Cannot use dind with runner on macOS with docker decktop

GitLab CI/CD
,
1

Failling to run a dind job on macos

I am using :

  • docker-desktop: 4.25.0 (126437)
  • gitlab-runner:
    Version: 16.5.0
    Git revision: 853330f9
    Git branch: 16-5-stable
    GO version: go1.21.3
    Built: 2023-10-20T15:50:13+00:00
    OS/Arch: darwin/arm64
  • mac os : 13.5 (22G74)

Using the following .gitlab-ci.yml :

.docker:
  image: docker:${DOCKER_VERSION}
  services:
    - docker:${DOCKER_VERSION}-dind
  before_script:
    - docker info
  variables:
    # See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-in-docker-with-tls-enabled-in-the-docker-executor
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_VERIFY: "1"
    DOCKER_TLS_CERTDIR: "/certs"
    DOCKER_CERT_PATH: "${DOCKER_TLS_CERTDIR}/client"
    DOCKER_DRIVER: overlay2
    DOCKER_VERSION: "24.0.7"

stages:
  - release

release-job:
  stage: release
  extends: [.docker]

  variables:
    GIT_DEPTH: 0

  script: |
    docker run --rm --privileged \
      -v $PWD:/go/src/https://gitlab.cloud.xx.com/XXX/tooling-for-helm\
      -w /go/src/https://gitlab.cloud.xx.com/XXX/tooling-for-helm \
      -v /var/run/docker.sock:/var/run/docker.sock \
      -e http_proxy \
      -e https_proxy \
      -e GITLAB_TOKEN \
      goreleaser/goreleaser release --clean

goreleaser:
  stage: release
  extends: [.dagger]
  script:
    - dagger run go run ci/main.go

My runner is configured this way ~/.gitlab-runner/config.toml :

concurrent = 1
check_interval = 0
shutdown_timeout = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "XXX"
  url = "https://gitlab.cloud.xx.com/"
  id = 95942
  token = "XXXXXXXXX"
  token_obtained_at = 2023-11-06T15:19:44Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "docker"
  [runners.cache]
    MaxUploadedArchiveSize = 0
  [runners.docker]
    tls_verify = false
    image = "docker:24.0.7"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/certs/client", "/cache"]
    shm_size = 0
    network_mtu = 0

I am using gitlab-ci-local --version : 4.45.1
with node --version: v20.8.1

when I do gitlab-ci-local release-job

parsing and downloads finished in 32 ms
release-job  starting docker:24.0.7 (release)
release-job  copied to docker volumes in 448 ms
Error: Command failed with exit code 1: docker create --interactive --network gitlab-ci-local-364170 --user 0:0 --network-alias=docker -e CERTIFICATE_CONTENT -e CERTIFICATE_FILE -e https_proxy -e http_proxy -e no_proxy -e GOLANG_VERSION -e GORELEASER_VERSION -e DOCKER_HOST -e DOCKER_TLS_VERIFY -e DOCKER_TLS_CERTDIR -e DOCKER_CERT_PATH -e DOCKER_DRIVER -e DOCKER_VERSION -e GIT_DEPTH -e GITLAB_USER_LOGIN -e GITLAB_USER_EMAIL -e GITLAB_USER_NAME -e GITLAB_USER_ID -e CI_COMMIT_SHORT_SHA -e CI_COMMIT_SHA -e CI_PROJECT_NAME -e CI_PROJECT_TITLE -e CI_PROJECT_PATH -e CI_PROJECT_PATH_SLUG -e CI_PROJECT_NAMESPACE -e CI_PROJECT_VISIBILITY -e CI_PROJECT_ID -e CI_COMMIT_REF_PROTECTED -e CI_COMMIT_BRANCH -e CI_COMMIT_REF_NAME -e CI_COMMIT_REF_SLUG -e CI_COMMIT_TITLE -e CI_COMMIT_MESSAGE -e CI_COMMIT_DESCRIPTION -e CI_PIPELINE_SOURCE -e CI_SERVER_HOST -e CI_SERVER_PORT -e CI_SERVER_URL -e CI_SERVER_PROTOCOL -e CI_API_V4_URL -e CI_PROJECT_URL -e GITLAB_CI -e CI_JOB_ID -e CI_PIPELINE_ID -e CI_PIPELINE_IID -e CI_JOB_NAME -e CI_JOB_NAME_SLUG -e CI_JOB_STAGE -e CI_PROJECT_DIR -e CI_JOB_URL -e CI_PIPELINE_URL -e CI_ENVIRONMENT_NAME -e CI_ENVIRONMENT_SLUG -e CI_ENVIRONMENT_URL -e CI_NODE_INDEX -e CI_NODE_TOTAL -e CI_REGISTRY -e CI_REGISTRY_IMAGE --volume gcl-release-job-364170-build:/gcl-builds --volume gcl-release-job-364170-tmp:/tmp/gitlab-ci-local-file-variables-tooling-for-helm-364170 docker:24.0.7-dind
unable to resolve docker endpoint: open /certs/client/ca.pem: no such file or directory
    at makeError (/opt/homebrew/Cellar/gitlab-ci-local/4.45.1/libexec/lib/node_modules/gitlab-ci-local/node_modules/execa/lib/error.js:60:11)
    at handlePromise (/opt/homebrew/Cellar/gitlab-ci-local/4.45.1/libexec/lib/node_modules/gitlab-ci-local/node_modules/execa/index.js:118:26)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at Job.startService (/opt/homebrew/Cellar/gitlab-ci-local/4.45.1/libexec/lib/node_modules/gitlab-ci-local/src/job.ts:1063:39)
    at /opt/homebrew/Cellar/gitlab-ci-local/4.45.1/libexec/lib/node_modules/gitlab-ci-local/src/job.ts:447:48
    at async Promise.all (index 0)
    at Job.start (/opt/homebrew/Cellar/gitlab-ci-local/4.45.1/libexec/lib/node_modules/gitlab-ci-local/src/job.ts:443:13)
    at /opt/homebrew/Cellar/gitlab-ci-local/4.45.1/libexec/lib/node_modules/gitlab-ci-local/node_modules/p-map/index.js:57:22

I’ve seen the documentationUse Docker to build Docker images but this doesn’t seems to be applicable for MacOs.

How can I solve this issue open /certs/client/ca.pem: no such file or directory I need to point to some certificate at some point but I do not know how to do that with docker-desktop on MacOS.

Thanks in advance
B