Can't run Docker inside a TeamCity agent

Answered

The current configuration of our TeamCity 2021.1.1 project has Docker build steps, so it's necessary that Docker is up and running inside an agent.

We run TeamCity on Kubernetes using this Helm Chart as an example: https://github.com/gfleury/teamcity-helm-chart, but we added the

securityContext:
runAsUser: 0

parameter to the agent-deployment.yaml inside the container specification to allow the container to run as a root.

However, when I get inside the container and try to start the Docker daemon using the dockerd command, I get this long log along with the error at the end

root@cloud-template-60553:/# dockerd
INFO[2021-07-23T06:06:40.383285083Z] Starting up
WARN[2021-07-23T06:06:40.383849490Z] Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior dir=/var/lib/docker error="could not setup daemon root propagation to shared: remount /var/lib/docker, flags: 0x100000: permission denied"
INFO[2021-07-23T06:06:40.384856902Z] libcontainerd: started new containerd process pid=584
INFO[2021-07-23T06:06:40.384897203Z] parsed scheme: "unix" module=grpc
INFO[2021-07-23T06:06:40.384911803Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2021-07-23T06:06:40.384934403Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>} module=grpc
INFO[2021-07-23T06:06:40.384944103Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2021-07-23T06:06:40.582531952Z] starting containerd revision=7ad184331fa3e55e52b890ea95e65ba581ae3429 version=1.2.13
ERRO[2021-07-23T06:06:40.582639453Z] failed to change OOM score to -500 error="write /proc/584/oom_score_adj: permission denied"
INFO[2021-07-23T06:06:40.582923857Z] loading plugin "io.containerd.content.v1.content"... type=io.containerd.content.v1
INFO[2021-07-23T06:06:40.582965557Z] loading plugin "io.containerd.snapshotter.v1.btrfs"... type=io.containerd.snapshotter.v1
WARN[2021-07-23T06:06:40.583348862Z] failed to load plugin io.containerd.snapshotter.v1.btrfs error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
INFO[2021-07-23T06:06:40.583381062Z] loading plugin "io.containerd.snapshotter.v1.aufs"... type=io.containerd.snapshotter.v1
WARN[2021-07-23T06:06:40.583449563Z] failed to load plugin io.containerd.snapshotter.v1.aufs error="modprobe aufs failed: "": exec: "modprobe": executable file not found in $PATH"
INFO[2021-07-23T06:06:40.583467963Z] loading plugin "io.containerd.snapshotter.v1.native"... type=io.containerd.snapshotter.v1
INFO[2021-07-23T06:06:40.583498763Z] loading plugin "io.containerd.snapshotter.v1.overlayfs"... type=io.containerd.snapshotter.v1
INFO[2021-07-23T06:06:40.583602365Z] loading plugin "io.containerd.snapshotter.v1.zfs"... type=io.containerd.snapshotter.v1
INFO[2021-07-23T06:06:40.583863668Z] skip loading plugin "io.containerd.snapshotter.v1.zfs"... type=io.containerd.snapshotter.v1
INFO[2021-07-23T06:06:40.583879268Z] loading plugin "io.containerd.metadata.v1.bolt"... type=io.containerd.metadata.v1
WARN[2021-07-23T06:06:40.583898168Z] could not use snapshotter zfs in metadata plugin error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin"
WARN[2021-07-23T06:06:40.583911568Z] could not use snapshotter btrfs in metadata plugin error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
WARN[2021-07-23T06:06:40.583924569Z] could not use snapshotter aufs in metadata plugin error="modprobe aufs failed: "": exec: "modprobe": executable file not found in $PATH"
INFO[2021-07-23T06:06:40.584017270Z] loading plugin "io.containerd.differ.v1.walking"... type=io.containerd.differ.v1
INFO[2021-07-23T06:06:40.584039870Z] loading plugin "io.containerd.gc.v1.scheduler"... type=io.containerd.gc.v1
INFO[2021-07-23T06:06:40.584093771Z] loading plugin "io.containerd.service.v1.containers-service"... type=io.containerd.service.v1
INFO[2021-07-23T06:06:40.584114271Z] loading plugin "io.containerd.service.v1.content-service"... type=io.containerd.service.v1
INFO[2021-07-23T06:06:40.584132771Z] loading plugin "io.containerd.service.v1.diff-service"... type=io.containerd.service.v1
INFO[2021-07-23T06:06:40.584157471Z] loading plugin "io.containerd.service.v1.images-service"... type=io.containerd.service.v1
INFO[2021-07-23T06:06:40.584174871Z] loading plugin "io.containerd.service.v1.leases-service"... type=io.containerd.service.v1
INFO[2021-07-23T06:06:40.584189572Z] loading plugin "io.containerd.service.v1.namespaces-service"... type=io.containerd.service.v1
INFO[2021-07-23T06:06:40.584204072Z] loading plugin "io.containerd.service.v1.snapshots-service"... type=io.containerd.service.v1
INFO[2021-07-23T06:06:40.584222972Z] loading plugin "io.containerd.runtime.v1.linux"... type=io.containerd.runtime.v1
INFO[2021-07-23T06:06:40.584332073Z] loading plugin "io.containerd.runtime.v2.task"... type=io.containerd.runtime.v2
INFO[2021-07-23T06:06:40.584398974Z] loading plugin "io.containerd.monitor.v1.cgroups"... type=io.containerd.monitor.v1
INFO[2021-07-23T06:06:40.584766879Z] loading plugin "io.containerd.service.v1.tasks-service"... type=io.containerd.service.v1
INFO[2021-07-23T06:06:40.584792979Z] loading plugin "io.containerd.internal.v1.restart"... type=io.containerd.internal.v1
INFO[2021-07-23T06:06:40.584846079Z] loading plugin "io.containerd.grpc.v1.containers"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.584867180Z] loading plugin "io.containerd.grpc.v1.content"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.584881380Z] loading plugin "io.containerd.grpc.v1.diff"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.584901280Z] loading plugin "io.containerd.grpc.v1.events"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.584918880Z] loading plugin "io.containerd.grpc.v1.healthcheck"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.584938081Z] loading plugin "io.containerd.grpc.v1.images"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.584956581Z] loading plugin "io.containerd.grpc.v1.leases"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.584975081Z] loading plugin "io.containerd.grpc.v1.namespaces"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.584994481Z] loading plugin "io.containerd.internal.v1.opt"... type=io.containerd.internal.v1
INFO[2021-07-23T06:06:40.585051382Z] loading plugin "io.containerd.grpc.v1.snapshots"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.585072982Z] loading plugin "io.containerd.grpc.v1.tasks"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.585087482Z] loading plugin "io.containerd.grpc.v1.version"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.585110083Z] loading plugin "io.containerd.grpc.v1.introspection"... type=io.containerd.grpc.v1
INFO[2021-07-23T06:06:40.585345185Z] serving... address="/var/run/docker/containerd/containerd-debug.sock"
INFO[2021-07-23T06:06:40.585442787Z] serving... address="/var/run/docker/containerd/containerd.sock"
INFO[2021-07-23T06:06:40.585512087Z] containerd successfully booted in 0.003645s
INFO[2021-07-23T06:06:40.681169024Z] parsed scheme: "unix" module=grpc
INFO[2021-07-23T06:06:40.681203725Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2021-07-23T06:06:40.681231325Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>} module=grpc
INFO[2021-07-23T06:06:40.681250725Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2021-07-23T06:06:40.681991134Z] parsed scheme: "unix" module=grpc
INFO[2021-07-23T06:06:40.682012934Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2021-07-23T06:06:40.682036435Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>} module=grpc
INFO[2021-07-23T06:06:40.682050235Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2021-07-23T06:06:40.683178248Z] [graphdriver] using prior storage driver: aufs
WARN[2021-07-23T06:06:40.683210249Z] [graphdriver] WARNING: the aufs storage-driver is deprecated, and will be removed in a future release
WARN[2021-07-23T06:06:40.692044454Z] Your kernel does not support swap memory limit
WARN[2021-07-23T06:06:40.692059754Z] Your kernel does not support cgroup rt period
WARN[2021-07-23T06:06:40.692072154Z] Your kernel does not support cgroup rt runtime
WARN[2021-07-23T06:06:40.692083654Z] Your kernel does not support cgroup blkio weight
WARN[2021-07-23T06:06:40.692089554Z] Your kernel does not support cgroup blkio weight_device
INFO[2021-07-23T06:06:40.692293257Z] Loading containers: start.
WARN[2021-07-23T06:06:40.779643695Z] Running iptables --wait -t nat -L -n failed with message: `iptables v1.6.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.`, error: exit status 3
INFO[2021-07-23T06:06:40.883831340Z] stopping event stream following graceful shutdown error="<nil>" module=libcontainerd namespace=moby
INFO[2021-07-23T06:06:40.884351447Z] stopping healthcheck following graceful shutdown module=libcontainerd
INFO[2021-07-23T06:06:40.884358547Z] stopping event stream following graceful shutdown error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)

