如何从在本地Kubernetes实例上运行的jenkins映像访问docker

时间:2019-02-07 15:01:34

标签: docker jenkins kubernetes

我的Macintosh计算机上运行的是Kubernetes,我正在尝试运行Jenkins映像,该映像可以连接到内部docker系统,然后启动更多docker映像,以便能够在其上运行作业。到目前为止,我还没有开始工作,我希望有人能够提供帮助。

我正在运行的docker版本是:

  1. Docker Desktop 2.0.0.0-mac81(29211)稳定
  2. 引擎10.09.0
  3. Kubernetes v1.10.3

    • 我从从tar文件安装docker到实际使用apt-get
    • 我还尝试将Jenkins用户添加到通过apt-get安装docker时创建的docker组中。

我的Docker文件

FROM jenkins/jenkins:lts

USER root

RUN apt-get update \
    && apt-get install -y \
    maven \
    vim \
    libunwind8 \
    gettext \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg2 \
    software-properties-common

RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN add-apt-repository \
    "deb [arch=amd64] https://download.docker.com/linux/debian \
    $(lsb_release -cs) \
    stable"
RUN apt-get update -qq \
    && apt-get install docker-ce -y

USER jenkins

和我的deployment.yml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: jenkins
  namespace: deployment-tools
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      containers:
        - name: jenkins
          image: my/jenkins
          imagePullPolicy: Never
          env:
            - name: JAVA_OPTS
              value: -Djenkins.install.runSetupWizard=false
          ports:
            - name: http-port
              containerPort: 8080
            - name: jnlp-port
              containerPort: 50000
          volumeMounts:
            - name: jenkins-home
              mountPath: /var/jenkins_home
            - name: docker-socket
              mountPath: /var/run/docker.sock
      securityContext:
      # Specify fsGroup for pod, so that the persistent volume is writable for the non-privileged uid/gid 1000
        runAsUser: 1000
        fsGroup: 1000
      volumes:
        - name: jenkins-home
          hostPath:
            path: /Users/myUser/links/code/jenkins/filesystem
            type: Directory
        - name: docker-socket
          hostPath:
            path: /var/run/docker.sock
            type: File

我当前正在尝试通过挂载本地文件系统docker套接字来访问子系统,但这给了我这个错误:

myUser@mymac jenkins (master) $ kubectl exec -it jenkins-78689b8786-rjqf6 --namespace=deployment-tools -- /bin/bash
jenkins@jenkins-78689b8786-rjqf6:/$ docker images list
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/images/json?filters=%7B%22reference%22%3A%7B%22list%22%3Atrue%7D%7D: dial unix /var/run/docker.sock: connect: permission denied

并且我期望它不会抛出错误并返回我在计算机上安装的docker映像的列表。

0 个答案:

没有答案