Kubernetes runner won't build containers

binaryronin · July 18, 2021, 2:09pm

Having an issue trying to build a container using a K8s Drone setup. Both the Drone master and the Drone runner were installed with Helm charts. I’m able to run jobs, but not able to build containers. I have a pretty simple test:

---
kind: pipeline
type: kubernetes
name: build and deploy

steps:
  - name: build
    image: plugins/docker
    settings:
      repo: binaryronin/test
      tags: test
      username:
        from_secret: docker_username
      password:
        from_secret: docker_secret

But the container fails to build with an error around the docker.sock:

+ /usr/local/bin/dockerd --data-root /var/lib/docker --host=unix:///var/run/docker.sock
Detected registry credentials
+ /usr/local/bin/docker version
Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b7f0
 Built:             Wed Mar 11 01:22:56 2020
 OS/Arch:           linux/amd64
 Experimental:      false
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
time="2021-07-18T14:02:24Z" level=fatal msg="exit status 1"

As far as I understand the plugins/docker container runs a Docker daemon inside the container for the build process, so I’m confused as to why it doesn’t work.

Any help would be appreciated!

csgitharness · July 22, 2021, 10:50am

@binaryronin,

I am just checking did you get chance to review Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running

binaryronin · July 22, 2021, 3:08pm

I did some more digging and found out that the plugins/docker container does not in fact run it’s own daemon, but is instead built upon the dind image. This image will not work for me because I don’t run Docker (I’ve already migrated to containerd). I think this is going to become a larger issue moving forward because K8s is dropping support for Docker entirely starting in 1.22.

I got this working for my use case by using the plugins/buildah-docker image. My question to you is why is this image not listed on your Plugins documentation page? I had to dig around the Github repo to find it.

bradrydzewski · July 22, 2021, 6:40pm

The docker plugin starts its own docker daemon inside the plugin container. It does not rely on, or require, docker being installed on the host. The docker:dind image, on which this plugin is built, runs on kubernetes using both containerd and crio. Because we have customers using this plugin with containerd and crio we can rule this out as a root cause.

I got this working for my use case by using the plugins/buildah-docker image

buildah is great when your cluster prevents privileged containers or root containers. Perhaps the root cause for the docker plugin not working in your cluster is because you have a security policy that prevents the plugin from running with the required perissions? This seems like the most likely root cause.