Today I want to present a specific case in which privileges are granted to a container and give some alternatives. One of the most popular Continuous Integration tools is Jenkins. It stands out for the amount of plugins that its community makes available to users and the freedom it grants to create pipelines. In addition, it offers us images with which it can be deployed in containers, including in a Kubernetes cluster!
In a previous post, I talked about the problem of granting privileges to a container and the risks that this entails. Today I want to present a specific case in which privileges are granted to a container and give some alternatives.
One of the most popular Continuous Integration tools is Jenkins. It stands out for the amount of plugins that its community makes available to users and the freedom it grants to create pipelines. In addition, it offers us images with which it can be deployed in containers, including in a Kubernetes cluster!
And you would imagine that doing this would be pretty easy: you write a deployment that has a pod with the Jenkins image and you already have it (apart from installing plugins and configuring it). But what if I want to build images inside a pipeline?
Well, then you need the Docker CLI or Docker plugin for Jenkins. But these, in turn, need a Docker daemon to be able to make the corresponding requests. Things start getting complicated.
In this post we are going to explore, step by step, different approaches to deploying Jenkins with Docker in Kubernetes, and explain the evolution of each one.
The most straightforward deployment is simply installing a Docker daemon. You take the Jenkins base image, install the Docker Engine, and create a custom image with both programs. Done!
This is possible; you can try it and it works. But it has certain implications that make it a bad option:
/var/lib/dockeras a volume in each container. But Docker is intended to have exclusive access to this directory, and having two or more daemons accessing it at the same time can lead to data corruption problems.
--privilegedin Docker or
securityContext.privileged: truein Kubernetes). It is a requirement. This implies serious security risks, which we explain in this post.
Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.
Get Hands-on experience on Kubernetes and the best comparison of Kubernetes over the DevOps at your place at Kubernetes training
Following the second video about Docker basics, in this video, I explain Docker architecture and explain the different building blocks of the docker engine; docker client, API, Docker Daemon. I also explain what a docker registry is and I finish the video with a demo explaining and illustrating how to use Docker hub.
As a DevOps engineer at Cloudify.co, I am building a new CI/CD pipeline based on Kubernetes and Jenkins. Recently I was dealing with the existent backup mechanism for Jenkins which stopped to work and I was in need of another solution. In this post, I will share my solution.
Yep, you read it right…the Docker Certified Associate (DCA) certification has changed so much recently that the majority of the exam is now about Kubernetes.There’s plenty of material online for those preparing to take this exam, so I’ll just share my experience and hopefully shed some light on how to study for it.