I was reading this article about setting up Jenkins running inside a Docker container in a way that Jenkins is able to build Docker images itself. Although this solution works, there are some security issues as also pointed out by the author.
The main security problem lies in the fact that Jenkins needs to run Docker commands, which requires a mount of the Docker socket inside the Jenkins container (plus Jenkins need sudo to be able to run Docker commands). So whoever has access to the Jenkins web interface can run any command with full access to the host system (via running a docker container).
Therefore I'm wondering if I someone has some ideas to make this setup more secure. Not running Jenkins inside a Docker container (but directly on the host system) does not seem more secure to me since Jenkins still needs the be able to execute Docker commands (with sudo) to build new images leaving the Jenkins user still able to start up any arbitrary container. Using a firewall would be an option to limit the IP's from which Jenkins can be reached, but I was hoping that there might be some other solutions to decrease security risks.
Edit I forgot to mention that Jenkins should also be able to start the (newly created) containers on the same machine.
I suppose you are something like this.
You can mount the docker sock while running your images. -v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker and you can access docker inside jenkins container.
Please follow the below link http://container-solutions.com/running-docker-in-jenkins-in-docker/
Docker remote API exposes various endpoints to deal with images like creation, listing, inspecting etc., Refer https://docs.docker.com/engine/reference/api/docker_remote_api_v1.24/#/images.
Invoking the endpoint https://docs.docker.com/engine/reference/api/docker_remote_api_v1.24/#/create-an-image as a build step might help to build an image from a Dockerfile.