0

在 helm 安装的 GCP 上的自托管 Gitlab 上,我使用 Gitlab-runner。

在 gitlab-runner 我需要使用 docker 所以使用 dind,但我得到了错误

tcp://docker:2375。docker 守护进程是否正在运行?

gitlab-runner 部署

...
    spec:
      containers:
      - command:
        - /bin/bash
        - /scripts/entrypoint
        env:
        - name: CI_SERVER_URL
          value: https://my-gitlab.com
        - name: CLONE_URL
        - name: RUNNER_REQUEST_CONCURRENCY
          value: "1"
        - name: RUNNER_EXECUTOR
          value: kubernetes
        - name: REGISTER_LOCKED
          value: "false"
        - name: RUNNER_TAG_LIST
        - name: KUBERNETES_IMAGE
        - name: KUBERNETES_PRIVILEGED
          value: "true" # <= set privileged true to use dind
...

gitlab-ci.yaml

services:
  - docker:20.10.4-dind

stages:
    - build

variables:
    GIT_SSL_NO_VERIFY: "1"    
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ''
    DOCKER_HOST: tcp://docker:2375

image:
    name: google/cloud-sdk:latest
before_script:
  - docker version

build:
  stage: build
  script:
    - echo hello

gitlab-runner 日志

Executing "step_script" stage of the job script
00:00
$ docker version
Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
Client: Docker Engine - Community
 Version:           19.03.11
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        42e35e61f3
 Built:             Mon Jun  1 09:09:53 2020
 OS/Arch:           linux/amd64
 Experimental:      false
Cleaning up file based variables
00:00
ERROR: Job failed: command terminated with exit code 1

故障排除说这是因为 TLS。于是我设置 DOCKER_TLS_CERTDIR: '',方式写在另一个文件中。

另外,我使用docker:19.03.0-dind. 从 19.03.0-dind 开始,TLS 是自动的。所以禁用 TLS 配置必须正确工作。(docker:19.3.13-dind 也很好用。)

我不知道为什么 docker:20 会出现这个错误。有没有人已经尝试过 gitlab-runner 比 docker:20 更好?

4

1 回答 1

1

我发现我应该遵循https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-in-docker-with-tls-enabled-in-kubernetes

通俗易懂

runners:
  config: |
    [[runners]]
      [runners.kubernetes]
        image = "ubuntu:20.04"
        privileged = true
      [[runners.kubernetes.volumes.empty_dir]]
        name = "docker-certs"
        mount_path = "/certs/client"
        medium = "Memory"

gitlab-ci.yaml

services:
  - docker:20.10.4-dind

stages:
    - build

variables:
    GIT_SSL_NO_VERIFY: "1"    
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: "/certs" 
    DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"    
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_VERIFY: 1
    
image:
    name: google/cloud-sdk:latest
before_script:
  - docker version

build:
  stage: build
  script:
    - echo hello
于 2021-09-30T03:02:01.097 回答