Today Docker is like our lifeline, its the de-facto. In the world full of docker, you would most likely be running your Jenkins in Docker and then you would want to build your app which is also dockerized. And thats when you realise - life is not simple :) This talk will cover what is Docker in docker? Why is it a challenge? The talk will talk about how docker-in-docker is helpful in running your CI and how to address the challenges in doing so.
2. AGENDA
● Recap: CI, Jenkins
● Jenkins + Docker
● Docker in Docker problems
● 3 ways to solve docker-in-docker
● Jenkins with Docker-in-Docker: Simplest way
● Advantages of dind in CI pipeline
● VP Devops & Cloud, Velotio Technologies
● (We are hiring!!) => mukta@velotio.com
● Developer for 1 decade and in Devops for another decade!
● (Probably successful) Entrepreneur
● Love to solve problems creatively
● Love to travel, cook, paint, explore and meet people
● Mother to two (handsome) boys!
@muktaa mukta@velotio.com
5. This is the problem:
Building container apps on Jenkins which is
running as a container
Docker in Docker Problems
● When starting a container, the “inner Docker”
might try to apply security profiles that will
conflict or confuse the “outer Docker.”
● When you run Docker in Docker, the outer
Docker runs on top of a normal filesystem but
the inner Docker runs on top of a
copy-on-write system
● Handling build cache: if your CI system does
builds and rebuilds, each time you’ll restart
your Docker-in-Docker container, you might
be nuking its cache
6. And then there was light…
“They didn’t know it was impossible, so they did it.” - Mark Twain
● Sysbox
○ Container runtime, based on runc,
○ Enables to run Docker-in-Docker securely and easily, integrating with existing CI tools
seamlessly
○ https://github.com/nestybox/sysbox
● Socket Solution
○ Run docker with the default Unix socket docker.sock as a volume
○ docker run -v /var/run/docker.sock:/var/run/docker.sock -ti docker
○ Security Risks
● Dind
○ Use official Docker image with dind tag: docker run --privileged -d --name dind-test docker:dind
○ Outer container runs in privileged mode
7. Using disposable containers in CI
https://stefanprodan.com/2016/continuous-integration-with-jenkins-and-disposable-containers/
9. Jenkins Setup with Docker-in-Docker
1. Run Jenkins in container using official image (docker:dind)
a. Customized image: https://github.com/4OH4/jenkins-docker
2. Or, Clone repo and build image
docker run -it -p 8080:8080 -p 50000:50000
-v jenkins_home:/var/jenkins_home
-v /var/run/docker.sock:/var/run/docker.sock
--restart unless-stopped
4oh4/jenkins-docker
docker build -t jenkins-docker .
docker run -it -p 8080:8080 -p 50000:50000
-v jenkins_home:/var/jenkins_home
-v /var/run/docker.sock:/var/run/docker.sock
--restart unless-stopped
4oh4/jenkins-docker
10. Advantages of using Docker-in-Docker in CI
● On demand build environments
● No need for dedicated VMs
● Useful for microservices which are written in different languages
● Cost effective
● Better automation of continuous testing
● Very useful for performance testing