Search code examples
dockerkubernetesbamboodocker-in-docker

Permission denied with Docker in Docker in Atlassian Bamboo Server

I'm trying to build a docker image using DIND with Atlassian Bamboo.

I've created the deployment/ StatefulSet as follows:

---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app: bamboo
  name: bamboo
  namespace: csf
spec:
  replicas: 1
  serviceName: bamboo
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: bamboo
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: bamboo
    spec:
      containers:
      - image: atlassian/bamboo-server:latest
        imagePullPolicy: IfNotPresent
        name: bamboo-server
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        securityContext:
          privileged: true
        volumeMounts:
        - name: bamboo-home
          mountPath: /var/atlassian/application-data/bamboo
        - mountPath: /opt/atlassian/bamboo/conf/server.xml
          name: bamboo-server-xml
          subPath: bamboo-server.xml
        - mountPath: /var/run 
          name: docker-sock
      volumes:
      - name: bamboo-home
        persistentVolumeClaim:
          claimName: bamboo-home
      - configMap:
          defaultMode: 511
          name: bamboo-server-xml
        name: bamboo-server-xml
      - name: docker-sock 
        hostPath: 
          path: /var/run
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30

Note that I've set privileged: true in securityContext to enable this.

However, when trying to run docker images, I get a permission error:

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See '/var/atlassian/application-data/bamboo/appexecs/docker run --help'

Am I missing something wrt setting up DIND?

Solution

  • As mentioned in the documentation here

    If you want to run docker as non-root user then you need to add it to the docker group.

    Create the docker group if it does not exist

    $ sudo groupadd docker

    Add your user to the docker group.

    $ sudo usermod -aG docker $USER

    Log out and log back in so that your group membership is re-evaluated.

    $ newgrp docker

    Verify that you can run docker commands without sudo

    $ docker run hello-world

    If that doesn't help you can change the permissions of docker socket to be able to connect to the docker daemon /var/run/docker.sock.

    sudo chmod 666 /var/run