Docker-in-Docker requires privileged mode to function, which is a significant security concern. Docker deamons have root privileges, which makes them a preferred target for attackers. In its earliest releases, Kubernetes offered compatibility with one container runtime: Docker. In the context of GitLab CI/CD jobs that build and publish Docker images to a container registry, docker commands in scripts might seem like an obvious choice.