|
|
|
|
|
|
by chatmasta
687 days ago
|
|
|
The issues arise when “the network” means something different at deployment time. You might plan or expect “the network” to be shared only by local services. But then you add some management GUI that needs access to it. And then you add a sidecar to that. And before you know it, you’ve got a bunch of containers, all with their own attack surface, and all with access to the dockerd socket. |
|
|