Now, is it one DB per container
Or one DBMS+DM per container?
Comment on How do you manage you DB in a docker environment?
IratePirate@feddit.org 4 weeks ago
One per service. Not just because it’s easy, but because it allows you to minimise blast radius. If you’re running one DB per container and one container gets compromised, only that one DB is compromised. With one centralised DB for all containers, a breach of one container means access to the data of all containers that use this database without the need for any lateral movement.
Viceversa@lemmy.world 4 weeks ago
IratePirate@feddit.org 4 weeks ago
Apologies for being imprecise on terminology. I meant the latter, per service.
placebo@lemmy.zip 4 weeks ago
How so? Each service uses its own database with credentials that provide access only to that database. Unless on top of a breach in your container there is some zero-day in your DBMS - which I find highly improbable - no other data will be affected.