在EKS辅助节点中运行的Pod无法访问Docker守护程序

时间:2019-05-17 22:54:51

标签: kubernetes amazon-eks

我有一个詹金斯-奴隶形象,其中我已经将詹金斯添加到码头工人组

RUN usermod -aG docker jenkins

然后我在工作中使用此图像,如下所示

podTemplate(label: 'builder-pod-startclust', cloud: 'kubernetes', containers: [
    containerTemplate(
            name: 'jnlp',
            image: "${artifact_repo}/jenkins-slave:ekslave",
            ttyEnabled: true,
            privileged: true,
            alwaysPullImage: true,
            workingDir: '/var/jenkins_home',
            resourceRequestCpu: '1000m',
            resourceRequestMemory: '1Gi',
            resourceLimitMemory: '1.1Gi',
    )
], volumes: [hostPathVolume(mountPath: '/var/run', hostPath: '/var/run')],
   annotations: [
                podAnnotation(key: 'iam.amazonaws.com/role', value: 'arn:aws:iam::XXXXXXXX:role/kube2iam-role')
        ]) { //podtemplate

但是,在jenkins-slave pod中运行docker命令(例如docker version)会遇到权限问题

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/version: dial unix /var/run/docker.sock: connect: permission denied

詹金斯大师Yaml如下

containers:
      - name: jenkins-container
        image: $artifact_repo/jenkins:latest
...

     volumeMounts:
              - mountPath: /var/run
                name: docker-sock

0 个答案:

没有答案