Alternative to Dind (docker-in-docker) sidecar container

[Sudha Subramanian]

Hi,

I have a use case where my application container needs to pull a build image and run code inside of it. I'm considering using a DIND sidecar container and have the outer container run docker commands within the sidecar.  Requests for builds are queued in RabbitMq and gets consumed by my application container. 

I'm wondering if there is a better option using K8 Jobs insead. Is there a way I can dynamically launch a POD from a container running in a different POD?

Thanks,

Sudha

[Jay Vyas]

Hi, yes definitely.

Using the InClusterConfig, you’re pod can fire off another pod by submitting it to the API server.  

You just have to make sure it has the right RBAC service account stuff.

As an example you can check out black ducks preceptor project for security scanning ; we deploy a single container for installing several deployments / confit maps, and in the Kube/install directory, you can see how we setup RBAC for the protoform container (which is what creates all the dependent objects): 

https://github.com/blackducksoftware/perceptor-protoform .

FYI we’d like to move towards open sourcing a community around this pattern for building cloud native installers, so feedback welcome (file an issue if you have any questions on how to generically use it).

--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[Sudha Subramanian]

Hi Jay,

Thanks for the pointer. I will check this out. 

Thanks,
Sudha

[Warren Strange]

This is likely a better bet than DIND: 

https://github.com/GoogleContainerTools/kaniko