Securing Kubernetes-in-Docker

Intro

  • Containerizing KinD itself (i.e., the KinD tool and all associated config is packaged in a container).
  • Improving the isolation between the KinD cluster and the host machine, by surrounding the insecure “privileged” containers deployed by KinD with a secure (unprivileged) Sysbox container.
  • Avoiding the limitations and complexity of KinD + Rootless Docker for the same.
  • Running KinD inside Kubernetes pods securely (without privileged pods or heavier VM-based approaches like KubeVirt).

Background on Sysbox

Background on K8s.io KinD

Motivation for running KinD inside a Sysbox Container

Running KinD inside a Secure Docker Container

Running KinD inside an Unprivileged Pod

Sysbox Container Image

Conclusion

Resources

Founder and CEO of Nestybox, Inc.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cesar Talledo

Cesar Talledo

Founder and CEO of Nestybox, Inc.

More from Medium

Leveraging on Zenko CloudServer for hosting a local S3 Server

Spin Up & Scale Selenium Grid Swiftly as A Containerised Application

GitOps with NSX Advanced Load Balancer and Jenkins

DigitalOcean Kubernetes Challenge: Deploy an Internal Container Registry

Digital Ocean x Kubernetes