Skip to content
/ dockerbox Public

Container that runs a Docker daemon configured for running user code.

License

MIT license
13 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gliderlabs/dockerbox

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
app
app
 
 
cmd/dockerbox
cmd/dockerbox
 
 
lib/subprocess
lib/subprocess
 
 
run
run
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
dockerbox.toml
dockerbox.toml
 
 

Repository files navigation

dockerbox

Container that runs a Docker daemon configured for running user code.

Currently it runs Docker in Docker with configuration that increases container isolation. It also adds extra iptables rules and makes it easy to add new IPs to block via config file.

The architecture is modular so new components can be added to augment the Docker daemon.

PLEASE CONTRIBUTE by adding any configuration I've missed that will further isolate/secure containers run by this Docker daemon.

Run in Docker

$ docker run -d -p 12375:2375 --privileged gliderlabs/dockerbox
$ DOCKER_HOST=tcp://127.0.0.1:12375 docker ps

Run on Kubernetes

Should be run as a Daemon Set but feel free to run however. Working manifest in run:

$ kubectl apply -f run/dockerbox.yaml

Now a headless service is available to use, typically via DNS. A container running in Kubernetes with a Docker client can do:

$ DOCKER_HOST=tcp://dockerbox.default.svc.cluster.local:2375 docker ps

About

Container that runs a Docker daemon configured for running user code.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

13 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages