How can I get docker running in Jenkins nodes which are containers?

6/4/2021

I am trying to get docker running on Jenkins which itself is a container. Below is part of the Pod spec.

cyrilpanicker/jenkins is an image with Jenkins and docker-cli installed. For Docker daemon, I am running another container with docker:dind image (The nodes are running on a k8s cluster). And to get docker.sock linked between them, I am using volume mounts.

spec:
  containers:
    - name: jenkins
      image: cyrilpanicker/jenkins
      volumeMounts:
        - mountPath: /var/run/docker.sock
          name: docker-socket
    - name: docker
      image: docker:dind
      securityContext:
        privileged: true
      volumeMounts:
        - mountPath: /var/run/docker.sock
          name: docker-socket
  volumes:
    - name: docker-socket
      hostPath:
        path: /docker.sock
        type: FileOrCreate

But this is not working. Below are the logs from the docker container.

time="2021-06-04T20:47:26.059792967Z" level=info msg="Starting up"
time="2021-06-04T20:47:26.061956820Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
failed to load listeners: can't create unix socket /var/run/docker.sock: device or resource busy

Can anyone suggest another way to get this working?

-- Cyril
docker
docker-in-docker
jenkins
kubernetes

1 Answer

6/5/2021

According to the kubernetes docs, hostPath mounts a path from node filesystem, so if I understand correctly, this is not what you want to achieve. I'm afraid that it isn't possible do mount single file as a volume, so even if you remove hostPath from volumes, docker.sock will be mounted as directory:

jenkins@static-web:/$ ls -la /var/run/
total 20
drwxr-xr-x 1 root root 4096 Jun  5 14:44 .
drwxr-xr-x 1 root root 4096 Jun  5 14:44 ..
drwxrwxrwx 2 root root 4096 Jun  5 14:44 docker.sock

I would try to run docker daemon in dind container with TCP listener instead of sock file:

spec:
  containers:
    - name: jenkins
      image: cyrilpanicker/jenkins
    - name: docker
      image: docker:dind
      command: ["dockerd"]
      args: ["-H", "tcp://127.0.0.1:2376"]
      ports:
        - containerPort: 2376
      securityContext:
        privileged: true
jenkins@static-web:/$ docker -H tcp://127.0.0.1:2376 ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

And then configure jenkins to use tcp://127.0.0.1:2376 as a remote docker daemon.

-- Arek
Source: StackOverflow