在kubernetes中，GitLab CI运行程序无法连接到unix://var/run/docker.sock

Question

GitLab在kubernetes集群运行。运行人员不能用构建工件来构建停靠者图像。我已经尝试过几种方法来解决这个问题，但没有成功。以下是一些吐露的片段：

..gitlab ci.yml

image: docker:latest
services:
  - docker:dind

variables:
  DOCKER_DRIVER: overlay

stages:
  - build
  - package
  - deploy

maven-build:
  image: maven:3-jdk-8
  stage: build
  script: "mvn package -B --settings settings.xml"
  artifacts:
    paths:
      - target/*.jar

docker-build:
  stage: package
  script:
  - docker build -t gitlab.my.com/group/app .
  - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN gitlab.my.com/group/app
  - docker push gitlab.my.com/group/app

config.toml

concurrent = 1
check_interval = 0

[[runners]]
  name = "app"
  url = "https://gitlab.my.com/ci"
  token = "xxxxxxxx"
  executor = "kubernetes"
  [runners.kubernetes]
    privileged = true
    disable_cache = true

包装阶段日志：

running with gitlab-ci-multi-runner 1.11.1 (a67a225)
  on app runner (6265c5)
Using Kubernetes namespace: default
Using Kubernetes executor with image docker:latest ...
Waiting for pod default/runner-6265c5-project-4-concurrent-0h9lg9 to be running, status is Pending
Waiting for pod default/runner-6265c5-project-4-concurrent-0h9lg9 to be running, status is Pending
Running on runner-6265c5-project-4-concurrent-0h9lg9 via gitlab-runner-3748496643-k31tf...
Cloning repository...
Cloning into '/group/app'...
Checking out 10d5a680 as master...
Skipping Git submodules setup
Downloading artifacts for maven-build (61)...
Downloading artifacts from coordinator... ok        id=61 responseStatus=200 OK token=ciihgfd3W
$ docker build -t gitlab.my.com/group/app .
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
ERROR: Job failed: error executing remote command: command terminated with non-zero exit code: Error executing in Docker Container: 1

我做错了什么？

Answer 1

不需要使用这个：

DOCKER_DRIVER: overlay

因为似乎不支持覆盖，所以svc-0容器无法从它开始：

$ kubectl logs -f `kubectl get pod |awk '/^runner/{print $1}'` -c svc-0
time="2017-03-20T11:19:01.954769661Z" level=warning msg="[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]"
time="2017-03-20T11:19:01.955720778Z" level=info msg="libcontainerd: new containerd process, pid: 20"
time="2017-03-20T11:19:02.958659668Z" level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded."

另外，将export DOCKER_HOST="tcp://localhost:2375"添加到坞构建中：

 docker-build:
  stage: package
  script:
  - export DOCKER_HOST="tcp://localhost:2375"
  - docker build -t gitlab.my.com/group/app .
  - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN gitlab.my.com/group/app
  - docker push gitlab.my.com/group/app

Answer 2

使用Kubernetes时，必须调整构建映像以连接Docker引擎。

添加到您的构建映像：

DOCKER_HOST=tcp://localhost:2375

引用文档的话：

运行码头:dind，也被称为坞内对接映像也是可能的，但遗憾的是，需要以特权模式运行容器。如果你愿意冒这个险，其他问题可能会出现，乍一看可能不那么直截了当。因为docker守护进程是作为服务启动的，通常在..gitlab ci.yaml中启动，因此它将作为一个单独的容器在您的容器中运行。基本上，豆荚中的容器只共享分配给它们的卷和IP地址，它们可以使用本地主机相互访问。/var/run/docker.sock不为docker:dind容器所共享，而对接者二进制文件默认尝试使用它。若要覆盖此操作并使客户端使用tcp与另一个容器中的docker守护进程联系，请确保在构建容器的环境变量中包含DOCKER_HOST=tcp://localhost:2375。

关于Kubernetes的Gitlab-CI

Answer 3

根据@Yarik的评论，对我起作用的是

- export DOCKER_HOST=$DOCKER_PORT

其他的答案都没有用。