Brothers of Jenkins

Avoid Docker-in-Docker

Using Docker-in-Docker for your CI or testing environment? Think twice. by @jpetazzo explains why the DinD approach is bad for CI, and how using an alternative approach will allow the docker container to create sibling containers rather than child containers.

Modifying my Docker setup

I need to install docker into in a layer on top of the standard Jenkins image. @mjuuso has already demonstrated this in getintodevops/jenkins-withdocker and there is an associated blog post (The simple way to run Docker-in-Docker for CI). Another example of the same additions to a Dockerfile can be found on this post (Building containers with Docker in Docker and Jenkins).

The first issue is quickly encountered, permission are required for Jenkins to use docker. This was handled pretty cleanly by adding ‘docker’ to group_add in the docker-compose.yaml file. I believe --user="$(id -u)" might work if the container is run directly, but it is slightly doing something slightly different.

Parents and Children have different points of view

The second issue might be encountered when trying to mount a directory during a run command. Mounting directories to container inside Jenkins does not work as expected. Alternative to Docker-in-Docker identifies a possible solution.

One solution that may be available for many builds that wish to run a container that does not require additional volumes could be:

docker run \
    ... \
    --volume "jenkins_home:${JENKINS_HOME}"
    --workdir "${WORKSPACE}"
    ...

For instance I was able to build this static site from within the dockerized jenkins. I had to change some variables (aka HUGO_DESTINATION) for it to work. As I begin to think about it more I actually think the image is trying to do too much for me. I simply expect it to provide access to the hugo application, but instead it is attempting to make it easier to use.

docker run \
    --user "1000:1000" \
    --volume "ngenetzkyci_master_home:${JENKINS_HOME}" \
    --workdir "${WORKSPACE}" \
    -e HUGO_DESTINATION="${WORKSPACE}/public" \
    jojomi/hugo:latest \
    hugo

My main goal for using docker is to limit the requirements on my Jenkins master, I want to keep the master as slim as possible. I am going to research into the plugins more, and might consider creating containerized Jenkins slaves.

Related