Docker in Docker (dind) privileged true

After reading Use Docker to build Docker images | GitLab I implemented DIND like so Avoiding Kubernetes waiting for pods now I’m concerned I will fail a security audit.

It seems only sensible to use a Dockerfile to produce an artifact with Gitlab runner CI/CD, but after reading Why A Privileged Container in Docker Is a Bad Idea I am not so sure. Since the the cluster our CI/CD runners are on, the host machines also deploy to production and such.

Have I architected the cluster incorrectly?

I haven’t found a way to get around privilege for docker in docker. My guess on how to better architect it would be to set up a VM or host with docker, and configure the runner to be a shell executor.

1 Like

AWS EKS best practices seem to indicate using Kaniko instead: Docker in Docker guidance · Issue #210 · aws/aws-eks-best-practices · GitHub