Issue
- I would like to build my own docker images in CloudBees Core on Modern Cloud Platforms
Environment
Resolution
There are two approaches
- 1) Use Kaniko to build Dockerfiles without Docker
- 2) Use DinD by creating a new
Pod Templateand including theContainer Templaterequired
CloudBees recommends to follow the Kaniko approach
1) Kaniko approach
Please refer to Using Kaniko with CloudBees Core
2) DinD approach
Risks
There are some risks from using “Docker in Docker” (DinD) and the “Docker socket” for building containers on CloudBees Core for Modern Cloud Platforms.
- resources launched outside of the k8s scheduler’s oversight are not properly accounted for and may lead to resource over-utilisation
- resources launched by DinD will not be cleaned up by the k8s scheduler and may consume CPU and memory resources until the instances are removed
- exposing the
docker.sockto processes effectively grants host root access to the container processes
Instructions
Pod Templates can be created at CJOC or Master level.
- In CJOC, access to CJOC main page, click on the view
Alland open thekubernetes shared cloudconfig page. - In a Master, go to
Manage Jenkins > Kubernetes Pod Template.
Add a new Pod Template
Click on the Add Pod Template button and fill the following fields
Name : pod-dind
Labels : pod-dind
Usage : Only build jobs with label expressions matching the node
Add the DinD container
Click on the Add Container button and use one of the docker DinD images:
Name : dind
Docker image : docker:18.06.1-ce-dind
Working directory : /home/jenkins/agent
Command to run : (empty field)
Arguments to pass to the command: (empty field)
Allocate pseudo-TTY : checked
Run in privileged mode : checked
Testing job
In order to test the Pod Template, create a new Pipeline job using the following code.
node('pod-dind') {
container('dind') {
stage('Build My Docker Image') {
sh 'docker info'
sh 'touch Dockerfile'
sh 'echo "FROM centos:7" > Dockerfile'
sh "cat Dockerfile"
sh "docker -v"
sh "docker info"
sh "docker build -t my-centos:1 ."
}
}
}
Expected output:
[Pipeline] node
Agent pod-dind-xwhnz is provisioned from template Kubernetes Pod Template
Agent specification [Kubernetes Pod Template] (pod-dind):
* [dind] docker:18.06.1-ce-dind(resourceRequestCpu: , resourceRequestMemory: , resourceLimitCpu: , resourceLimitMemory: )
Running on pod-dind-xwhnz in /home/jenkins/workspace/dind-test
...
[Pipeline] sh
[dind-test] Running shell script
+ docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.06.1-ce
...
[Pipeline] sh
[dind-test] Running shell script
+ docker build -t my-centos:1 .
Sending build context to Docker daemon 2.048kB
Step 1/1 : FROM centos:7
7: Pulling from library/centos
aeb7866da422: Pulling fs layer
aeb7866da422: Verifying Checksum
aeb7866da422: Download complete
aeb7866da422: Pull complete
Digest: sha256:67dad89757a55bfdfabec8abd0e22f8c7c12a1856514726470228063ed86593b
Status: Downloaded newer image for centos:7
---> 75835a67d134
Successfully built 75835a67d134
Successfully tagged my-centos:1
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
Finished: SUCCESS
Depending on the version you are running, you may receive an error during your test build similar to process apparently never started in /home/jenkins/workspace/dind-test. This is due to a change in the default working directory for containers. If you receive this error, change the Working directory to: Working directory: /home/jenkins/agent. This should be auto-populated when creating your container if you need to use this new location.
0 Comments