6.4. IAM as Docker image

The Airlock IAM Docker image is compatible with any Docker host (engine + client) that is supported by Docker Inc.

It is also compatible with Docker Compose, Kubernetes, and OpenShift platforms.

For recommended hardware profiles see https://techzone.ergon.ch/hardware-iam.

Running IAM in a container on Windows or macOS (Docker Desktop) requires increasing the underlying VM's memory to at least 4 GB. This can be done in the Docker settings.

On Windows, all docker run commands should include the options --interactive --tty, or abbreviated -it, options to allocate an interactive terminal so that ctrl-c is correctly handled when trying to stop a container, otherwise containers may remain running in the background.

While running Airlock IAM on container orchestration platforms is supported, dynamic load balancing, where containers are dynamically created, is not supported at this time.

Airlock IAM containers are designed to run at all times. More information on Airlock IAM load balancing can be found in the Airlock Gateway (WAF) documentation.

Airlock IAM Security Best Practices

Please review the documented 5. Security best practices carefully. They apply to the underlying operating system, the Docker platform and the Airlock IAM application.

Configuration

The usual means of configuring Airlock IAM, such as 8.1. Application parameters also apply to IAM in Docker. Some features are designed to integrate well with Docker best-practices, such as overriding application parameters using environment variables.

The following content focuses on Docker-specific configuration options and will otherwise link to general documentation sections.