Hacker News new | past | comments | ask | show | jobs | submit login

Don't allow privileged containers to be created. It's in the name that it's a security risk.

With Kaniko being able to build docker images without the docker Daemon I'm not aware of other use cases for " docker in docker

What's peoples experience here?




kaniko is great but doesn't have feature parity with native docker build. Notably kaniko is missing everything related to BuildKit.


You can use standalone rootless buildkit building locally/natively and in cluster/container. You can use buildkit through docker too but docker is packing a runtime so standalone buildkit in cluster/container.


DinD is useful for vulnerability/malware scanning




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: