Docker daemon issue when using a local ecr image


We are in the process of migration to kubernetes runners and there is a strange behavior when I use our own copy of plugins/ecr image. This is a 1:1 copy from the version on dockerhub, we just keep it in our ECR repo.

The following step is used for image building and pushing:

local buildPushImage(env, tag) = {
  name: 'build_push_image_%(env)s' % { env: env},
  image: '',
  pull: 'if-not-exists',
  settings: {
    repo: '',
    registery: '',
    region: 'us-east-1',
    repository_policy: 'ecr_repository_policy.json',
    tags: [
  environment: {

This results in the classic error Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Now when I change the image URL to:

  image: 'plugins/ecr:latest',

everything works and the build is proceeding.

Should we mount that /var/run folder? I removed those lines in the k8s runner migration process and seems like it is redundant.

Any help would be appreciated,


Plugins that build and publish docker images require privileged mode in order to start a docker daemon (docker-in-docker). Drone maintains a whitelist of such plugin images that are automatically run in private mode (plugins/docker, plugins/ecr). If you are attempting to use an alternate image, it would not exist in the whitelist, and would therefore lack the permissions needed to start the Docker daemon.

You can solve this by updating the following runner environment variable, and adding your image to the whitelist:

Example above, note that the image tag must be omitted

1 Like