Docker Community Forums

Share and learn in the Docker community.

Containers without Shell access


(Kevinmaschke) #1


We’re trying to create images to run on Kubernetes which DON’T have shell access. We want NO person to be able to access these containers. Is there any way to do this? Any way to restrict/block SH access to a container?

This is because we ran a KeyStore (DB) which has public and private keys, and which is queryable through an API. But this DB should ONLY be accessible through the API. Not even us, who create the container should be able to have SH access.

Thanks a lot to anyone who has any idea on how to accomplish this!

(Raj Chaudhuri) #2

If your application does not need a shell, then just don’t include a shell in the image.

(Keir Whitlock) #3

Perhaps the distroless image is something of use here:

but it is fairly limited in applications.