And when I run the whoami command inside the container, I get this output

root@cloud-template-60554:/# whoami
root

I saw similar problems with running Docker inside a TeamCity agent discussed here:
(1) https://teamcity-support.jetbrains.com/hc/en-us/community/posts/360008299559-docker-server-version-doesnt-exist-for-official-agent-image-2020-1,
(2) https://stackoverflow.com/questions/55631068/teamcity-build-wont-run-until-build-agents-is-configured-with-docker/55633988
but we're using Kubernetes Deployments, so I don't know how to apply the required changes to the deployment yaml file because I'm new to Docker and Kubernetes.

I've also tried creating a custom pod as specified in this discussion: https://teamcity-support.jetbrains.com/hc/en-us/community/posts/360003164340-TeamCity-Kubernetes-Support-Plugin-Agents-that-can-run-Docker-daemon?input_string=Can%27t%20run%20Docker%20inside%20a%20TeamCity%20agent

I've got the following pod yaml file

apiVersion: v1
kind: Pod
metadata:
labels:
app: teamcity-agent
spec:
restartPolicy: Never
securityContext:
runAsUser: 0
fsGroup: 1000
containers:
- name: teamcity-agent
image: jetbrains/teamcity-agent
resources:
limits:
memory: "2Gi"
securityContext:
allowPrivilegeEscalation: false
env:
- name: DOCKER_IN_DOCKER
value: start

However, running dockerd inside the custom-pod gives the following error:

