Open zpratt opened 4 years ago
The docker socket would get mounted as a volume, which will likely require the pod to run with elevated privileges on the host.
I'm not sure if this will work with kind.
It's a major security issue to give the pod access to the docker socket, given that you can then run containers as root and compromise the host. A better solution for what I'm trying to do might be to:
this would require mounting /var/lib/docker
into the container, which should be more secure than accessing the socket and can be done in a read-only fashion.
I may also have to make api calls to the docker registry in order to extrapolate information about the running application. https://github.com/joyent/node-docker-registry-client could be used for this.
https://github.com/google/nodejs-container-image-builder might be useful as well
Outline
Possibly useful libraries:
Can rely on the work in #2