GitLab CI runner can't connect to unix:///var/run/docker.sock in kubernetes

GitLab’s running in kubernetes cluster. Runner can’t build docker image with build artifacts. I’ve already tried several approaches to fix this, but no luck. Here are some configs snippets:

.gitlab-ci.yml

image: docker:latest
services:
  - docker:dind

variables:
  DOCKER_DRIVER: overlay

stages:
  - build
  - package
  - deploy

maven-build:
  image: maven:3-jdk-8
  stage: build
  script: "mvn package -B --settings settings.xml"
  artifacts:
    paths:
      - target/*.jar

docker-build:
  stage: package
  script:
  - docker build -t gitlab.my.com/group/app .
  - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN gitlab.my.com/group/app
  - docker push gitlab.my.com/group/app

config.toml

concurrent = 1
check_interval = 0

[[runners]]
  name = "app"
  url = "https://gitlab.my.com/ci"
  token = "xxxxxxxx"
  executor = "kubernetes"
  [runners.kubernetes]
    privileged = true
    disable_cache = true

Package stage log:

running with gitlab-ci-multi-runner 1.11.1 (a67a225)
  on app runner (6265c5)
Using Kubernetes namespace: default
Using Kubernetes executor with image docker:latest ...
Waiting for pod default/runner-6265c5-project-4-concurrent-0h9lg9 to be running, status is Pending
Waiting for pod default/runner-6265c5-project-4-concurrent-0h9lg9 to be running, status is Pending
Running on runner-6265c5-project-4-concurrent-0h9lg9 via gitlab-runner-3748496643-k31tf...
Cloning repository...
Cloning into '/group/app'...
Checking out 10d5a680 as master...
Skipping Git submodules setup
Downloading artifacts for maven-build (61)...
Downloading artifacts from coordinator... ok        id=61 responseStatus=200 OK token=ciihgfd3W
$ docker build -t gitlab.my.com/group/app .
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
ERROR: Job failed: error executing remote command: command terminated with non-zero exit code: Error executing in Docker Container: 1

What am I doing wrong? Thanks in advance, comrades.

Found an answer to my question & posted it here.

1 Like

Thanks for ur tips. I followed the exact same steps and ended up with this error - what could i be missing ? One difference is that i was forced to specify privileged = false or else it complains while executing the running with this error message
“privileged: Forbidden: disallowed by policy”

Gitlab 8.16 – installed as a pod within the kubernetes cluster

Running with gitlab-ci-multi-runner 1.11.1 (a67a225)
on gitlab-docker-runner (6cbb0e78)
Using Kubernetes namespace: default
Using Kubernetes executor with image docker:latest …
Waiting for pod default/runner-6cbb0e78-project-3-concurrent-0q4s6b to be running, status is Pending
Waiting for pod default/runner-6cbb0e78-project-3-concurrent-0q4s6b to be running, status is Pending

Skipping Git submodules setup
$ docker build -t registry.gitlab.com/marcolenzo/actuator-sample .
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
ERROR: Job failed: error executing remote command: command terminated with non-zero exit code: Error executing in Docker Container: 1


Output of : kubectl logs -f kubectl get pod |awk '/^runner/{print $1}' -c svc-0

mount: mounting none on /sys/kernel/security failed: Permission denied
Could not mount /sys/kernel/security.
AppArmor detection and --privileged mode might break.
mount: permission denied (are you root?)

@d.ansimov were able to solve the problem of re-building docker images from scratch every time?

Like, if I pull the ruby image twice, it should only download once.