root@custom-pod-387:/# dockerd
INFO[2021-07-23T08:20:54.083484342+01:00] Starting up
WARN[2021-07-23T08:20:54.084111850+01:00] Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior dir=/var/lib/docker error="could not setup daemon root propagation to shared: remount /var/lib/docker, flags: 0x100000: permission denied"
INFO[2021-07-23T08:20:54.085257165+01:00] libcontainerd: started new containerd process pid=967
INFO[2021-07-23T08:20:54.085341466+01:00] parsed scheme: "unix" module=grpc
INFO[2021-07-23T08:20:54.085364766+01:00] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2021-07-23T08:20:54.085392967+01:00] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>} module=grpc
INFO[2021-07-23T08:20:54.085406867+01:00] ClientConn switching balancer to "pick_first" module=grpc
INFO[2021-07-23T08:20:54.112068614+01:00] starting containerd revision=7ad184331fa3e55e52b890ea95e65ba581ae3429 version=1.2.13
ERRO[2021-07-23T08:20:54.112210416+01:00] failed to change OOM score to -500 error="write /proc/967/oom_score_adj: permission denied"
INFO[2021-07-23T08:20:54.112481220+01:00] loading plugin "io.containerd.content.v1.content"... type=io.containerd.content.v1
INFO[2021-07-23T08:20:54.112581121+01:00] loading plugin "io.containerd.snapshotter.v1.btrfs"... type=io.containerd.snapshotter.v1
WARN[2021-07-23T08:20:54.112895525+01:00] failed to load plugin io.containerd.snapshotter.v1.btrfs error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
INFO[2021-07-23T08:20:54.112917325+01:00] loading plugin "io.containerd.snapshotter.v1.aufs"... type=io.containerd.snapshotter.v1
WARN[2021-07-23T08:20:54.114615648+01:00] failed to load plugin io.containerd.snapshotter.v1.aufs error="modprobe aufs failed: "modprobe: FATAL: Module aufs not found in directory /lib/modules/5.4.0-1046-azure\n": exit status 1"
INFO[2021-07-23T08:20:54.114633648+01:00] loading plugin "io.containerd.snapshotter.v1.native"... type=io.containerd.snapshotter.v1
INFO[2021-07-23T08:20:54.114713949+01:00] loading plugin "io.containerd.snapshotter.v1.overlayfs"... type=io.containerd.snapshotter.v1
INFO[2021-07-23T08:20:54.114873351+01:00] loading plugin "io.containerd.snapshotter.v1.zfs"... type=io.containerd.snapshotter.v1
INFO[2021-07-23T08:20:54.115161255+01:00] skip loading plugin "io.containerd.snapshotter.v1.zfs"... type=io.containerd.snapshotter.v1
INFO[2021-07-23T08:20:54.115176655+01:00] loading plugin "io.containerd.metadata.v1.bolt"... type=io.containerd.metadata.v1
WARN[2021-07-23T08:20:54.115228556+01:00] could not use snapshotter zfs in metadata plugin error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin"
WARN[2021-07-23T08:20:54.115246856+01:00] could not use snapshotter btrfs in metadata plugin error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
WARN[2021-07-23T08:20:54.115265256+01:00] could not use snapshotter aufs in metadata plugin error="modprobe aufs failed: "modprobe: FATAL: Module aufs not found in directory /lib/modules/5.4.0-1046-azure\n": exit status 1"
INFO[2021-07-23T08:20:54.144643739+01:00] loading plugin "io.containerd.differ.v1.walking"... type=io.containerd.differ.v1
INFO[2021-07-23T08:20:54.144711140+01:00] loading plugin "io.containerd.gc.v1.scheduler"... type=io.containerd.gc.v1
INFO[2021-07-23T08:20:54.144832642+01:00] loading plugin "io.containerd.service.v1.containers-service"... type=io.containerd.service.v1
INFO[2021-07-23T08:20:54.144897742+01:00] loading plugin "io.containerd.service.v1.content-service"... type=io.containerd.service.v1
INFO[2021-07-23T08:20:54.144957443+01:00] loading plugin "io.containerd.service.v1.diff-service"... type=io.containerd.service.v1
INFO[2021-07-23T08:20:54.145012444+01:00] loading plugin "io.containerd.service.v1.images-service"... type=io.containerd.service.v1
INFO[2021-07-23T08:20:54.145062045+01:00] loading plugin "io.containerd.service.v1.leases-service"... type=io.containerd.service.v1
INFO[2021-07-23T08:20:54.145111545+01:00] loading plugin "io.containerd.service.v1.namespaces-service"... type=io.containerd.service.v1
INFO[2021-07-23T08:20:54.145174346+01:00] loading plugin "io.containerd.service.v1.snapshots-service"... type=io.containerd.service.v1
INFO[2021-07-23T08:20:54.145224947+01:00] loading plugin "io.containerd.runtime.v1.linux"... type=io.containerd.runtime.v1
INFO[2021-07-23T08:20:54.145502550+01:00] loading plugin "io.containerd.runtime.v2.task"... type=io.containerd.runtime.v2
