Replies: 2 comments
-
|
I didn't see #95 earlier. I think that would also be solved by this. I only tested it in KIND and AWS yet. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Thank you for the discussion, fix and updates. Appreciate it @nmiekley 🙏 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I would like to talk about updating the DIND scenario.
The original idea is that docker is running on the worker nodes and managing the containers for kubernetes. However, with kubernetes deprecation for docker shim this is no longer the case. Now, either containerd or cri-o is used as container runtime for kubernetes.
The same exploit can still be done, we only have to use the containerd or cri-o sockets.
Btw, the current setup also has a funny effect in KIND: here the docker daemon you gain control over is the one on your machine running the kind node. You can still get control of the KIND node and the containerd inside, but that is not really a production relevant scenario.
Beta Was this translation helpful? Give feedback.
All reactions