October 21, 2020
Intro
Continuous integration (CI) jobs often require interaction with Docker, either for building Docker images and/or deploying Docker containers.
One of the most popular DevOps tools for CI is GitLab, as it offers a complete suite of tools for the DevOps lifecycle. While GitLab is an excellent tool suite, it offers weak security when running CI jobs that require interaction with Docker.
Now, you may ask, why do I need security for my CI jobs?
Because the security weaknesses I describe allow CI jobs to perform root level operations on the machine where the job executes, thus compromising the stability of the CI infrastructure and possibly beyond. …
TL;DR Deploying Kubernetes clusters inside Docker containers is becoming popular for testing and CI/CD. However, existing tools to do this use complex Docker images and unsecure privileged containers. This post describes a new solution that enables containers to run Kubernetes in them, seamlessly and securely.
Contents
- Intro
- Why Privileged Containers?
- Why Complex Docker Images?
- K8s-in-Docker with Sysbox
- Automating things a bit with Kindbox
- The K8s Node Container Image
- K8s Node Inner Image Preloading
- Wrapping Up
Intro
Recently, Docker containers are being used as a way to deploy Kubernetes (K8s) clusters. In this setup, each Docker container acts as a K8s node, and the K8s cluster is made up of a number of these containers (some acting as control-plane nodes, others as worker nodes) connected to each other via a container network, as shown…
Intro
Jenkins is one of the best tools for Continuous Integration (CI) due to it’s maturity, huge number of plugins, support for distributed builds, etc.
One of the key features of Jenkins is its support for Docker containers (via the Docker plugin), as it makes it easy to create CI pipelines that rely on specific tools without having to install the tools in the host itself.
In fact Jenkins itself is distributed as a Docker container, which is very convenient because you avoid having to install Jenkins and its dependencies directly on the host machine.
Turns out however that there are several problems that arise when running Jenkins in a container and using the Jenkins Docker plugin in your pipelines. …
Docker containers are great at running application micro-services. But can you run Docker itself inside a Docker container? And can you do so securely?
This article describes Docker-in-Docker, the use cases for it, pros & cons of existing solutions, and how Nestybox has developed a new solution that allows you to run Docker-in-Docker securely and efficiently, without using privileged containers.
Docker users (e.g., app developers, QA engineers, and DevOps) will find this article useful.
TL;DR
If you want to see how easy it is to deploy Docker-in-Docker securely using a Nestybox system container, check this screencast (best viewed on a big…
About