INFO[2021-07-23T08:20:54.145652652+01:00] loading plugin "io.containerd.monitor.v1.cgroups"... type=io.containerd.monitor.v1
INFO[2021-07-23T08:20:54.146182759+01:00] loading plugin "io.containerd.service.v1.tasks-service"... type=io.containerd.service.v1
INFO[2021-07-23T08:20:54.146221360+01:00] loading plugin "io.containerd.internal.v1.restart"... type=io.containerd.internal.v1
INFO[2021-07-23T08:20:54.146287461+01:00] loading plugin "io.containerd.grpc.v1.containers"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146310961+01:00] loading plugin "io.containerd.grpc.v1.content"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146335261+01:00] loading plugin "io.containerd.grpc.v1.diff"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146358261+01:00] loading plugin "io.containerd.grpc.v1.events"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146397662+01:00] loading plugin "io.containerd.grpc.v1.healthcheck"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146433262+01:00] loading plugin "io.containerd.grpc.v1.images"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146460263+01:00] loading plugin "io.containerd.grpc.v1.leases"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146488463+01:00] loading plugin "io.containerd.grpc.v1.namespaces"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146507163+01:00] loading plugin "io.containerd.internal.v1.opt"... type=io.containerd.internal.v1
INFO[2021-07-23T08:20:54.146705166+01:00] loading plugin "io.containerd.grpc.v1.snapshots"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146732866+01:00] loading plugin "io.containerd.grpc.v1.tasks"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146751067+01:00] loading plugin "io.containerd.grpc.v1.version"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.146770267+01:00] loading plugin "io.containerd.grpc.v1.introspection"... type=io.containerd.grpc.v1
INFO[2021-07-23T08:20:54.147097871+01:00] serving... address="/var/run/docker/containerd/containerd-debug.sock"
INFO[2021-07-23T08:20:54.147176072+01:00] serving... address="/var/run/docker/containerd/containerd.sock"
INFO[2021-07-23T08:20:54.147201772+01:00] containerd successfully booted in 0.035830s
INFO[2021-07-23T08:20:54.159594434+01:00] parsed scheme: "unix" module=grpc
INFO[2021-07-23T08:20:54.159632035+01:00] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2021-07-23T08:20:54.159658835+01:00] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>} module=grpc
INFO[2021-07-23T08:20:54.159680435+01:00] ClientConn switching balancer to "pick_first" module=grpc
INFO[2021-07-23T08:20:54.163023579+01:00] parsed scheme: "unix" module=grpc
INFO[2021-07-23T08:20:54.163053379+01:00] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2021-07-23T08:20:54.163106480+01:00] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>} module=grpc
INFO[2021-07-23T08:20:54.163134480+01:00] ClientConn switching balancer to "pick_first" module=grpc
ERRO[2021-07-23T08:20:54.164866903+01:00] failed to mount overlay: permission denied storage-driver=overlay2
WARN[2021-07-23T08:20:54.167933243+01:00] [graphdriver] WARNING: the aufs storage-driver is deprecated, and will be removed in a future release
WARN[2021-07-23T08:20:54.219970121+01:00] Your kernel does not support swap memory limit
WARN[2021-07-23T08:20:54.219993222+01:00] Your kernel does not support cgroup rt period
WARN[2021-07-23T08:20:54.220003322+01:00] Your kernel does not support cgroup rt runtime
WARN[2021-07-23T08:20:54.220022422+01:00] Your kernel does not support cgroup blkio weight
WARN[2021-07-23T08:20:54.220033522+01:00] Your kernel does not support cgroup blkio weight_device
INFO[2021-07-23T08:20:54.220245125+01:00] Loading containers: start.
WARN[2021-07-23T08:20:54.221842946+01:00] Running iptables --wait -t nat -L -n failed with message: `iptables v1.8.4 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.`, error: exit status 3
INFO[2021-07-23T08:20:54.240937695+01:00] stopping event stream following graceful shutdown error="<nil>" module=libcontainerd namespace=moby
INFO[2021-07-23T08:20:54.241556403+01:00] stopping healthcheck following graceful shutdown module=libcontainerd
INFO[2021-07-23T08:20:54.241588603+01:00] stopping event stream following graceful shutdown error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.4 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)

