Commit b87e80a0 authored by Amy Qualls's avatar Amy Qualls

Merge branch 'patch-1' into 'master'

Update using_docker_build.md

See merge request gitlab-org/gitlab!39045
parents 9cf336a1 3f89e30d
...@@ -32,7 +32,7 @@ during jobs. ...@@ -32,7 +32,7 @@ during jobs.
## Runner Configuration ## Runner Configuration
There are three methods to enable the use of `docker build` and `docker run` There are three methods to enable the use of `docker build` and `docker run`
during jobs; each with their own tradeoffs. during jobs, each with their own tradeoffs.
An alternative to using `docker build` is to [use kaniko](using_kaniko.md). An alternative to using `docker build` is to [use kaniko](using_kaniko.md).
This avoids having to execute Runner in privileged mode. This avoids having to execute Runner in privileged mode.
...@@ -61,8 +61,8 @@ GitLab Runner then executes job scripts as the `gitlab-runner` user. ...@@ -61,8 +61,8 @@ GitLab Runner then executes job scripts as the `gitlab-runner` user.
1. Install Docker Engine on server. 1. Install Docker Engine on server.
For more information how to install Docker Engine on different systems For more information how to install Docker Engine on different systems,
checkout the [Supported installations](https://docs.docker.com/engine/installation/). check out the [Supported installations](https://docs.docker.com/engine/installation/).
1. Add `gitlab-runner` user to `docker` group: 1. Add `gitlab-runner` user to `docker` group:
...@@ -118,13 +118,13 @@ not without its own challenges: ...@@ -118,13 +118,13 @@ not without its own challenges:
- When using Docker-in-Docker, each job is in a clean environment without the past - When using Docker-in-Docker, each job is in a clean environment without the past
history. Concurrent jobs work fine because every build gets its own history. Concurrent jobs work fine because every build gets its own
instance of Docker engine so they won't conflict with each other. But this instance of Docker engine so they don't conflict with each other. But this
also means that jobs can be slower because there's no caching of layers. also means that jobs can be slower because there's no caching of layers.
- By default, Docker 17.09 and higher uses `--storage-driver overlay2` which is - By default, Docker 17.09 and higher uses `--storage-driver overlay2` which is
the recommended storage driver. See [Using the overlayfs driver](#use-the-overlayfs-driver) the recommended storage driver. See [Using the overlayfs driver](#use-the-overlayfs-driver)
for details. for details.
- Since the `docker:19.03.12-dind` container and the Runner container don't share their - Since the `docker:19.03.12-dind` container and the Runner container don't share their
root filesystem, the job's working directory can be used as a mount point for root file system, the job's working directory can be used as a mount point for
child containers. For example, if you have files you want to share with a child containers. For example, if you have files you want to share with a
child container, you may create a subdirectory under `/builds/$CI_PROJECT_PATH` child container, you may create a subdirectory under `/builds/$CI_PROJECT_PATH`
and use it as your mount point (for a more thorough explanation, check [issue and use it as your mount point (for a more thorough explanation, check [issue
...@@ -143,8 +143,8 @@ An example project using this approach can be found here: <https://gitlab.com/gi ...@@ -143,8 +143,8 @@ An example project using this approach can be found here: <https://gitlab.com/gi
In the examples below, we are using Docker images tags to specify a In the examples below, we are using Docker images tags to specify a
specific version, such as `docker:19.03.12`. If tags like `docker:stable` specific version, such as `docker:19.03.12`. If tags like `docker:stable`
are used, you have no control over what version is going to be used and this are used, you have no control over what version is used. This can lead to
can lead to unpredictable behavior, especially when new versions are unpredictable behavior, especially when new versions are
released. released.
#### TLS enabled #### TLS enabled
...@@ -179,18 +179,18 @@ support this. ...@@ -179,18 +179,18 @@ support this.
--docker-volumes "/certs/client" --docker-volumes "/certs/client"
``` ```
The above command will register a new Runner to use the special The above command registers a new Runner to use the special
`docker:19.03.12` image, which is provided by Docker. **Notice that it's `docker:19.03.12` image, which is provided by Docker. **Notice that it's
using the `privileged` mode to start the build and service using the `privileged` mode to start the build and service
containers.** If you want to use [Docker-in-Docker](https://www.docker.com/blog/docker-can-now-run-within-docker/) mode, you always containers.** If you want to use [Docker-in-Docker](https://www.docker.com/blog/docker-can-now-run-within-docker/) mode, you always
have to use `privileged = true` in your Docker containers. have to use `privileged = true` in your Docker containers.
This will also mount `/certs/client` for the service and build This also mounts `/certs/client` for the service and build
container, which is needed for the Docker client to use the container, which is needed for the Docker client to use the
certificates inside of that directory. For more information how certificates inside of that directory. For more information on how
Docker with TLS works check <https://hub.docker.com/_/docker/#tls>. Docker with TLS works, check <https://hub.docker.com/_/docker/#tls>.
The above command will create a `config.toml` entry similar to this: The above command creates a `config.toml` entry similar to this:
```toml ```toml
[[runners]] [[runners]]
...@@ -215,7 +215,7 @@ support this. ...@@ -215,7 +215,7 @@ support this.
image: docker:19.03.12 image: docker:19.03.12
variables: variables:
# When using dind service, we need to instruct docker, to talk with # When using dind service, we need to instruct docker to talk with
# the daemon started inside of the service. The daemon is available # the daemon started inside of the service. The daemon is available
# with a network connection instead of the default # with a network connection instead of the default
# /var/run/docker.sock socket. Docker 19.03 does this automatically # /var/run/docker.sock socket. Docker 19.03 does this automatically
...@@ -337,13 +337,13 @@ In order to do that, follow the steps: ...@@ -337,13 +337,13 @@ In order to do that, follow the steps:
--docker-volumes /var/run/docker.sock:/var/run/docker.sock --docker-volumes /var/run/docker.sock:/var/run/docker.sock
``` ```
The above command will register a new Runner to use the special The above command registers a new Runner to use the special
`docker:19.03.12` image which is provided by Docker. **Notice that it's using `docker:19.03.12` image which is provided by Docker. **Notice that it's using
the Docker daemon of the Runner itself, and any containers spawned by Docker the Docker daemon of the Runner itself, and any containers spawned by Docker
commands will be siblings of the Runner rather than children of the Runner.** commands are siblings of the Runner rather than children of the Runner.**
This may have complications and limitations that are unsuitable for your workflow. This may have complications and limitations that are unsuitable for your workflow.
The above command will create a `config.toml` entry similar to this: The above command creates a `config.toml` entry similar to this:
```toml ```toml
[[runners]] [[runners]]
...@@ -387,7 +387,7 @@ aware of the following implications: ...@@ -387,7 +387,7 @@ aware of the following implications:
containers. containers.
- Concurrent jobs may not work; if your tests - Concurrent jobs may not work; if your tests
create containers with specific names, they may conflict with each other. create containers with specific names, they may conflict with each other.
- Sharing files and directories from the source repo into containers may not - Sharing files and directories from the source repository into containers may not
work as expected since volume mounting is done in the context of the host work as expected since volume mounting is done in the context of the host
machine, not the build container. For example: machine, not the build container. For example:
...@@ -397,7 +397,7 @@ aware of the following implications: ...@@ -397,7 +397,7 @@ aware of the following implications:
## Making Docker-in-Docker builds faster with Docker layer caching ## Making Docker-in-Docker builds faster with Docker layer caching
When using Docker-in-Docker, Docker will download all layers of your image every When using Docker-in-Docker, Docker downloads all layers of your image every
time you create a build. Recent versions of Docker (Docker 1.13 and above) can time you create a build. Recent versions of Docker (Docker 1.13 and above) can
use a pre-existing image as a cache during the `docker build` step, considerably use a pre-existing image as a cache during the `docker build` step, considerably
speeding up the build process. speeding up the build process.
...@@ -504,7 +504,7 @@ environment variable in the ...@@ -504,7 +504,7 @@ environment variable in the
environment = ["DOCKER_DRIVER=overlay2"] environment = ["DOCKER_DRIVER=overlay2"]
``` ```
If you're running multiple Runners you will have to modify all configuration files. If you're running multiple Runners, you have to modify all configuration files.
NOTE: **Note:** NOTE: **Note:**
Read more about the [Runner configuration](https://docs.gitlab.com/runner/configuration/) Read more about the [Runner configuration](https://docs.gitlab.com/runner/configuration/)
...@@ -523,7 +523,7 @@ This is a common error when you are using ...@@ -523,7 +523,7 @@ This is a common error when you are using
[Docker in Docker](#use-docker-in-docker-workflow-with-docker-executor) [Docker in Docker](#use-docker-in-docker-workflow-with-docker-executor)
v19.03 or higher. v19.03 or higher.
This occurs because Docker starts on TLS automatically, so you need to do some set up. This occurs because Docker starts on TLS automatically, so you need to do some setup.
If: If:
- This is the first time setting it up, carefully read - This is the first time setting it up, carefully read
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment