Ensure TLS is disabled with `dind` service in Code Quality template
What does this MR do and why?
The Code Quality job template does everything it can to run the
Docker-in-Docker image (dind
) without TLS. However, previously it
did not set DOCKER_TLS_VERIFY
. A runner might inadvertently enable
TLS by specifying the default environment
config:
[[runners]]
environment = [
# Docker
"DOCKER_HOST=tcp://docker:2376",
"DOCKER_TLS_VERIFY=1",
"DOCKER_TLS_CERTDIR=/docker/certs",
"DOCKER_CERT_PATH=/docker/certs/client",
"DOCKER_DRIVER=overlay2",
]
To ensure TLS is disabled for the dind
service, set the DOCKER_TLS_VERIFY
flag to blank. Also clear DOCKER_CERT_PATH
just in case.
This was discovered in gitlab-com/gl-infra/delivery#19684 (closed).
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Stan Hu