Connect to docker container started inside Gitlab docker executor

Question

We have a Gitlab setup with Sysbox (link to the setup) to avoid running the docker executor on priviledged mode. Currently the services attribute works and we can communicate to it, but containers started with dind are inaccessible. Here's a minimal .gitlab-ci.yml file to reproduce the problem:

docker_gitlab_test:
  stage: test
  image: docker:19.03.13
  tags:
    - docker # this is our docker executor
  services:
    - docker:19.03.12-dind
  script:
    - apk add curl
    - mkdir test
    - echo "hello world" > test/index.html
    - docker run -d -p 8080:80 -v $(pwd)/test:/usr/share/nginx/html:ro --hostname nginx --name nginx nginx
    - curl localhost:8080
  variables:
    DOCKER_DRIVER: overlay2
    DOCKER_HOST: tcp://docker:2375
    DOCKER_TLS_CERTDIR: ""

The curl commands returns curl: (7) Failed to connect to localhost port 8080: Connection refused. Running nmap says all ports are closed. I know this setup works with privileged docker executors. I've tried setting --privileged on the docker run command but to no avail. I've tried other base images other than docker but the problem persisted. I've tried running images other than nginx but the same problem happened.

How to allow the gitlab job to access containers running detached on dind?

Answer 1

Can you try 0.0.0.0 instead of localhost? Also, the network_mode property for the runner should be host (https://docs.gitlab.com/runner/executors/docker.html)