0

I'm running Jenkins helm on GKE standard cluster with Container-Optimized OS with Docker (cos) image.

I'm running jenkins agent with docker installed and jenkins user added to docker group. I'm mounting /var/run/docker.sock as volume .. also tried t run with UID 1000.

-v /var/run/docker.sock:/var/run/docker.sock

But still getting dial unix /var/run/docker.sock: connect: permission denied ?! Any idea what I'm missing here ?

Nurhun
  • 475
  • 1
  • 9
  • 21
  • Have you enabled docker ? – again Oct 21 '21 at 21:30
  • 2
    this might give some idea https://estl.tech/accessing-docker-from-a-kubernetes-pod-68996709c04b but based on your scenario i think it will not be allowed by gke security may I know what target do you want to achieve by running docker in docker? – Yuyanto Oct 22 '21 at 08:21
  • @again On the host you mean ? If yes, then the answer is yes as I'm using the Container-Optimized OS with Docker (cos) image. – Nurhun Oct 23 '21 at 01:16
  • @Yuyanto that's exactly what I figured out .. running the agent with 412 GID made it work! The scenario is to run Jenkins agents as executors to run docker commands in pipeline. – Nurhun Oct 23 '21 at 01:17
  • @Nurhun you might need to check kaniko https://github.com/GoogleContainerTools/kaniko – Yuyanto Oct 23 '21 at 02:58

1 Answers1

0

In addition to @again comment, below are possible reasons to look for regarding pemission denied error:

  • Docker is not installed on host
  • UID 1000 does not have permission to /var/run/docker.sock (try to chmod 777 the file temporarily and reduce permssion as needed)
  • Check Host and Container docker ID, must have the same UID

Also, you can refer on related links below for possible answers.

Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

Run Docker as jenkins-agent, in a docker-container, as non-root user

Use docker inside docker with jenkins user #263

docker.sock permission denied

JaysonM
  • 596
  • 1
  • 10
  • This's all working if you have control on host machines .. here, the problem is you don't have this privilege on VMs managed by google kubernetes engine GKE – Nurhun Oct 23 '21 at 01:22