Docker in Docker (dind) privileged true

hendry · August 11, 2022, 3:16am

After reading Use Docker to build Docker images | GitLab I implemented DIND like so Avoiding Kubernetes waiting for pods now I’m concerned I will fail a security audit.

It seems only sensible to use a Dockerfile to produce an artifact with Gitlab runner CI/CD, but after reading Why A Privileged Container in Docker Is a Bad Idea I am not so sure. Since the the cluster our CI/CD runners are on, the host machines also deploy to production and such.

Have I architected the cluster incorrectly?

jonenf · August 11, 2022, 5:16pm

I haven’t found a way to get around privilege for docker in docker. My guess on how to better architect it would be to set up a VM or host with docker, and configure the runner to be a shell executor.

hendry · August 16, 2022, 7:41am

AWS EKS best practices seem to indicate using Kaniko instead: Docker in Docker guidance · Issue #210 · aws/aws-eks-best-practices · GitHub

Topic		Replies	Views
Do not use Docker-in-Docker? GitLab CI/CD	1	1017	February 3, 2019
Why use docker and docker dind for docker tasks? GitLab CI/CD ci , runner , docker	0	1289	December 19, 2019
How does gitlab.com securely run docker:dind with privileged access? GitLab CI/CD	0	1029	July 27, 2016
Is the docker daemon running? dind GitLab CI/CD	6	12361	July 19, 2023
Gitlab managed Kubernetes privileged runner GitLab CI/CD	1	472	October 21, 2020

Docker in Docker (dind) privileged true

Related topics