Is the docker daemon running? dind

So I’m having a problem with using dind to build images with gitlab.
My runner is on kubernetes k8s cluster. The helm chart values.yml file content is this:

gitlabUrl: https://REDACTED
certsSecretName: gitlab-runner-ca
concurrent: 10
check_interval: 1
log_level: "debug"
rbac:
  create: true
  clusterWideAccess: true
  serviceAccountName: gitlab-runner
  rules:
    - resources: ["configmaps", "pods", "pods/attach", "secrets", "services"]
      verbs: ["get", "list", "watch", "create", "patch", "delete"]
    - resources: ["secrets"]
      verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
    - resources: ["serviceAccounts"]
      verbs: ["get"]
    - apiGroups: [""]
      resources: ["pods/exec"]
      verbs: ["create", "patch", "delete"]
runners:
  secret: gitlab-runner-secret
  config: |
    [[runners]]
      name = "Kubernetes GitLab Runner"
      executor = "kubernetes"
      shell = "bash"
      [runners.kubernetes]
        namespace = "gitlab-runner"
        terminationGracePeriodSeconds = 5
        privileged = true
        allow_privilege_escalation = true
        image = "alpine"
        helper_image = "gitlab/gitlab-runner-helper:ubuntu-x86_64-latest"
        ca_file = "gitlab-runner-ca"
      [[runners.kubernetes.volumes.secret]]
        name = "gitlab-runner-ca"
        mount_path = "/etc/gitlab-runner/certs/"
      [[runners.kubernetes.volumes.host_path]]
        name = "docker"
        mount_path = "/var/run/docker.sock"
        read_only = true
        host_path = "/var/run/docker.sock"

my pipeline ci cd code is this:

variables:
  DOCKER_HOST: tcp://docker:2375 # also tried localhost here
  DOCKER_DRIVER: overlay2
docker-build:
  image: docker:23.0.6
  stage: build
  services:
    - docker:23.0.6-dind
  before_script:
    - docker --version
    - until docker info; do sleep 1; done
  script:
    - echo "Hello"

and the infamous error I get is this:

Client:
4650 Context:    default
4651 Debug Mode: false
4652 Plugins:
4653  buildx: Docker Buildx (Docker Inc.)
4654    Version:  v0.11.1
4655    Path:     /usr/local/libexec/docker/cli-plugins/docker-buildx
4656  compose: Docker Compose (Docker Inc.)
4657    Version:  v2.20.0
4658    Path:     /usr/local/libexec/docker/cli-plugins/docker-compose
4659Server:
4660ERROR: Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
4661errors pretty printing info

Any help will be much appreciated

It looks like you’re telling the docker client to connect to the docker daemon at TCP host docker:2375 but you’re mounting the docker socket as a file at /var/run/docker.sock
In this case try not setting DOCKER_HOST since the default is for docker to look for the socket

Here is a working example for me (on kubernetes executor)

docker_build_job:
  image: docker:23.0.2-alpine3.17
  services:
    - docker:23.0.2-dind-alpine3.17
  stage: build
  before_script:
    - until docker info; do sleep 1; done;
  script: 
      - docker build .
  retry:
    max: 2
    # specify retry on certain conditions
    # see https://docs.gitlab.com/ee/ci/yaml/index.html#retrywhen
    when:
      - runner_system_failure
      - stuck_or_timeout_failure   

I’ve tried that as well, I’ve tested even not mounting the socket and use the DOCKER_HOST only still the same error

I"ve tested those versions as well still the same error. Mind sharing your values.yaml? Could I be doing something wrong there :thinking:

So the answer was between the two answers. What I’ve done:
values.yml

gitlabUrl: https://REDACTED
certsSecretName: gitlab-runner-ca
concurrent: 10
check_interval: 1
log_level: "debug"
rbac:
  create: true
  clusterWideAccess: true
  serviceAccountName: gitlab-runner
  rules:
    - resources: ["configmaps", "pods", "pods/attach", "secrets", "services"]
      verbs: ["get", "list", "watch", "create", "patch", "delete"]
    - resources: ["secrets"]
      verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
    - resources: ["serviceAccounts"]
      verbs: ["get"]
    - apiGroups: [""]
      resources: ["pods/exec"]
      verbs: ["create", "patch", "delete"]
runners:
  secret: gitlab-runner-secret
  config: |
    [[runners]]
      name = "Kubernetes GitLab Runner"
      executor = "kubernetes"
      shell = "bash"
      [runners.kubernetes]
        namespace = "gitlab-runner"
        terminationGracePeriodSeconds = 5
        privileged = true
        allow_privilege_escalation = true
        image = "alpine"
        ca_file = "gitlab-runner-ca"
      [[runners.kubernetes.volumes.secret]]
        name = "gitlab-runner-ca"
        mount_path = "/etc/gitlab-runner/certs/"

pipeline:

variables:
  DOCKER_TLS_CERTDIR: ""
  DOCKER_HOST: tcp://docker:2375
  DOCKER_DRIVER: overlay2
docker-build:
  image: docker:23.0.2-alpine3.17
  services:
    - docker:23.0.2-dind-alpine3.17
  stage: build
  before_script:
    - docker --version
    - until docker info; do sleep 1; done
  script:
    - echo "Hello"

Many thanks to @c.vandesande and @sjoukedv

2 Likes

Glad you got it working! FYI there’s a few solutions that work, I don’t think anyone is better than the other. One bug I encountered is that the dockerd service is often not ready by the time the jobs starts resulting in a failure, so I added a sleep timer.

This little pre_build_script looks to see if the “docker” command is in the build image, and if so, runs docker version up to 10 times. (Returns false if dockerd is not ready). Usually dockerd is up after 2-3 seconds, but randomly sometimes it takes more than 6 seconds

  config: |
    [[runners]]
      pre_build_script = '''
         # Docker is accessed via unix socket on k8s runners
         unset DOCKER_HOST
         unset DOCKER_CERT_PATH
         unset DOCKER_TLS_VERIFY

         # If docker CLI exists wait for dockerd to start
         if command -v docker &> /dev/null; then
           i=1; while [ $i -le 10 ]; do
             echo "docker command found, waiting for dockerd service $i/10..."
             docker version &> /dev/null && break
             sleep 1
             if [ $i -eq 10 ]; then
               echo "WARNING docker cli detected but dockerd service not found, continuing build..."
             fi
             i=$(( i + 1 ))
           done
         fi
      '''
2 Likes