Jenkins using Kubernetes plugin – Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

huangapple
go评论58阅读模式
英文:

Jenkins using Kubernetes plugin - Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

问题

在Kubernetes插件上使用Jenkins,并将Jenkins作为代码。

尝试使用'docker build'时遇到以下错误:

无法连接到unix:///var/run/docker.sock的Docker守护程序。Docker守护程序是否正在运行?

  1. 我尝试挂载/var/run/docker.sock,但仍然无法工作。
  2. 我尝试使用runAsUser: root以root权限运行,但仍然无法工作。

我的Jenkins作为代码的Pod模板配置 -

  Jenkins:config:
    chart: jenkins
    namespace: default
    repo: https://charts.jenkins.io
    values:
      agent:
        enabled: true
        podTemplates:
          jenkins-slave-pod: |
            - name: jenkins-xxx-pod
              label: ecs-slave
              serviceAccount: jenkins-xxx-prod
              containers:
                - name: main
                  image: '805xxxx.dkr.ecr.us-west-2.amazonaws.com/slave:ecs-xxxx-node_master-3'
                  command: "sleep"
                  args: "30d"
                  privileged: true
                  runAsUser: root
              volumes:
                - hostPathVolume:
                    hostPath: "/var/run/docker.sock"
                    mountPath: "/var/run/docker.sock"
英文:

Using Jenkins on Kubernetes plugin and using Jenkins as a code.

I'm getting this error when trying to use 'docker build'

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

  1. I tried to mount /var/run/docker.sock.. but still not working..
  2. I tried to use runAsUser: root to run with root permissions... but still not working..

My Jenkins as a code pod template configuration -

  Jenkins:config:
    chart: jenkins
    namespace: default
    repo: https://charts.jenkins.io
    values:
      agent:
        enabled: true
        podTemplates:
          jenkins-slave-pod: |
            - name: jenkins-xxx-pod
              label: ecs-slave
              serviceAccount: jenkins-xxx-prod
              containers:
                - name: main
                  image: '805xxxx.dkr.ecr.us-west-2.amazonaws.com/slave:ecs-xxxx-node_master-3'
                  command: "sleep"
                  args: "30d"
                  privileged: true
                  runAsUser: root
              volumes:
                - hostPathVolume:
                    hostPath: "/var/run/docker.sock"
                    mountPath: "/var/run/docker.sock"

答案1

得分: 3

I assume that you are using k8s >= v1.24 where docker as runtime is not supported anymore.

I would also add that mounting docker socket is not a good practice from a security perspective.

If you want to build a container image in k8s, please use podman or kaniko.

英文:

I assume that you are using k8s >= v1.24 where docker as runtime is not supported anymore.

I would also add that mounting docker socket is not a good practice from security perspective.

If you want to build container image in k8s please use podman or kaniko.

答案2

得分: 1

有一些可能导致该错误的原因。

  1. Docker守护程序未运行。
  2. Docker没有干净地关闭。
  3. 缺乏root权限来启动Docker服务。

以下是一些您可以尝试的故障排除步骤:

  1. 使用Systemctl启动Docker服务。

  2. 使用Snap启动Docker服务。

  3. 清除“Failed Docker Pull”并启动Docker服务。

  4. 为没有root权限的用户启动Docker。

  5. 重新安装Docker。

以上信息来自Daisy编写的文档,您可以按照同样的文档获取更详细的步骤。

英文:

There are some possible reasons which cause that error.

  1. Docker daemon is not running.
  2. Docker did not shut down cleanly.
  3. Lack of root privileges to start the docker service

Here are some troubleshooting steps which you can try:

  1. Use Systemctl to Start the Docker Service.

  2. Use Snap to Start the Docker Service.

  3. Clean a "Failed Docker Pull" and Start the Docker Service.

  4. Start Docker for Users Without Root Privileges.

  5. Reinstall Docker.

The above information is derived from the document written by Daisy for more detailed steps you can follow the same document.

答案3

得分: 1

你需要将你的Jenkins代理(内含Docker客户端)连接到远程Docker守护程序,以便使Docker命令执行成功。

实现这一目标的一个选项是使用Jenkins Docker in Docker Agent,其中Docker守护程序在与Jenkins代理的容器位于同一Pod内的容器中运行,该Jenkins代理内含有Docker客户端。

additionalAgents: 
  dind:
    podName: dind-agent
    customJenkinsLabels: dind-agent
    image: dind-client-jenkins-agent
    tag: latest
    envVars:
     - name: DOCKER_HOST
       value: "tcp://localhost:2375"
    alwaysPullImage: true
    yamlTemplate:  |-  
     spec: 
         containers:
           - name: dind-daemon 
             image: docker:20.10-dind
             securityContext: 
               privileged: true
             env: 
               - name: DOCKER_TLS_VERIFY
                 value: ""

免责声明:本文作者为我。

英文:

You need to connect your jenkins agent (with docker client inside) to remote docker daemon for docker commands to succeed.

One option to achieve this is to use Jenkins Docker in Docker Agent where docker daemon runs inside a container in the same pod with a container of jenkins agent which has docker client inside it.

additionalAgents: 
  dind:
    podName: dind-agent
    customJenkinsLabels: dind-agent
    image: dind-client-jenkins-agent
    tag: latest
    envVars:
     - name: DOCKER_HOST
       value: "tcp://localhost:2375"
    alwaysPullImage: true
    yamlTemplate:  |-  
     spec: 
         containers:
           - name: dind-daemon 
             image: docker:20.10-dind
             securityContext: 
               privileged: true
             env: 
               - name: DOCKER_TLS_VERIFY
                 value: ""

Disclaimer: I wrote this article

huangapple
  • 本文由 发表于 2023年3月7日 01:50:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/75654174.html
  • containers
  • docker
  • groovy
  • jenkins
  • kubernetes
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定