October 21, 2020


Continuous integration (CI) jobs often require interaction with Docker, either for building Docker images and/or deploying Docker containers.

One of the most popular DevOps tools for CI is GitLab, as it offers a complete suite of tools for the DevOps lifecycle. While GitLab is an excellent tool suite, it offers weak security when running CI jobs that require interaction with Docker.

Now, you may ask, why do I need security for my CI jobs?

Because the security weaknesses I describe allow CI jobs to perform root level operations on the machine where the job executes, thus compromising…

TL;DR Deploying Kubernetes clusters inside Docker containers is becoming popular for testing and CI/CD. However, existing tools to do this use complex Docker images and unsecure privileged containers. This post describes a new solution that enables containers to run Kubernetes in them, seamlessly and securely.


  • Intro
  • Why Privileged Containers?
  • Why Complex Docker Images?
  • K8s-in-Docker with Sysbox
  • Automating things a bit with Kindbox
  • The K8s Node Container Image
  • K8s Node Inner Image Preloading
  • Wrapping Up


Recently, Docker containers are being used as a way to deploy Kubernetes (K8s) clusters. In this setup, each Docker container acts as a K8s node, and…


Jenkins is one of the best tools for Continuous Integration (CI) due to it’s maturity, huge number of plugins, support for distributed builds, etc.

One of the key features of Jenkins is its support for Docker containers (via the Docker plugin), as it makes it easy to create CI pipelines that rely on specific tools without having to install the tools in the host itself.

In fact Jenkins itself is distributed as a Docker container, which is very convenient because you avoid having to install Jenkins and its dependencies directly on the host machine.

Turns out however that there are…

Docker containers are great at running application micro-services. But can you run Docker itself inside a Docker container? And can you do so securely?

This article describes Docker-in-Docker, the use cases for it, pros & cons of existing solutions, and how Nestybox has developed a new solution that allows you to run Docker-in-Docker securely and efficiently, without using privileged containers.

Docker users (e.g., app developers, QA engineers, and DevOps) will find this article useful.


If you want to see how easy it is to deploy Docker-in-Docker securely using a Nestybox system container, check this screencast (best viewed on a big…

Cesar Talledo

Founder and CEO of Nestybox, Inc.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store