access the parent docker daemon from the container

recently i have a need to build/start/stop some sibling containers (vs docker within docker), the way to do it is to expose a pipelien from the host to the container:

for single container:

docker run -v /var/run/docker.sock:/var/run/docker.sock

for docker compose

image: xyz
context: .folder/to/the/controller/container/image
- 5000:5000
- ./:/app
- /var/run/docker.sock:/var/run/docker.sock

View at

actually the dameon could listen from other host (configuration):

K8s client authentication

Have been working on some serverless framework recently, which i have put onto EKS.

most of the stuff worked, except the cli, which leveraged on k8s client-go library to authen is not able to do so with EKS. (working well with Azure AKS and GCP).

turns out the issue was with k8s client-go library, which doesn’t deal with aws-iam-authenticator. as a work around, the patch is to apply the service account as a bearer token.

//command to get the token
kubectl describe secret account -n namespace | grep -E '^token' | cut -f2 -d':' | tr -d " "

then in the client-go, patch the token into the bearer header:

//retrieve the token either from secret file or env var
//token, err := ioutil.ReadFile("~/secrets/" + v1.ServiceAccountTokenKey)
//token := os.Getenv("BEARER_TOKEN")

//add the header if its not yet there
r.headers.Set("Authorization", "Bearer xxx")

//before the real http call
resp, err := client.Do(req)

refer to: