Docker-in-Docker in AKS

10/24/2018

We have been tasked with setting up a container-based Jenkins deployment, and there is strong pressure to do this in AKS. Our Jenkins needs to be able to build other containers. Normally I'd handle this with a docker-in-docker approach by mounting /var/run/docker.sock & /usr/bin/docker into my running container.

I do not know if this is possible in AKS or not. Some forum posts on GitHub suggest that host-mounting is possible but broken in the latest AKS relase. My limited experimentation with a Helm chart was met with this error:

Error: release jenkins4 failed: Deployment.apps "jenkins" is invalid:
[spec.template.spec.initContainers[0].volumeMounts[0].name: Required 
value, spec.template.spec.initContainers[0].volumeMounts[0].name: Not 
found: ""]

The change I made was to update the volumeMounts: section of jenkins-master-deployment.yaml and include the following:

  -
  type: HostPath
  hostPath: /var/run/docker.sock
  mountPath: /var/run/docker.sock

Is what I'm trying to do even possible based on AKS security settings, or did I just mess up my chart?

If it's not possible to mount the docker socket into a container in AKS, that's fine, I just need a definitive answer.

Thanks,

-- W. Kokolis
azure-container-service
azure-kubernetes
jenkins

1 Answer

11/2/2018

Well, we did this a while back for VSTS (cloud TFS, now called Azure DevOps) build agents, so it should be possible. The way we did it is also with mounting the docker.sock

The relevant part for us was:

    ... container spec ...
    volumeMounts:
    - mountPath: /var/run/docker.sock
      name: docker-volume
  volumes:
  - name: docker-volume
    hostPath:
      path: /var/run/docker.sock
-- Denis Biondic
Source: StackOverflow