Kubernetes DaemonSet Permission Denied on mounted Volume - Docker in Docker dind

Question

I tried running simple DaemonSet on kube cluster - the Idea was that other kube pods would connect to that containers docker daemon (dockerd) and execute commands on it. (The other pods are Jenkins slaves and would have just env DOCKER_HOST point to 'tcp://localhost:2375'); In short the config looks like this:

dind.yaml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: dind
spec:
  selector:
    matchLabels:
      name: dind
  template:
    metadata:
      labels:
        name: dind
    spec:
            #      tolerations:
            #      - key: node-role.kubernetes.io/master
            #        effect: NoSchedule
      containers:
      - name: dind
        image: docker:18.05-dind
        resources:
          limits:
            memory: 2000Mi
          requests:
            cpu: 100m
            memory: 500Mi
        volumeMounts:
        - name: dind-storage
          mountPath: /var/lib/docker
      volumes:
        - name: dind-storage
          emptyDir: {}

Error message when running

mount: mounting none on /sys/kernel/security failed: Permission denied
Could not mount /sys/kernel/security.
AppArmor detection and --privileged mode might break.
mount: mounting none on /tmp failed: Permission denied

I took the idea from medium post that didn't describe it fully: https://medium.com/hootsuite-engineering/building-docker-images-inside-kubernetes-42c6af855f25 describing docker of docker, docker in docker and Kaniko

Kubernetes DaemonSet Permission Denied on mounted Volume - Docker in Docker dind

Answers (1)

Related Questions