Chart lacking for dind / privileged setup
TL;DR: Having CI to build containers in K8s has currently bad UX because there are no docs on how to achieve it without several hacks and polluting client config
I have been trying to get to work dind with the set up of the chart but I have failed in several ways in the process.
The documentation is extremely lacking in this regard.
https://docs.gitlab.com/runner/executors/kubernetes.html#using-dockerdind
Points you to the documentation of dind for docker executor, but that reference is not easy to apply to the kubernetes executor.
I have tried to understand how you bring to gitlab-runner up to supply my own config.toml (because of the documentation applied in the previous link) but I have been surprised by the amount of hacks and workarounds present in the helm chart (referring to /scripts/ and everything around it), and had to drop that approach.
Would it be possible to:
a) Have a How-To guide specifically set for this usecase, which I assume is not straightforward?
b) Explain how are we supposed to map the certificates from the dind service container into the ci container within the same pod, and make all this process transparent to the user? This is mentioned in the docs but doesn't seem possible.
The setup I have arrived to is:
- in the helm chart set privileged=true
- in the
.gitlab-ci.yamlset the following config:
variables:
DOCKER_HOST: tcp://localhost:2735/
services:
- name: docker:dind
entrypoint:
- dockerd
- -H tcp://127.0.0.1:2735I'm not sure on what's the best option, but I would advocate to do this either transparent to the end user, or crystal clear documented.