Kubernetes plugin for Jenkins after dockershim runtime is deprecated

122 views
Skip to first unread message

Mario Rodriguez

unread,
Sep 29, 2021, 8:05:22 PM9/29/21
to Jenkins Users

Hello, Kubernetes project is planning to deprecate support for dockershim runtime is version 1.20 and fully drop it in version 1.24 as indicated here: https://kubernetes.io/blog/2020/12/02/dockershim-faq/

 

Reading about the impacts of dockershim removal here:  https://kubernetes.io/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you/  and here https://kubernetes.io/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents/ ,  any apps that depend on the docker daemon by exposing /var/run/docker.sock will be impacted.  We use the Kubernetes plugin for Jenkins using this docker daemon exposure technique.


Assuming a transition from docker to containerd, any idea what changes will be needed by Kubernetes plugin users to continue working properly ?


thanks

Carlos Sanchez

unread,
Sep 30, 2021, 3:32:06 AM9/30/21
to Jenkins Users

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3b883835-c0bd-49ac-9017-30163ad04a79n%40googlegroups.com.

Mario Rodriguez

unread,
Oct 26, 2021, 10:31:23 PM10/26/21
to Jenkins Users
and how about if we are using the kubernetes plugin podTemplate ?  more less like this:

podTemplate(cloud: 'kubernetes', label: args.pipelineName,
    containers: getContainers(...),
    volumes: [
        hostPathVolume(hostPath: '/var/run/docker.sock', mountPath: '/var/run/docker.sock'),
    ])  {
           gcloud auth configure-docker --account=jen...@myproject.iam.gserviceaccount.com
           docker build --pull -t ${env.btvImageFullName} -t ${env.btvLatestFullName} .
}

Carlos Sanchez

unread,
Oct 27, 2021, 3:15:29 PM10/27/21
to Jenkins Users
You cannot use the docker.sock anymore

Steve Ridley

unread,
Apr 12, 2022, 6:14:12 AMApr 12
to Jenkins Users
We are faced with the same issue for our Jenkins implementation. cr...@llbean.com I wonder if you were able to utilize Kaniko or if you found another alternative that worked for you? Any further insight is appreciated!

Mario Rodriguez

unread,
Apr 12, 2022, 9:25:29 AMApr 12
to Jenkins Users
Hi, yes, I was able to replace docker tooling with a combination of kaniko and podman.  Kaniko will build the OCI container images in a daemonless fashion and podman will let you run other commands such as tag, pull, push.  Please be aware kaniko 1.7.0 has issues with workload identity authentication and 1.8.0 has issues with public gcr.io repositories, then 1.6.0 is the latest stable version that works fine under broader conditions.

I hope it helps

Jan Monterrubio

unread,
Apr 12, 2022, 7:21:17 PMApr 12
to jenkins...@googlegroups.com
For builds that need docker, we have used docker:dind in the past. So we have a maven build running in a maven container in a pod, and that build uses dind to run testcontainers. 

I wonder if something like that would work for your use case?


--

Ivan Fernandez Calvo

unread,
Apr 13, 2022, 12:25:53 PMApr 13
to Jenkins Users
Another solution that does not impact your pipelines, is to use a DinD container and export DOCKER_HOST in all the containers of the pod, this allows access to Docker to all containers using the docker CLI

pipeline {
  agent {
  kubernetes {
    defaultContainer 'docker-cli'
    yaml '''
      apiVersion: v1
      kind: Pod
      spec:
        imagePullSecrets:
          - name: 'repo.example.com'
          - name: 'repo1.example.com'
        containers:
          - name: dind
            image: docker:20.10.12-dind
            securityContext:
              privileged: true
            env:
              - name: DOCKER_TLS_CERTDIR
                value: ""
            command:
              - dockerd
            args:
              - -H tcp://localhost:2375
              --H unix:///var/run/docker.sock
            ports:            
              - containerPort: 2375
                hostIP: 127.0.0.1
            volumeMounts:
              - name: docker-cache
                mountPath: /var/lib/docker
          - name: docker-cli
            image: my-docker-cli-container:latest
            command:
              - sleep
            args:
              - infinity
            env:
              - name: DOCKER_HOST
                value: tcp://localhost:2375
            volumes:
              - name: docker-cache
                emptyDir: {}
'''
}
}
....

Reply all
Reply to author
Forward
0 new messages