Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
3f89e30d
Commit
3f89e30d
authored
Aug 09, 2020
by
Deanna Thompson
Committed by
Amy Qualls
Aug 09, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update using_docker_build.md
parent
cffdb14e
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
20 additions
and
20 deletions
+20
-20
doc/ci/docker/using_docker_build.md
doc/ci/docker/using_docker_build.md
+20
-20
No files found.
doc/ci/docker/using_docker_build.md
View file @
3f89e30d
...
...
@@ -32,7 +32,7 @@ during jobs.
## Runner Configuration
There are three methods to enable the use of
`docker build`
and
`docker run`
during jobs
;
each with their own tradeoffs.
during jobs
,
each with their own tradeoffs.
An alternative to using
`docker build`
is to
[
use kaniko
](
using_kaniko.md
)
.
This avoids having to execute Runner in privileged mode.
...
...
@@ -61,8 +61,8 @@ GitLab Runner then executes job scripts as the `gitlab-runner` user.
1.
Install Docker Engine on server.
For more information how to install Docker Engine on different systems
checkout the
[
Supported installations
](
https://docs.docker.com/engine/installation/
)
.
For more information how to install Docker Engine on different systems
,
check
out the
[
Supported installations
](
https://docs.docker.com/engine/installation/
)
.
1.
Add
`gitlab-runner`
user to
`docker`
group:
...
...
@@ -118,13 +118,13 @@ not without its own challenges:
-
When using Docker-in-Docker, each job is in a clean environment without the past
history. Concurrent jobs work fine because every build gets its own
instance of Docker engine so they
w
on't conflict with each other. But this
instance of Docker engine so they
d
on't conflict with each other. But this
also means that jobs can be slower because there's no caching of layers.
-
By default, Docker 17.09 and higher uses
`--storage-driver overlay2`
which is
the recommended storage driver. See
[
Using the overlayfs driver
](
#use-the-overlayfs-driver
)
for details.
-
Since the
`docker:19.03.12-dind`
container and the Runner container don't share their
root filesystem, the job's working directory can be used as a mount point for
root file
system, the job's working directory can be used as a mount point for
child containers. For example, if you have files you want to share with a
child container, you may create a subdirectory under
`/builds/$CI_PROJECT_PATH`
and use it as your mount point (for a more thorough explanation, check
[
issue
...
...
@@ -143,8 +143,8 @@ An example project using this approach can be found here: <https://gitlab.com/gi
In the examples below, we are using Docker images tags to specify a
specific version, such as
`docker:19.03.12`
. If tags like
`docker:stable`
are used, you have no control over what version is
going to be used and this
can lead to
unpredictable behavior, especially when new versions are
are used, you have no control over what version is
used. This can lead to
unpredictable behavior, especially when new versions are
released.
#### TLS enabled
...
...
@@ -179,18 +179,18 @@ support this.
--docker-volumes
"/certs/client"
```
The above command
will register
a new Runner to use the special
The above command
registers
a new Runner to use the special
`docker:19.03.12`
image, which is provided by Docker.
**
Notice that it's
using the
`privileged`
mode to start the build and service
containers.
**
If you want to use
[
Docker-in-Docker
](
https://www.docker.com/blog/docker-can-now-run-within-docker/
)
mode, you always
have to use
`privileged = true`
in your Docker containers.
This
will also mount
`/certs/client`
for the service and build
This
also mounts
`/certs/client`
for the service and build
container, which is needed for the Docker client to use the
certificates inside of that directory. For more information how
Docker with TLS works check
<https://hub.docker.com/_/docker/#tls>
.
certificates inside of that directory. For more information
on
how
Docker with TLS works
,
check
<https://hub.docker.com/_/docker/#tls>
.
The above command
will create
a
`config.toml`
entry similar to this:
The above command
creates
a
`config.toml`
entry similar to this:
```
toml
[[runners]]
...
...
@@ -215,7 +215,7 @@ support this.
image
:
docker:19.03.12
variables
:
# When using dind service, we need to instruct docker
,
to talk with
# When using dind service, we need to instruct docker to talk with
# the daemon started inside of the service. The daemon is available
# with a network connection instead of the default
# /var/run/docker.sock socket. Docker 19.03 does this automatically
...
...
@@ -337,13 +337,13 @@ In order to do that, follow the steps:
--docker-volumes
/var/run/docker.sock:/var/run/docker.sock
```
The above command
will register
a new Runner to use the special
The above command
registers
a new Runner to use the special
`docker:19.03.12`
image which is provided by Docker.
**
Notice that it's using
the Docker daemon of the Runner itself, and any containers spawned by Docker
commands
will b
e siblings of the Runner rather than children of the Runner.
**
commands
ar
e siblings of the Runner rather than children of the Runner.
**
This may have complications and limitations that are unsuitable for your workflow.
The above command
will create
a
`config.toml`
entry similar to this:
The above command
creates
a
`config.toml`
entry similar to this:
```
toml
[[runners]]
...
...
@@ -387,7 +387,7 @@ aware of the following implications:
containers.
-
Concurrent jobs may not work; if your tests
create containers with specific names, they may conflict with each other.
-
Sharing files and directories from the source repo into containers may not
-
Sharing files and directories from the source repo
sitory
into containers may not
work as expected since volume mounting is done in the context of the host
machine, not the build container. For example:
...
...
@@ -397,7 +397,7 @@ aware of the following implications:
## Making Docker-in-Docker builds faster with Docker layer caching
When using Docker-in-Docker, Docker
will download
all layers of your image every
When using Docker-in-Docker, Docker
downloads
all layers of your image every
time you create a build. Recent versions of Docker (Docker 1.13 and above) can
use a pre-existing image as a cache during the
`docker build`
step, considerably
speeding up the build process.
...
...
@@ -504,7 +504,7 @@ environment variable in the
environment
=
["DOCKER_DRIVER=overlay2"]
```
If you're running multiple Runners
you will
have to modify all configuration files.
If you're running multiple Runners
, you
have to modify all configuration files.
NOTE:
**Note:**
Read more about the
[
Runner configuration
](
https://docs.gitlab.com/runner/configuration/
)
...
...
@@ -523,7 +523,7 @@ This is a common error when you are using
[
Docker in Docker
](
#use-docker-in-docker-workflow-with-docker-executor
)
v19.03 or higher.
This occurs because Docker starts on TLS automatically, so you need to do some set
up.
This occurs because Docker starts on TLS automatically, so you need to do some setup.
If:
-
This is the first time setting it up, carefully read
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment