Skip to content

Chart lacking for dind / privileged setup

TL;DR: Having CI to build containers in K8s has currently bad UX because there are no docs on how to achieve it without several hacks and polluting client config

I have been trying to get to work dind with the set up of the chart but I have failed in several ways in the process.

The documentation is extremely lacking in this regard.

https://docs.gitlab.com/runner/executors/kubernetes.html#using-dockerdind

Points you to the documentation of dind for docker executor, but that reference is not easy to apply to the kubernetes executor.

https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-workflow-with-docker-executor

I have tried to understand how you bring to gitlab-runner up to supply my own config.toml (because of the documentation applied in the previous link) but I have been surprised by the amount of hacks and workarounds present in the helm chart (referring to /scripts/ and everything around it), and had to drop that approach.

Would it be possible to:

a) Have a How-To guide specifically set for this usecase, which I assume is not straightforward?

b) Explain how are we supposed to map the certificates from the dind service container into the ci container within the same pod, and make all this process transparent to the user? This is mentioned in the docs but doesn't seem possible.

The setup I have arrived to is:

  1. in the helm chart set privileged=true
  2. in the .gitlab-ci.yaml set the following config:
variables:
  DOCKER_HOST: tcp://localhost:2735/
services:
  - name: docker:dind
    entrypoint:
      - dockerd
      - -H tcp://127.0.0.1:2735

I'm not sure on what's the best option, but I would advocate to do this either transparent to the end user, or crystal clear documented.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information