Reputation: 4611
Jenkins agent(jnlp) Got permission denied /var/run/docker.sock on kubernetes
I deployed Jenkins via Helm chart(jenkins-helm:3.11.4) on my local Kubernetes cluster(rancher desktop). I installed docker on jenkins/inbound-agent image because it is not included where I am using the default Jenkins-controller image as provided. When I run the docker command in the local pipeline I am getting a permission error as below.
I am aware that, the issue is the permission for /var/run/.docker.sock folder but I could not fix it and really stuck. I tried to add command:["sh","-c","chmod 777 /var/run/.docker.sock ] to the agent in values.yaml but this time jenkins did not up and running properly. I tried to add RUN usermod -aG docker jenkins to the Dockerfile but still same.
jenkins@default-cnmq7:~/agent$ id
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins),0(root)
jenkins@default-cnmq7:~/agent$ grep docker /etc/group
docker:x:107:
So how can I grant permission for this folder through the helm chart for Jenkins agent pod? Or what is the proper solution to fix this issue.
node {
stage('SCM') {
checkout(scm)
}
stage('Build') {
echo 'Building Project'
sh """
docker pull alpine
"""
}
}
[Pipeline] sh
+ docker pull alpine
Using default tag: latest
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=alpine&tag=latest": dial unix /var/run/docker.sock: connect: permission denied
values.yaml
controller:
componentName: "jenkins-controller"
image: "jenkins"
# tag: "2.319.3-jdk11"
tagLabel: jdk11
imagePullPolicy: "Always"
imagePullSecretName:
javaOpts: "-Xms512m -Xmx2048m"
jenkinsUrl: "http://localhost:8080"
agent:
enabled: true
defaultsProviderTemplate: ""
# URL for connecting to the Jenkins contoller
jenkinsUrl:
jenkinsTunnel:
image: "jenkins/inbound-agent"
tag: "4.11.2-5"
workingDir: "/home/jenkins/agent"
nodeUsageMode: "NORMAL"
componentName: "jenkins-agent"
websocket: false
privileged: true
runAsUser:
runAsGroup:
alwaysPullImage: true
podRetention: "Never"
volumes:
- type: HostPath
hostPath: /Users/username/workspace
mountPath: /Users/username/workspace
- type: HostPath
hostPath: /var/run/docker.sock
mountPath: /var/run/docker.sock
command:
args: "${computer.jnlpmac} ${computer.name}"
Dockerfile for jenkins agent
FROM jenkins/inbound-agent:4.11.2-4
USER root
RUN set -eux && \
apt-get update && \
apt-get install -y curl sudo docker.io docker-compose && \
curl -sS https://raw.githubusercontent.com/HariSekhon/bash-tools/master/clean_caches.sh | sh
RUN usermod -aG docker jenkins
USER jenkins
Upvotes: 1
Views: 1995
Answers (1)
Reputation: 826
First find the group id of docker from the Host
$ grep docker /etc/group
docker:x:999:
Then create a user in the Dockerfile which its group is the same is docker group id.
RUN groupadd -g 999 tech
RUN useradd -g tech tech
USER tech
Upvotes: 1
Related Questions
- Jenkins on Kubernetes JNLP Failed to connect to jenkins.example.de:50000
- Jenkins on Kubernetes - Permission Denied
- Running Jenkins job with docker command on kubernetes cluster fails "docker: not found"
- Kubernetes jenkins - Permission denied
- jnlp kubernetes slave agent issue
- Run jenkins agent in docker container, issue with jenkins pipeline and /var/run/docker.socket
- Run Docker as jenkins-agent, in a docker-container, as non-root user
- Docker in Docker permissions error
- Jenkins dial unix /var/run/docker.sock: connect: permission denied MacOS
- Hosting Jenkins on Kubernetes while using docker.sock