Hacker News new | past | comments | ask | show | jobs | submit login

The issue with this kind of solution is that you need to pass your docker socket to the container. Not great.



Can you elaborate on why this is a problem? I'm fairly new to docker (and not a programmer / dev), so I'll take any tips I can get!


It basically ruins most isolation/security benefits containers provide, since having root access to this socket allows to nearly have root access to the host. This is something you want to really avoid.

I don't really have a good solution to this "reload service when certificates are updated" problem that doesn't involve heavier container orchestration.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: