Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b43b4548
Commit
b43b4548
authored
Nov 20, 2020
by
Steve Azzopardi
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactor Docker socket binding documentation
parent
898ea4be
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
16 deletions
+16
-16
doc/ci/docker/using_docker_build.md
doc/ci/docker/using_docker_build.md
+16
-16
No files found.
doc/ci/docker/using_docker_build.md
View file @
b43b4548
...
...
@@ -369,15 +369,15 @@ The third approach is to bind-mount `/var/run/docker.sock` into the
container so that Docker is available in the context of that image.
NOTE:
**Note:**
If you bind the Docker socket
[
when using GitLab Runner 11.11 or
new
er
](
https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/1261
)
,
you can no longer use
`docker:19.03.12-dind`
as a service
because v
olume bindings
If you bind the Docker socket
and you are
[
using GitLab Runner 11.11 or lat
er
](
https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/1261
)
,
you can no longer use
`docker:19.03.12-dind`
as a service
. V
olume bindings
are done to the services as well, making these incompatible.
In order to do that, follow the steps
:
To make Docker available in the context of the image
:
1.
Install
[
GitLab Runner
](
https://docs.gitlab.com/runner/install/
)
.
1.
Register GitLab Runner from the command line to use
`docker`
and share
`/var/run/docker.sock`
:
1.
From the command line, register a runner with the
`docker`
executor
and share
`/var/run/docker.sock`
:
```
shell
sudo
gitlab-runner register
-n
\
...
...
@@ -389,13 +389,13 @@ In order to do that, follow the steps:
--docker-volumes
/var/run/docker.sock:/var/run/docker.sock
```
Th
e above
command registers a new runner to use the special
`docker:19.03.12`
image
which is provided by Docker.
**
Notice that it's using
the Docker daemon of the runner itself
, and a
ny containers spawned by Docker
Th
is
command registers a new runner to use the special
`docker:19.03.12`
image
, which is provided by Docker.
**
The command uses
the Docker daemon of the runner itself
. A
ny containers spawned by Docker
commands are siblings of the runner rather than children of the runner.
**
This may have complications and limitations that are unsuitable for your workflow.
The above command creates a
`config.toml`
entry similar to
this:
Your
`config.toml`
file should not have an entry like
this:
```
toml
[[runners]]
...
...
@@ -412,9 +412,9 @@ In order to do that, follow the steps:
Insecure
=
false
```
1.
You can now use
`docker`
in the build script (note that y
ou don't need to
include the
`docker:19.03.12-dind`
service
as when using the Docker in Docker
executor)
:
1.
Use
`docker`
in the build script. Y
ou don't need to
include the
`docker:19.03.12-dind`
service
, like you do when you're using
the Docker-in-Docker executor
:
```
yaml
image
:
docker:19.03.12
...
...
@@ -429,18 +429,18 @@ In order to do that, follow the steps:
-
docker run my-docker-image /script/to/run/tests
```
While the above method avoids using Docker in privileged mode, you should be
aware of the following implications
:
This method avoids using Docker in privileged mode. However,
the implications of this method are
:
-
By sharing the Docker daemon, you are effectively disabling all
the security mechanisms of containers and exposing your host to privilege
escalation which can lead to container breakout. For example, if a project
escalation
,
which can lead to container breakout. For example, if a project
ran
`docker rm -f $(docker ps -a -q)`
it would remove the GitLab Runner
containers.
-
Concurrent jobs may not work; if your tests
create containers with specific names, they may conflict with each other.
-
Sharing files and directories from the source repository into containers may not
work as expected
since v
olume mounting is done in the context of the host
work as expected
. V
olume mounting is done in the context of the host
machine, not the build container. For example:
```
shell
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment