Skip to content

A HelmChart to provide a secure rootless remote dind service for other deployments.

License

Notifications You must be signed in to change notification settings

AustrianDataLAB/secure-remote-dind

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Secure Remote Docker-in-Docker

A HelmChart to provide a secure rootless remote dind service for other deployments.

What to expect / How to use it?

The following example demonstrates how a gitlab-runner can access the secure-remote-dind service via mTLS certificate authorization which is provided by the cert-manager CSI Driver. Furthermore the gitlab-runner-jobs are configured to use minio-s3 as cache.

See the examples directory for the demo deployment.

secureremotedind.drawio

Motivation

We needed to have rootless docker-in-docker support for our CI/CD pipelines without giving privileged access to the runner pods.

Future Work

  • Create a ClusterIssuer with a CertificateRequestPolicy to allow multiple namespaces to authorize against the dind service.
  • Remove PSPs.
  • Metrics export for the dind service.
  • Health endpoint for the dind service.

About

A HelmChart to provide a secure rootless remote dind service for other deployments.

Resources

License

Stars

Watchers

Forks

Packages