7

When using Jenkins slave running in container, what are alternatives or "safe" (in terms of security) implementations for Docker in Docker.

Architecture example:

  1. Jenkins master running as Docker container
  2. Jenkins slave running as Docker container
  3. Test task executed in Docker container

Some known alternatives:

Constraints clarification: the idea is to use Jenkins as an orchestrator and Docker for clean environment, the rest of architecture is a subject to change.

rombob
  • 657
  • 5
  • 16

1 Answers1

5

To avoid relying on dind (out of building new images from a dockerfile which should be ok) I'd look around Jenkins's kubernetes plugin.

It obviously needs to bring to life a kubernetes cluster but allow to have a one time jenkins agent to run the test in a clean isolated environment, and then tear it off. The maintenance costs of the kubernetes cluster should not be greater than maintaining your Jenkins slaves.

The bonus point is that you can version you slaves with specific environment and don't have to tweak around for multiples version of ruby/java/python and let the task choose the proper "environment" by specifying the agent image to use and have a ready to test environment without any tweak pre-test.

I'd head toward kurbenetes as container scheduler because it is relatively lightweight to configure and maintain.

Tensibai
  • 11,416
  • 2
  • 37
  • 63