Container scanning job fails with docker networking error on K8s Runner
Summary
When a pipeline is run on an Auto DevOps enabled project created from the NodeJS Express template the container_scanning
job in Auto DevOps will fail with the error message below:
error during connect: Post http://docker:2375/v1.39/auth: dial tcp: lookup docker on 10.0.0.10:53: no such host
Steps to reproduce
- Create a new project on GitLab.com using the NodeJS Express template in a namespace that has
Gold
features. - Create a Kubernetes cluster on GKE through the
Operations -> Kubernetes
section of the project with all default values. - Install Helm Tiller, Ingress, Cert Manager, and GitLab Runner and provide a base domain to the cluster.
- Disable shared runners on the project.
- Enable Auto DevOps and pick a deployment scheme, default was used in the example.
- Run a pipeline.
- Observe the error message in the summary in the job log for the
container_scanning
job that has failed.
Example Project
Replicated in this project.
What is the current bug behavior?
That an error occurs in the container_scanning
job before the appropriate artifact can be uploaded, which would cause the job to pass.
What is the expected correct behavior?
That a connection would be able to be made allowing the gl-container-scanning-report.json
file to be located and uploaded as an artifact, allowing the job to pass.
Relevant logs and/or screenshots
Full output of the job log for a failed container_scanning
job. Link here.
Running with gitlab-runner 11.9.0 (692ae235)
on runner-gitlab-runner-6d7b8b484d-h9pwn HcgxUgsa
Using Kubernetes namespace: gitlab-managed-apps
Using Kubernetes executor with image docker:stable ...
Waiting for pod gitlab-managed-apps/runner-hcgxugsa-project-12137269-concurrent-26gqx4 to be running, status is Pending
Waiting for pod gitlab-managed-apps/runner-hcgxugsa-project-12137269-concurrent-26gqx4 to be running, status is Pending
Running on runner-hcgxugsa-project-12137269-concurrent-26gqx4 via runner-gitlab-runner-6d7b8b484d-h9pwn...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ [[ "$TRACE" ]] && set -x # collapsed multi-line command
$ if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then { export DOCKER_SERVICE="localhost" ; export DOCKER_HOST="tcp://${DOCKER_SERVICE}:2375" ; } fi
$ if [[ -n "$CI_REGISTRY_USER" ]]; then # collapsed multi-line command
Logging to GitLab Container Registry with CI credentials...
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
error during connect: Post http://docker:2375/v1.39/auth: dial tcp: lookup docker on 10.51.240.10:53: no such host
Uploading artifacts...
WARNING: gl-container-scanning-report.json: no matching files
ERROR: No files to upload
ERROR: Job failed: command terminated with exit code 1
Output of checks
This bug happens on GitLab.com: 11.10.4-ee
ZD: https://gitlab.zendesk.com/agent/tickets/119966 (Internal)
Edited by Tristan