GitLab在kubernetes集群中运行。 Runner无法使用构建工件构建docker镜像。我已经尝试了几种方法来解决这个问题,但没有运气。以下是一些配置片段:
.gitlab-ci.yml
image: docker:latest
services:
- docker:dind
variables:
DOCKER_DRIVER: overlay
stages:
- build
- package
- deploy
maven-build:
image: maven:3-jdk-8
stage: build
script: "mvn package -B --settings settings.xml"
artifacts:
paths:
- target/*.jar
docker-build:
stage: package
script:
- docker build -t gitlab.my.com/group/app .
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN gitlab.my.com/group/app
- docker push gitlab.my.com/group/app
config.toml
concurrent = 1
check_interval = 0
[[runners]]
name = "app"
url = "https://gitlab.my.com/ci"
token = "xxxxxxxx"
executor = "kubernetes"
[runners.kubernetes]
privileged = true
disable_cache = true
包阶段日志:
running with gitlab-ci-multi-runner 1.11.1 (a67a225)
on app runner (6265c5)
Using Kubernetes namespace: default
Using Kubernetes executor with image docker:latest ...
Waiting for pod default/runner-6265c5-project-4-concurrent-0h9lg9 to be running, status is Pending
Waiting for pod default/runner-6265c5-project-4-concurrent-0h9lg9 to be running, status is Pending
Running on runner-6265c5-project-4-concurrent-0h9lg9 via gitlab-runner-3748496643-k31tf...
Cloning repository...
Cloning into '/group/app'...
Checking out 10d5a680 as master...
Skipping Git submodules setup
Downloading artifacts for maven-build (61)...
Downloading artifacts from coordinator... ok id=61 responseStatus=200 OK token=ciihgfd3W
$ docker build -t gitlab.my.com/group/app .
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
ERROR: Job failed: error executing remote command: command terminated with non-zero exit code: Error executing in Docker Container: 1
我做错了什么?
答案 0 :(得分:16)
不需要使用它:
DOCKER_DRIVER: overlay
因为似乎不支持OVERLAY,所以svc-0容器无法启动它:
$ kubectl logs -f `kubectl get pod |awk '/^runner/{print $1}'` -c svc-0
time="2017-03-20T11:19:01.954769661Z" level=warning msg="[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]"
time="2017-03-20T11:19:01.955720778Z" level=info msg="libcontainerd: new containerd process, pid: 20"
time="2017-03-20T11:19:02.958659668Z" level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded."
另外,将export DOCKER_HOST="tcp://localhost:2375"添加到docker-build:
docker-build:
stage: package
script:
- export DOCKER_HOST="tcp://localhost:2375"
- docker build -t gitlab.my.com/group/app .
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN gitlab.my.com/group/app
- docker push gitlab.my.com/group/app
答案 1 :(得分:9)
使用Kubernetes时,您必须调整Build图像以连接Docker引擎。
添加到您的构建图片:
DOCKER_HOST=tcp://localhost:2375
来自文档的引用:
运行docker:dind也称为docker-in-docker图像 可能但遗憾的是需要容器以特权模式运行。 如果您愿意冒这个风险,可能会出现其他问题 乍一看似乎很直白。因为docker守护程序已启动 作为通常在.gitlab-ci.yaml中的服务,它将作为单独运行 容器在你的pod中。基本上,容器中的容器仅共享分配的卷 他们和他们可以使用localhost相互联系的IP地址。 /var/run/docker.sock不是由docker共享的:dind容器和docker 二进制文件默认尝试使用它。要覆盖它并使客户端使用tcp 要联系另一个容器中的docker守护进程,请务必包含 DOCKER_HOST = tcp:// localhost:2375在构建容器的环境变量中。
答案 2 :(得分:1)
基于@Yarik的评论,对我有用的是
- export DOCKER_HOST=$DOCKER_PORT
没有其他答案。
答案 3 :(得分:0)
我遇到了同样的问题,我无法获得上述变通办法来为我工作(我没有尝试@fkpwolf提到的批量技巧)。
现在,GitLab通过使用Kaniko有了另一种解决方案,它确实对我有用:
在这种情况下,.gitlab-ci.yaml可能是这样的:
stages:
- build
- package
- deploy
maven-build:
image: maven:3-jdk-8
stage: build
script: "mvn package -B --settings settings.xml"
artifacts:
paths:
- target/*.jar
docker-kaniko-build:
stage: package
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- echo "{\"auths\":{\"gitlab.my.com\":{\"username\":\"gitlab-ci-token\",\"password\":\"$CI_BUILD_TOKEN\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination gitlab.my.com/group/app
在GitLab文档中提到:
kaniko使用docker-in-docker构建方法解决了两个问题:
- docker-in-docker需要特权模式才能运行,这是一个重大的安全问题。
- Docker-in-docker通常会导致性能下降,并且可能会非常慢。