Make docker: privileged a first class option

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Well, we use docker:dind often, and in multiple situations.

This is great, but also it is very executor dependent, ex.:

1. Docker Executor uses links, so you have to connect to tcp://docker:2356,
2. Kubernetes Executor uses sibling containers, so you have to connect to tcp://localhost:2356,
3. Shell Executor usually allows accessing docker.sock,

This makes it super confusing and not very portable. Another factor is that this is not very performant, as docker:dind by default makes you to create separate volume.

Lets make it easy and lets make Runner to be clever to optimise Docker workflow:

build:
  script:
    - docker login ...
    - docker build ...
    - docker tag ...
    - docker push
  docker: build|privileged

This would introduce a docker: build or docker: privileged that would replace services: [docker:dind], variables: DOCKER_DRIVER: overlay2, instead Runner would be responsible on creating a Docker Engine and creating a wiring.

The hint is to optimize the usage, as if done right in docker: build we could allow that workflow always, without privileged mode.

In the first implementation the docker: privileged would be only implemented that would require privileged mode (as today). docker: privileged would set-up sibling container for docker: dind, but also would inject proper DOCKER_HOST into build container, removing the need for manually supporting Kubernetes and Docker.

Next, we would introduce caching mechanism for docker:dind. We could also make docker: build to be safe, uber fast as it would use host docker engine.