My App is composed of three containers:

• Frontend
• Backend
• Worker

I need the Backend to be able to run commands in the worker using the Docker API. It is well explained here https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/ (The socket solution part).

But there is a security issue, as the Backend container would also have access to make actions on the Frontend and Backend containers.

So here is my question, is-it possible to limit access to only one container ?

If not, do you have any suggestion ?

docker_question1247×723 65 KB

Many thanks for your help

You can either take a look at https://www.openpolicyagent.org/docs/latest/docker-authorization/ or switch to Kubernetes and make use of a service account and RBAC to restrict what it’s allowed to do.

Thank you meyay, I have explored a bit these two possibilties. After some reflexion, I think the best approach is to use an SSH connection between my backend container an my worker container.