I’m trying to get my Gitlab Runner working with Docker-in-Docker using TCP and TLS, but I just can not get it to work. At this point I’ve followed the official docs of how to set it up with a dind service in the ci environment and using TLS to connect to the daemon, this doesn’t work by following the docs, so I’ve tried countless (read >125 attempted) combinations of:
- Different versions of docker-xx.xx.x-dind images in the .gitlab-ci.yml
- Setting DOCKER_HOST to all kinds of tcp://docker:2375/2376/2378 tcp://localhost:2375 etc
- Setting and not setting DOCKER_TLS_CERTDIR to “/certs” and “”
- Setting the runner registration "DOCKER_HOST: “tcp://docker:2375” and not
- Setting the DOCKER_IMAGE variable of the runner registration container to all the different versions I’ve tried in .gitlab-ci.yml
- Setting DOCKER_DRIVER: overlay2 and not
At this point all I can say is that for the love of all that is holy, someone please show me a working configuration that you are actually using for running the dind service and successfully connecting to it.
My gitlab-runner register docker-compose.yml looks like this:
register1: ®ister container_name: gl-registrator-1 image: gitlab/gitlab-runner:latest environment: ®env CI_SERVER_URL: "https://gitlab.com/" REGISTRATION_TOKEN: "xxxxxxxxxxxxxxxxxxxx" REGISTER_NON_INTERACTIVE: "true" REGISTER_RUN_UNTAGGED: "true" REGISTER_LOCKED: "false" REGISTER_ACCESS_LEVEL: "not_protected" RUNNER_NAME: "gl-runner-1" RUNNER_EXECUTOR: "docker" RUNNER_TAG_LIST: "docker" DOCKER_HOST: "tcp://docker:2375" DOCKER_CERT_PATH: "/certs" DOCKER_IMAGE: "docker:19.03.1" DOCKER_PRIVILEGED: "true" DOCKER_VOLUMES: "/certs/client" RUNNER_ENV: 'DOCKER_TLS_CERTDIR="/certs"' command: register volumes: - ./config:/etc/gitlab-runner runner1: &runner container_name: gl-runner-1 image: gitlab/gitlab-runner:latest restart: unless-stopped volumes: - ./config:/etc/gitlab-runner # - /var/run/docker.sock:/var/run/docker.sock depends_on: [register1]
Which results in my config.toml:
concurrent = 1 check_interval = 0 [session_server] session_timeout = 1800 [[runners]] name = "gl-runner-1" url = "https://gitlab.com/" token = "xxxxxxxxx" executor = "docker" environment = ["DOCKER_TLS_CERTDIR=/certs"] [runners.custom_build_dir] [runners.docker] host = "tcp://docker:2375" tls_cert_path = "/certs" tls_verify = false image = "docker:19.03.1" privileged = true disable_entrypoint_overwrite = false oom_kill_disable = false disable_cache = false volumes = ["/certs/client", "/cache"] shm_size = 0 [runners.cache] [runners.cache.s3] [runners.cache.gcs]
variables: DOCKER_TLS_CERTDIR: /certs DOCKER_VERSION: "19.03.1" DOCKER_HOST: tcp://docker:2375 DOCKER_DRIVER: overlay2 # images DOCKER: docker:$DOCKER_VERSION DIND: docker:$DOCKER_VERSION-dind stages: - build build docker: image: docker:$DOCKER_VERSION services: [$DIND] stage: build before_script: - apk update && apk add curl git - curl -sL https://taskfile.dev/install.sh | sh -s -- -b /usr/bin script: - task docker:build only: refs: - branches - merge_requests tags: - docker
All of the above results in the below error, and no matter what I’ve tried to combine in the settings, it always comes back to either not being able to look up docker:NNNN or localhost:NNNN on 127.0.0.11:53.
What am I missing?