0

Am trying to create a self-hosted runner for Github actions on Kubernetes. As a first step was trying with the docker file as below:

FROM ubuntu:18.04

# set the github runner version
ARG RUNNER_VERSION="2.283.1"

# update the base packages and add a non-sudo user
RUN apt-get update -y && apt-get upgrade -y && useradd -m docker
RUN useradd -r -g docker nonroot
# install python and the packages the your code depends on along with jq so we can parse JSON
# add additional packages as necessary
RUN apt-get install -y curl jq build-essential libssl-dev apt-transport-https ca-certificates curl software-properties-common

# install docker
RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
    && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" \
    && apt update \
    && apt-cache policy docker-ce \
    && apt install docker-ce -y

ENV TINI_VERSION v0.19.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
RUN chmod +x /tini
RUN usermod -aG docker nonroot
USER nonroot
# set the entrypoint to the start.sh script
ENTRYPOINT ["/tini", "--"]
CMD ["/bin/bash"]

After doing a build, I run the container with the below command:

 docker run -v /var/run/docker.sock:/var/run/docker.sock -it srunner

When i try to pull image, I get the below error:

nonroot@0be0cdccb29b:/$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
nonroot@0be0cdccb29b:/$

Please advise if there is a possible way to run docker as non-root inside a docker container.

Sunil
  • 553
  • 1
  • 12
  • 30
  • This is on Kubernetes so I'm no sure but I had similar case on VM on Azure DevOps selft hosted agent and [these steps solved the issue](https://stackoverflow.com/a/69162259/2347999) – Krzysztof Madej Sep 24 '21 at 12:03
  • It works good for me on Compute Engine ( VM on GCP ) @KrzysztofMadej. But I would like to take it to Kubernetes – Sunil Sep 24 '21 at 16:07
  • Have you tried this? https://techoverflow.net/2017/03/01/solving-docker-permission-denied-while-trying-to-connect-to-the-docker-daemon-socket/ – Sergiusz Sep 27 '21 at 13:04
  • Yes, I have tried – Sunil Sep 28 '21 at 04:31

2 Answers2

1

Instead of using sockets, there is also a way to connect to outer docker, from docker in container, over TCP.

Linux example:

Run ifconfig, it will print the docker's network interface that is created when you install docker on a host node. Its usually named docker0, note down the IP address of this interface.

Now, modify the /etc/docker/daemon.json and add thistcp://IP:2375 to the hosts section. Restart docker service.

Run containers with extra option: --add-host=host.docker.internal:host-gateway

Inside any such container, the address tcp://host.docker.internal:2375 now points to the outside docker engine.

S.D.
  • 29,290
  • 3
  • 79
  • 130
  • Thanks SD, but the plan is to run the same as Kubernetes deployment. In that case it may not be possible to modify the settings on the fly – Sunil Sep 25 '21 at 05:46
0

Try adding your username to the docker group as suggested here.
Additionally, you should check your kernel compatibility.

Sergiusz
  • 1,175
  • 4
  • 13
  • Will check the same – Sunil Sep 30 '21 at 11:50
  • 1
    @WytrzymałyWiktor Yes, I used DIND container to achieve the same and was able to use Github hosted runners in Kubernetes. Links for your reference. `https://sanderknape.com/2020/03/self-hosted-github-actions-runner-kubernetes/` `https://github.com/sokube/github-k8s-runner` – Sunil Oct 11 '21 at 10:33