Running Docker commands inside Jenkins pipeline

1/19/2021

Is there a proper way to run Docker commands through a Jenkins containerized service?

I see there are many plugins to support Docker commands in the Jenkins ecosystem, although all of them raise errors because Docker isn't installed in the Jenkins container.

I have a Dockerfile that provides a Jenkins image with a working Docker installation, but to work I have to mount the host's Docker socket:

FROM jenkins/jenkins:lts

USER root

RUN apt-get -y update && \
    apt-get -y install sudo \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

RUN add-apt-repository \
    "deb [arch=amd64] https://download.docker.com/linux/debian \
    $(lsb_release -cs) \
    stable"

RUN apt-get -y update && \
    apt-get -y install --allow-unauthenticated \
    docker-ce \
    docker-ce-cli \
    containerd.io

RUN echo "jenkins:jenkins" | chpasswd && adduser jenkins sudo

RUN echo jenkins ALL= NOPASSWD: ALL >> /etc/sudoers

USER jenkins

It can be run like this:

docker run -d -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock

This way it's possible to run Docker commands inside the Jenkins container. Although, I am concerned about security: namely this way the Jenkins container can access all the containers running in the host machine, moreover Jenkins is a root user, which I wouldn't like for production.

I seek to run a Jenkins instance within a Kubernetes cluster to support CI and CD pipelines within that cluster, therefore I'm guessing Jenkins must be containerized.

Am I missing something?

-- Marco Miduri
docker
dockerfile
jenkins
jenkins-pipeline
kubernetes

0 Answers