ConfigurationDocker-in-Docker
Docker-in-Docker (dind) means:
- You should register a
Docker executororKubernetes executor - Executors use docker images to run your CI/CD jobs
refer toDocker-in-Docker with TLS disabled in the Docker executor
Identity Authentication
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
CI_REGISTRY_USER 、CI_REGISTRY_PASSWORDandCI_REGISTRYAll CI/CD variables
refer to:Authenticate with the Container Registry
Gitlab Runner Configuration
[root@localhost test]# cat /etc/gitlab-runner/
[[runners]]
....
[]
tls_verify = false
privileged = true
image = "docker:20.10.16"
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
extra_hosts = [":your-gitlab-instance-host"]
Build and push images to the mirror library
[root@localhost opt]# cat .
stages:
- build
build-image:
stage: build
image: docker:20.10.16
services:
- name: docker:20.10.16-dind
command: ["--insecure-registry", ""]
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
DOCKER_HOST: tcp://docker:2375
DOCKER_TLS_CERTDIR: ""
before_script:
- docker info
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build --pull -t $IMAGE_TAG .
- docker push $IMAGE_TAG
Mirroring using the image library
[root@localhost opt]# cat .
stages:
- test
# before_script: docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
format:
stage: test
image: /group/project:tag
variables:
CGO_ENABLED: 1
script:
- go fmt $(go list ./... | grep -v /vendor/)
- go vet $(go list ./... | grep -v /vendor/)
- go test -race $(go list ./... | grep -v /vendor/)
Troubleshooting
docker: Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
The reason is that Docker daemon failed to start. Please check whether the docker executor is configured correctly and whether the CI/CD variable is configured.DOCKER_HOSTandDOCKER_TLS_CERTDIR
refer toDocker-in-Docker with TLS disabled in the Docker executor
Error response from daemon: Get "/v2/": dial tcp: lookup on 192.168.40.190:53: no such host
The reason is that it is used in the job executiondocker-in-docker(dind)Run a wayDocker daemon,thisdocker daemonNo hosting/etc/hostsfile, instead, the defaultDNSThe server resolves the required domain name. So when trying to log inhour,DNSUnable to resolve this name, resulting in an error
Solution:Docker runnerAdd extrahostsMapping
[[runners]]
....
[]
....
extra_hosts = [":your-gitlab-instance-host"]
Error response from daemon: Get "/v2/": x509: certificate is not valid for any names, but wanted to match
The reason isDocker daemonUnable to verify self-signed SSL certificates in the mirror repository
Solution: Add this image repository todind serviceofinsecure-registriesIn the list
By mounting configuration files
[root@localhost opt]# cat /opt/
{
"insecure-registries": [""]
}
[root@localhost opt]# cat /etc/gitlab-runner/
[[runners]]
....
[]
....
volumes = ["/opt/:/etc/docker/:ro"]
passGitLab RunnerHow to configure
[[runners]]
...
executor = "docker"
[]
...
privileged = true
[[]]
name = "docker:20.10.16-dind"
command = ["--insecure-registry", ""]
passCLI flagWay
[root@localhost opt]# cat .
build-image:
stage: build
image: docker:20.10.16
services:
- name: docker:20.10.16-dind
command: ["--insecure-registry", ""]
Additional: Using container image library in CLI
# Log in
docker login
# Build a mirror
docker build -t /group/project .
# Push mirror
docker push /group/projectReference Documents
Build and push container images to the Container Registry
Use Docker to build Docker images