fix(forgejo-runner): fix dind connection error #70

Closed

channel-42 wants to merge 6 commits from main into main

channel-42 commented

2024-05-15 15:57:53 +00:00

(Migrated from codeberg.org)

Hey, thanks for creating this collection of awesome helm charts! 😊

I was having issues building docker containers in my forgejo actions. Specifically, spawned containers would complain that they do not have access to the dind socket.

With the help of an issue on the forgejo-runner repo and the provided docker-compose example, I was able to make the dind socket accessible inside spawned containers.

Hey, thanks for creating this collection of awesome helm charts! 😊 I was having issues building docker containers in my forgejo actions. Specifically, spawned containers would complain that they do not have access to the dind socket. With the help of an [issue on the forgejo-runner repo](https://code.forgejo.org/forgejo/runner/issues/153) and the provided [docker-compose example](https://code.forgejo.org/forgejo/runner/src/branch/main/examples/docker-compose/compose-forgejo-and-runner.yml), I was able to make the dind socket accessible inside spawned containers.

wrenix commented

2024-05-16 20:24:27 +00:00

(Migrated from codeberg.org)

Oh thank you, for contribute here on my chart.

I am current not really clear of I like it that way (prefer ip-address over DNS and configuration should be stored somewhere like configmap and maybe forgejo-runner works with environment variables). To check a good solution I need time (sorry).

If I understand you correct, you use the dind of forgejo-runner also inside of an job and that does not work (with which log output?).

PS: myself I use buildah.io (and maybe I replace it with kaniko) so I need less privileges during build and so my pipelines are more secure.

Oh thank you, for contribute here on my chart. I am current not really clear of I like it that way (prefer ip-address over DNS and configuration should be stored somewhere like configmap and maybe forgejo-runner works with environment variables). To check a good solution I need time (sorry). --- If I understand you correct, you use the dind of forgejo-runner also inside of an job and that does not work (with which log output?). PS: myself I use buildah.io (and maybe I replace it with [kaniko](https://github.com/GoogleContainerTools/kaniko)) so I need less privileges during build and so my pipelines are more secure.

channel-42 commented

2024-05-17 05:57:20 +00:00

(Migrated from codeberg.org)

Exactly. If you try to access the docker socket provided by the dind container inside a job's container, then the socket will be unavailable inside there (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? , basically the situation described in the issue I linked to above).

Using an IP instead of localhost also works, just tested this. The important part is adding the docker env vars inside the runner's config.yaml so that the job containers know where to look for the docker socket. If you prefer, it would also be possible to store the modified config file inside a configmap 👍🏻

Exactly. If you try to access the docker socket provided by the dind container inside a job's container, then the socket will be unavailable inside there (`Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? `, basically the situation described in the issue I linked to above). Using an IP instead of localhost also works, just tested this. The important part is adding the docker env vars inside the runner's `config.yaml` so that the job containers know where to look for the docker socket. If you prefer, it would also be possible to store the modified config file inside a configmap 👍🏻

wrenix commented

2024-05-17 13:35:12 +00:00

(Migrated from codeberg.org)

I start writing an solution for your problem, where you could set/overwrite the default to bypass the sind to the running-job, See #74

I believe that is a gold Option to solve your Problem.
Or what do you mean?

I start writing an solution for your problem, where you could set/overwrite the default to bypass the sind to the running-job, See #74 I believe that is a gold Option to solve your Problem. Or what do you mean?

channel-42 commented

2024-05-17 19:40:35 +00:00

(Migrated from codeberg.org)

Awesome!
I had a look at it, tested it and left some comments. I also copied over your changes to this PR, with the issues in the comments already fixed 👍🏻

Do you think it would be better to already include the necessary adjustments to the config file to access the docker socket inside of containers in values.yaml by default?

Awesome! I had a look at it, tested it and left some comments. I also copied over your changes to this PR, with the issues in the comments already fixed 👍🏻 Do you think it would be better to already include the necessary adjustments to the config file to access the docker socket inside of containers in `values.yaml` by default?

wrenix commented

2024-05-17 20:34:30 +00:00

(Migrated from codeberg.org)

i believe we should keep the defaults but put an example values-dind-bypass.yaml there with the needed values (and put an block therefor in the README.adoc bzw. _docs.gotmpl ).

could you pass / create such an values-dind-bypass.yaml for me?

i believe we should keep the defaults but put an example `values-dind-bypass.yaml` there with the needed values (and put an block therefor in the README.adoc bzw. `_docs.gotmpl` ). could you pass / create such an `values-dind-bypass.yaml` for me?

channel-42 commented

2024-05-18 20:38:32 +00:00

(Migrated from codeberg.org)

Sure! Added everything in the last 3 commits 😊