我通过Helm chart(Jenkins-Helm:3.11.4(在本地Kubernetes集群(牧场主桌面(上部署了Jenkins。我在jenkins/inbound-agent
映像上安装了docker,因为它不包括在我使用默认Jenkins控制器映像的地方。当我在本地管道中运行docker命令时,我会得到一个权限错误,如下所示。
我知道,问题是/var/run/.docker.sock文件夹的权限,但我无法修复它,真的卡住了。我试图在values.yaml中将command:["sh","-c","chmod 777 /var/run/.docker.sock ]
添加到代理中,但这次jenkins没有正常启动和运行。我尝试将RUN usermod -aG docker jenkins
添加到Dockerfile中,但仍然相同。
jenkins@default-cnmq7:~/agent$ id
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins),0(root)
jenkins@default-cnmq7:~/agent$ grep docker /etc/group
docker:x:107:
那么,我如何通过Jenkins代理吊舱的舵图授予该文件夹的权限呢?或者解决这个问题的正确解决方案是什么。
node {
stage('SCM') {
checkout(scm)
}
stage('Build') {
echo 'Building Project'
sh """
docker pull alpine
"""
}
}
[Pipeline] sh
+ docker pull alpine
Using default tag: latest
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=alpine&tag=latest": dial unix /var/run/docker.sock: connect: permission denied
values.yaml
controller:
componentName: "jenkins-controller"
image: "jenkins"
# tag: "2.319.3-jdk11"
tagLabel: jdk11
imagePullPolicy: "Always"
imagePullSecretName:
javaOpts: "-Xms512m -Xmx2048m"
jenkinsUrl: "http://localhost:8080"
agent:
enabled: true
defaultsProviderTemplate: ""
# URL for connecting to the Jenkins contoller
jenkinsUrl:
jenkinsTunnel:
image: "jenkins/inbound-agent"
tag: "4.11.2-5"
workingDir: "/home/jenkins/agent"
nodeUsageMode: "NORMAL"
componentName: "jenkins-agent"
websocket: false
privileged: true
runAsUser:
runAsGroup:
alwaysPullImage: true
podRetention: "Never"
volumes:
- type: HostPath
hostPath: /Users/username/workspace
mountPath: /Users/username/workspace
- type: HostPath
hostPath: /var/run/docker.sock
mountPath: /var/run/docker.sock
command:
args: "${computer.jnlpmac} ${computer.name}"
jenkins代理的Dockerfile
FROM jenkins/inbound-agent:4.11.2-4
USER root
RUN set -eux &&
apt-get update &&
apt-get install -y curl sudo docker.io docker-compose &&
curl -sS https://raw.githubusercontent.com/HariSekhon/bash-tools/master/clean_caches.sh | sh
RUN usermod -aG docker jenkins
USER jenkins
首先从主机中找到docker的组id
$ grep docker /etc/group
docker:x:999:
然后在Dockerfile中创建一个用户,其组与docker组id相同。
RUN groupadd -g 999 tech
RUN useradd -g tech tech
USER tech