Skip to content

stensonb/fraterdocker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Fraterdocker

This is binary provides a wrapper socket for docker.socket which provides a virtual cleanroom (but not secure (SEE BELOW)) for running jenkins build agents in docker.

Fraterdocker

Features

  • jenkins jobs may use standard docker CLI and API calls against the provided socket
  • calls to docker ps will return only those containers built via this wrapper socket

Known Limitations

How

The wrapper socket intercepts all API calls, and:

  • injects container labels on all docker run API calls
  • adds label filters for the container labels on all docker ps API calls

Why?

When jenkins agents use docker, they call docker ps -aq | xargs docker rm -f to ensure a "cleanroom" for docker builds, functional tests, etc. This wrapper prevents the jenkins agent from killing itself (since it's a docker container) and any other non-jenkins container from being destroyed.

HUGE DISCLAIMER: This is not meant as a "secure" solution. This only labels containers and filters for them.

issues

  1. cleanup on shutdown (hook os.signal and call cleanup on all middlewares, remove socket, etc)
  2. refactor/organize code
  3. update readme (specific invariants (paths, sockets, middlewares...))
  4. tests (middleware unit tests, etc)
  5. build pipeline

Roapmap

  1. define security model
  2. implement security model

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published