And the whoami command also returns that the user is a root.

Could you please help me with running Docker inside the agent? If I need to provide further details, please let me know

2 comments
Comment actions Permalink

Are there any updates on the current issue?

0
Comment actions Permalink

When running a Docker container where the Docker service is required within the container, you must run it as root (which you are already doing) or use the linux-sudo tag. Additionally, you must run it with the --privileged flag like:

docker run -it -e SERVER_URL="<url to TeamCity server>" \
-v <path to agent config folder>:/data/teamcity_agent/conf \
-v docker_volumes:/var/lib/docker \
--privileged -e DOCKER_IN_DOCKER=start \
jetbrains/teamcity-agent

In Kubernetes, it looks like you would need to add this to your pod yaml:

securityContext:
  privileged: true

It is also recommended to use the jetbrains/teamcity-agent:linux-sudo image, which allows for sudo access, rather than running the container as root. There is additional Docker image information regarding this use-case located on the Docker hub page here: https://hub.docker.com/r/jetbrains/teamcity-agent. It doesn't look like we have much information covering the specifics Kubernetes at this point, but I'll see if I can get some more information documented for your case.

We do have a feature request that you may be interested in for easy Kubernetes setup, TW-51891. Please take a look and, if you'd find it useful, vote to show your interest. We use the information on our YouTrack site to determine which features are included in future releases.

0

Please sign in to leave a comment.