I want to prune docker images, I wrote a small Docker image using node-docker-api and I was able to test it locally with success.
As I've deployed the DaemonSet to Kubernetes, the pod fails to access the Docker socket:
Error: connect EACCES /var/run/docker.sock
The deployment.yaml looks as following:
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
labels:
name: docker-image-cleanup
name: docker-image-cleanup
spec:
template:
metadata:
labels:
app: docker-image-cleanup
spec:
volumes:
- name: docker-sock
hostPath:
path: "/var/run/docker.sock"
type: File
- name: docker-directory
hostPath:
path: "/var/lib/docker"
containers:
- name: docker-image-cleanup
image: image:tag
securityContext:
privileged: true
env:
- name: PRUNE_INTERVAL_SECONDS
value: "30"
- name: PRUNE_DANGLING
value: "true"
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-sock
readOnly: false
- mountPath: "/var/lib/docker"
name: docker-directory
readOnly: false
Running AKS v1.13.10 - if relevant
I've added runAsUser: 0 to the container properties:
containers:
- name: docker-image-cleanup
image: image:tag
securityContext:
privileged: true
runAsUser: 0
Now it works