can't connect to unix:///var/run/docker.sock in kubernetes
I have read https://teamcity-support.jetbrains.com/hc/en-us/community/posts/360003164340-TeamCity-Kubernetes-Support-Plugin-Agents-that-can-run-Docker-daemon?input_string=can%27t%20connect%20to%20unix%3A%2F%2F%2Fvar%2Frun%2Fdocker.sock%20in%20kubernetes. the situatin is same to me .but I'm new to k8s either .I don't know after I choose "use pod template from deployment"where to set deploymetn?
Please sign in to leave a comment.
Hi - I recently set up K8s build agent. I had to use a custom pod spec and took some notes you might find helpful:
1. Create a new namespace to deploy them in:
---
apiVersion:
v1
kind:
Namespace
metadata:
name:
teamcity-agent
---
apiVersion:
v1
kind:
ServiceAccount
metadata:
name:
teamcity-server-agent
namespace:
kube-system
---
apiVersion:
rbac.authorization.k8s.io/v1
kind:
ClusterRoleBinding
metadata:
name:
teamcity-server-agent
roleRef:
apiGroup:
rbac.authorization.k8s.io
kind:
ClusterRole
name:
cluster-admin
subjects:
- kind
:
ServiceAccount
name:
teamcity-server-agent
namespace:
kube-system
# Grab the certificate
kubectl get secret -n kube-system <secret_name> -o
'go-template={{range.items}}{{index .data "ca.crt"}} {{end}}'
| base64 --decode
# Grab the token
kubectl get secret -n kube-system <secret-name> -o
'go-template={{range.items}}{{index .data "token"}} {{end}}'
| base64 --decode
apiVersion:
v1
kind:
Pod
metadata:
name:
jetbrains-teamcity-agent
namespace:
teamcity-agent
spec:
containers:
-
name
:
jetbrains-teamcity-agent
image:
jetbrains/teamcity-agent
:
2019.2.3
env:
-
name
:
"DOCKER_IN_DOCKER"
value:
"start"
securityContext:
privileged:
true
nodeSelector:
kubernetes.io/os
:
linux
kubernetes.io/arch
:
"amd64"
thanks @Dylan Munyard I have solved that problem by add
securityContext:
fsGroup: 1000
runAsUser: 0
I have a another problem : how to avoid pulling dockerhub images again and again when pods restart.
That depends on the imagePullPolicy, you could add it to the pod spec and set it to ifexists (I'm going on memory here check doco). In term of start up time, TC agents have to download all the plug ins, from 2020.1 they're going to bundle the entire agent, I haven't confirmed it this means containers too.
@Dylan Munyard thanks very much,I don't know how your ci deploy, my teamcity isn't in k8s, It's on other host, agent is in k8s.I used your
apiVersion:
v1
kind:
Pod
metadata:
name:
jetbrains-teamcity-agent
namespace:
teamcity-agent
spec:
containers:
-
name
:
jetbrains-teamcity-agent
image:
jetbrains/teamcity-agent
:
2019.2.3
env:
-
name
:
"DOCKER_IN_DOCKER"
value:
"start"
securityContext:
privileged:
true
nodeSelector:
kubernetes.io/os
:
linux
kubernetes.io/arch
:
"amd64"
I'm trying to get result .......
by th way I also choose use custom pod template
the same question : can't find USER. the env is abnormal~~@Dylan Munyard
A special situation that : I can use docker pull when come into pods as root (set
securityContext:
fsGroup: 1000
runAsUser: 0),
but our CI project depond on non-root user to build.How to solve the yaml?thanks@Dylan Munyard
I think we should return to your original issue "can't connect to unix:///var/run/docker.sock". This kind of sounds like something is wrong with Docker, especially because it worked after you set your user to run as root. How are you running Kubernetes? I'm using EKS (Amazon) so a lot of this is set up automatically and I didn't have problems, I don't think you should have to run as root to use Docker, that reminds me of an error like this https://www.digitalocean.com/community/questions/how-to-fix-docker-got-permission-denied-while-trying-to-connect-to-the-docker-daemon-socket.
thanks a lot 。@Dylan Munyard。when I enter into pods as a non-root, execute
sudo usermod -aG docker
I need enter buildagent or root password, I don't know? Do you have good idea?@Sergey Pak