Skip to content

GitLab Next

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
G
GitLab Runner
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 100
    • Issues 100
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge Requests 53
    • Merge Requests 53
  • Requirements
    • Requirements
    • List
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Security & Compliance
    • Security & Compliance
    • Dependency List
    • License Compliance
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • GitLab.org
  • charts
  • GitLab Runner
  • Issues
  • #151

Closed
Open
Opened Mar 23, 2020 by Javier Domingo Cansino@txomon

Chart lacking for dind / privileged setup

TL;DR: Having CI to build containers in K8s has currently bad UX because there are no docs on how to achieve it without several hacks and polluting client config

I have been trying to get to work dind with the set up of the chart but I have failed in several ways in the process.

The documentation is extremely lacking in this regard.

https://docs.gitlab.com/runner/executors/kubernetes.html#using-dockerdind

Points you to the documentation of dind for docker executor, but that reference is not easy to apply to the kubernetes executor.

https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-workflow-with-docker-executor

I have tried to understand how you bring to gitlab-runner up to supply my own config.toml (because of the documentation applied in the previous link) but I have been surprised by the amount of hacks and workarounds present in the helm chart (referring to /scripts/ and everything around it), and had to drop that approach.

Would it be possible to:

a) Have a How-To guide specifically set for this usecase, which I assume is not straightforward?

b) Explain how are we supposed to map the certificates from the dind service container into the ci container within the same pod, and make all this process transparent to the user? This is mentioned in the docs but doesn't seem possible.

The setup I have arrived to is:

  1. in the helm chart set privileged=true
  2. in the .gitlab-ci.yaml set the following config:
variables:
  DOCKER_HOST: tcp://localhost:2735/
services:
  - name: docker:dind
    entrypoint:
      - dockerd
      - -H tcp://127.0.0.1:2735

I'm not sure on what's the best option, but I would advocate to do this either transparent to the end user, or crystal clear documented.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: gitlab-org/charts/gitlab-runner#151