Not able to Run Docker build on K8S : Permission denied - jenkins

I have installed bitnami/jenkins on my Managed Kubernetes cluster.
I need to run Jenkins job which will build docker image and push to docker repository.
When I do this on a Jenkins instance in a simple container on host, I simply mount docker.sock as volume to the container.
But, when I try to do that in Jenkins on a Managed Kubernetes, I get permission denied error.
/bitnami/jenkins/home/tools/org.jenkinsci.plugins.docker.commons.tools.DockerTool/Docker/bin/docker login -u **** -p ********
https://mydocker-repo/ Warning: failed to get default registry endpoint from daemon (Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get
http://%2Fvar%2Frun%2Fdocker.sock/v1.29/info: dial unix /var/run/docker.sock: connect: permission denied). Using system default: https://index.docker.io/v1/ Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post
http://%2Fvar%2Frun%2Fdocker.sock/v1.29/auth: dial unix /var/run/docker.sock: connect: permission denied
Steps to reproduce the behaviour:
These are the helm values for the volume mount
extraVolumes:
- hostPath:
path: /var/run
name: docker-sock
extraVolumeMounts:
- mountPath: /var/run
name: docker-sock
Expected behaviour:
Docker build should run properly
I do not want to run the Jenkins POD as root
especially, on Managed Kubernetes instance it is not allowed as well
How do I solve this error?

Related

Docker sudo permissions

I am able to run docker without sudo but after sometimes it again asks for permissions and I am not able to Attach container in VS code
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/json: dial unix /var/run/docker.sock: connect: permission denied
To sort out permission errors and to run containers, check the following command
sudo chmod 666 /var/run/docker.sock

Getting permission denied while connecting to /var/run/docker.sock

I am trying to use watchtower container (https://containrrr.dev/watchtower/) in RHEL 8.0 using podman.
Since docker is not officially supported by RHEL 8.0, I have not installed docker-engine in this VM.
I have started podman.socket service and podman.sock is located on /run/podman/podman.sock
When I give podman-compose up -d command all the other containers start successfully without any error but watchtower container Exits with code (1).
This is the logs generated by watchtower container:
time="2022-01-20T13:45:50Z" level=error msg="Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get \"http://%2Fvar%2Frun%2Fdocker.sock/v1.25/containers/json?filters=%7B%22status%22%3A%7B%22running%22%3Atrue%7D%7D&limit=0\": dial unix /var/run/docker.sock: connect: permission denied"
0
I gave executing permission to /run/podman/podman.sock file but still getting this error.
Snippet of docker-compose.yml with watchtower service.
watchtower:
image: index.docker.io/containrrr/watchtower:1.3.0
volumes:
- /run/podman/podman.sock:/var/run/docker.sock
Since I do not have docker.sock, I am mounting podman.sock to docker.sock so that watchtower can communicate with docker API.
How can I fix it? (I don't want to install docker)
The default podman socket is root:root 660. You may have to create a group, and/or chmod the socket.

Jenkins agent on GKE failed to run docker dial unix /var/run/docker.sock: connect: permission denied

I'm running Jenkins helm on GKE standard cluster with Container-Optimized OS with Docker (cos) image.
I'm running jenkins agent with docker installed and jenkins user added to docker group. I'm mounting /var/run/docker.sock as volume .. also tried t run with UID 1000.
-v /var/run/docker.sock:/var/run/docker.sock
But still getting dial unix /var/run/docker.sock: connect: permission denied ?! Any idea what I'm missing here ?
In addition to #again comment, below are possible reasons to look for regarding pemission denied error:
Docker is not installed on host
UID 1000 does not have permission to /var/run/docker.sock (try to chmod 777 the file temporarily and reduce permssion as needed)
Check Host and Container docker ID, must have the same UID
Also, you can refer on related links below for possible answers.
Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
Run Docker as jenkins-agent, in a docker-container, as non-root user
Use docker inside docker with jenkins user #263
docker.sock permission denied

Docker command permission denied in pipeline but works correct in SSH sesion

Our pipeline executes commands:
gcloud auth activate-service-account jenkins#myproject.iam.gserviceaccount.com --key-file /var/lib/jenkins/gkeys/keyfile.json
docker pull gcr.io/myproject/myimage.v15
We receive the error from docker pull:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=gcr.io%2Fmyproject%2Fmyimage&tag=v15: dial unix /var/run/docker.sock: connect: permission denied
When we run the same commands in SSH session on the Jenkins server with user jenkins both of them work fine.
Restart Jenkins service solved the problem

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post

I’ve just run Dockerfile in jenkins setup then I get the following error:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&session=2quv9npfhvxjco1lqvt8aea9h&shmsize=0&t=testfile&target=&ulimits=null&version=1: dial unix /var/run/docker.sock: connect: permission denied
.
..
Dockerfile
WebApp.war
SSH: EXEC: completed after 404 ms
SSH: Disconnecting configuration [Docker] ...
SSH: Transferred 1 file(s)
Finished: SUCCESS
docker.deamon tell us this:
The Docker daemon binds to a Unix socket instead of a TCP port. By
default that Unix socket is owned by the user root and other users can
only access it using sudo. The Docker daemon always runs as the root
user.
If you don’t want to preface the docker command with sudo, create a
Unix group called docker and add users to it. When the Docker daemon
starts, it creates a Unix socket accessible by members of the docker
group.
Check if the docker group already exists:
cat /etc/group | grep docker
if it doesn't, create with this command:
sudo groupadd docker
add the jenkins user to docker group:
sudo usermod -a -G docker jenkins-user
newgrp docker
Check if is it worked...
$ cat /etc/group | grep docker
docker:x:***:jenkins-user
Restart the jenkins
logout, and login again
Or you can just try run the docker with sudo.

Resources