silly-spring-87100
12/30/2021, 1:06 PM./pants pacakge
Unfortunately docker:dind
image (we are using it curentlly) is not compatible with pants:
• alpine linux
• missing python
What image would you use, to build and push docker images with pants
inside CI container?curved-television-6568
12/30/2021, 1:23 PMBefore running Docker-in-Docker, be sure to read through Jérôme Petazzoni's excellent blog post on the subject, where he outlines some of the pros and cons of doing so (and some nasty gotchas you might run into).
If you are still convinced that you need Docker-in-Docker and not just access to a container’s host Docker server, then read on.And at the end of that linked blog post:
The socket solution
Let’s take a step back here. Do you really want Docker-in-Docker? Or do you just want to be able to run Docker (specifically: build, run, sometimes push containers and images) from your CI system, while this CI system itself is in a container?
I’m going to bet that most people want the latter. All you want is a solution so that your CI system like Jenkins can start containers.
And the simplest way is to just expose the Docker socket to your CI container, by bind-mounting it with theflag.-v
Simply put, when you start your CI container (Jenkins or other), instead of hacking something together with Docker-in-Docker, start it with:
docker run -v /var/run/docker.sock:/var/run/docker.sock ...
Now this container will have access to the Docker socket, and will therefore be able to start containers. Except that instead of starting “child” containers, it will start “sibling” containers.
Try it out, using theofficial image (which contains the Docker binary):docker
docker run -v /var/run/docker.sock:/var/run/docker.sock \
-ti docker
This looks like Docker-in-Docker, feels like Docker-in-Docker, but it’s not Docker-in-Docker: when this container will create more containers, those containers will be created in the top-level Docker. You will not experience nesting side effects, and the build cache will be shared across multiple invocations.So, have you looked at the possibility to use the hosts docker daemon, rather than to run a docker daemon inside a container?
curved-television-6568
12/30/2021, 1:26 PMflat-zoo-31952
12/30/2021, 2:39 PM--privileged
etc). This is probably acceptable for many circumstances, but if you're doing something like running PRs from strangers on owned infra, be really carefulcurved-television-6568
12/30/2021, 2:54 PMflat-zoo-31952
12/30/2021, 3:24 PMflat-zoo-31952
12/30/2021, 3:25 PM