Thanks you Peter for this article.
I completely agree with you about not letting any container access the docker socket.
But what is the alternative ? The Jenkins example is very pertinent and the only alternative I can think of is running a Docker in Docker instance.
But then, on the official docker in docker image page you can find a link to an article from Jérôme Petazzoni in which he recommends to use the socket binding method for Jenkins over Docker in Docker.
I would be glad to know more details about what are your recommendations regarding Jenkins running Docker commands and security.
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks you Peter for this article.
I completely agree with you about not letting any container access the docker socket.
But what is the alternative ? The Jenkins example is very pertinent and the only alternative I can think of is running a Docker in Docker instance.
But then, on the official docker in docker image page you can find a link to an article from Jérôme Petazzoni in which he recommends to use the socket binding method for Jenkins over Docker in Docker.
I would be glad to know more details about what are your recommendations regarding Jenkins running Docker commands and security.