iCompaas Support

Profile Applicability:

• Level 1 

Description:

Experimental features in Docker provide advanced functionalities that may not be fully tested or stable. In production environments, these features should be disabled to ensure that only stable, well-tested features are used.

Rationale:

Enabling experimental features in production can lead to instability, unexpected behavior, and security vulnerabilities. By disabling these features in production, you ensure that the Docker environment remains stable and secure.

Impact:

Pros:

• Reduces the risk of encountering bugs, vulnerabilities, and performance issues associated with experimental features.

• Ensures that Docker’s functionality in production is stable and well-supported.

Cons:

• Some desired experimental features may not be available in production, requiring careful consideration of the feature set used.

Default Value:

• Experimental features are enabled by default in some Docker versions, but should be explicitly disabled in production environments.

Pre-requisites:

• Docker installed and running.

• Administrative privileges on the Docker host system.

Remediation:

Test Plan:

Using AWS Console:

1. Log in to the EC2 instance running Docker.

2. Check the Docker configuration to verify if experimental features are enabled:

docker info | grep "Experimental"

Using AWS CLI:

1. Connect to the EC2 instance where Docker is running.

2. Run the following command to check the experimental feature status:

docker info | grep "Experimental"

Implementation Plan:

Using AWS Console:

1. Log in to the EC2 instance.

2. Modify the Docker daemon configuration file /etc/docker/daemon.json to disable experimental features:
   

   {
     "experimental": false
   }

3. Restart Docker to apply the changes:

Using AWS CLI:

1. Use SSM to disable experimental features and restart Docker:

aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["echo \'{\"experimental\": false}\' > /etc/docker/daemon.json && sudo systemctl restart docker"]'

Backout Plan:

Using AWS Console:

3. Log in to the EC2 instance.

4. Re-enable experimental features by editing the /etc/docker/daemon.json file:
   

   {
     "experimental": true
   }
   
   

5. Restart Docker:

Using AWS CLI:

1. Use SSM to revert the experimental feature setting and restart Docker:

aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["echo \'{\"experimental\": true}\' > /etc/docker/daemon.json && sudo systemctl restart docker"]'

References:

• Docker Experimental Features Documentation

• CIS Docker Benchmark