Nested secured DIND container with subcapacity

(Franck Besnard) #1


Need your advice/ideas/inputs.

I would like to dedicate a subset of my host capacity to an external Swarm cluster.
For example 2GB RAM out of 4, 50GB SSD out of 100, 4 cores out of 8. I’ll keep the rest of my capacity just for me.

The only solution i found so far was to use Docker in Docker (DIND) by setting limits on RAM, cores…
BUT it must run in a priviledged mode giving host-access to the DIND container. So not really secured.

Any idea how i could do that in a smart way ?


(Jérôme Petazzoni) #2

If you’re running on a physical machine, you can start a Docker VM using KVM and dedicate that Docker VM to the external Swarm cluster.

Otherwise, nested operation is not easy to do at this point, unfortunately, sorry!