Using --net=host in Tekton sidecars

Question

I am creating a tekton project which will spawn docker images which in turn will run few kubectl commands. This I have accomplished by using sidecars in tekton docker:dind image and setting

securityContext:
              privileged: true
      env:

However, one of the task is failing, since it needs to have an equivalent of --net=host in docker run example.

I have tried to set a podtemplate with hostnetwork: True, but then the task with the sidecar fails to start the docker

Any idea if I could implement --net=host in the task yaml file. It would be really helpful.

Snippet of my task with the sidecar:

sidecars:
    - image: mypvtreg:exv1
      name: mgmtserver
      args:
        - --storage-driver=vfs
        - --userland-proxy=false
          # - --net=host
      securityContext:
              privileged: true
      env:
      # Write generated certs to the path shared with the client.
      - name: DOCKER_TLS_CERTDIR
        value: /certs
      volumeMounts:
      - mountPath: /certs

Have you checked this SO topic? https://stackoverflow.com/questions/70336210/tekton-pipelines-enable-alpha-features-using-released-pipelines-yaml-without-th — Bryan L, Jan 21 '22 at 09:03
Do you need to bind on host? Why?! Using docker:dind as a sidecar, your builder container, executing in your Task steps, should connect to 127.0.0.1. That's how you would talk to your dind sidecar. Why would you want to do otherwise? — SYN, Jan 24 '22 at 19:00
Thank you. Using Sidecar did take care of the option "--net=host" when executing. — zXi, Jan 25 '22 at 09:49

score 1 · Answer 1 · answered Jan 27 '22 at 01:41

1

As commented by @SYN, Using docker:dind as a sidecar, your builder container, executing in your Task steps, should connect to 127.0.0.1. That's how you would talk to your dind sidecar.

answered Jan 27 '22 at 01:41

Bryan L

550
1
9

Using --net=host in Tekton sidecars

1 Answers1