More secure DinD in GitLab CI

2020-12-31 Infrastructure Niclas Roßberger

If you are reading this article you probably already know how to use DinD (DockerInDocker) in GitLab CI. The default way is to set privileged=true in your Runner-config. This little flag makes everything work; but at the cost of security. There are many articles regarding this topic, eg. this one. The baseline is, if you run a container privileged, and the container uses the root-user inside, you can lose the whole server. Continue reading

More secure deployments via ssh

2020-08-21 Infrastructure Linux Deployment Niclas Roßberger

If we deploy an application automatically we have to grant the CI (Continuous Integration) access to the server. Common practice is to do that via a GitLab Runner or an ssh account on the server. Personally I would not recommend using a GitLab Runner for deployments, because you have to maintain it. Another potential issue is, that you normally register runners for your whole GitLab instance or groups. That results in a scenario in which everyone can use that runner and accidentally (or not) destroy, for example, your production server. Continue reading

Powered by Bilberry Hugo Theme