October 21, 2020

Image for post
Image for post

Intro

Continuous integration (CI) jobs often require interaction with Docker, either for building Docker images and/or deploying Docker containers.

One of the most popular DevOps tools for CI is GitLab, as it offers a complete suite of tools for the DevOps lifecycle. While GitLab is an excellent tool suite, it offers weak security when running CI jobs that require interaction with Docker.

Now, you may ask, why do I need security for my CI jobs?

Because the security weaknesses I describe allow CI jobs to perform root level operations on the machine where the job executes, thus compromising the stability of the CI infrastructure and possibly beyond. …


TL;DR Deploying Kubernetes clusters inside Docker containers is becoming popular for testing and CI/CD. However, existing tools to do this use complex Docker images and unsecure privileged containers. This post describes a new solution that enables containers to run Kubernetes in them, seamlessly and securely.

Image for post
Image for post

Contents

  • Intro
  • Why Privileged Containers?
  • Why Complex Docker Images?
  • K8s-in-Docker with Sysbox
  • Automating things a bit with Kindbox
  • The K8s Node Container Image
  • K8s Node Inner Image Preloading
  • Wrapping Up

Intro

Recently, Docker containers are being used as a way to deploy Kubernetes (K8s) clusters. In this setup, each Docker container acts as a K8s node, and the K8s cluster is made up of a number of these containers (some acting as control-plane nodes, others as worker nodes) connected to each other via a container network, as shown…


Image for post
Image for post

Intro

Jenkins is one of the best tools for Continuous Integration (CI) due to it’s maturity, huge number of plugins, support for distributed builds, etc.

One of the key features of Jenkins is its support for Docker containers (via the Docker plugin), as it makes it easy to create CI pipelines that rely on specific tools without having to install the tools in the host itself.

In fact Jenkins itself is distributed as a Docker container, which is very convenient because you avoid having to install Jenkins and its dependencies directly on the host machine.

Turns out however that there are several problems that arise when running Jenkins in a container and using the Jenkins Docker plugin in your pipelines. …


Image for post
Image for post

Docker containers are great at running application micro-services. But can you run Docker itself inside a Docker container? And can you do so securely?

This article describes Docker-in-Docker, the use cases for it, pros & cons of existing solutions, and how Nestybox has developed a new solution that allows you to run Docker-in-Docker securely and efficiently, without using privileged containers.

Docker users (e.g., app developers, QA engineers, and DevOps) will find this article useful.

TL;DR

If you want to see how easy it is to deploy Docker-in-Docker securely using a Nestybox system container, check this screencast (best viewed on a big…

About

Cesar Talledo

Founder and CEO of Nestybox, Inc.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store