremon/flask-app_backend:latest        

1. I have Addressed 3 High Severity vulnerabilities based on Docker Scout vulnerability scan results.
2. I have Optimized Docker containers for performance and security.

Note: Modify the Dockerfile, docker-compose.yml, and other configuration files as per your application's requirements. Ensure to follow best practices and security measures throughout the project implementation.