We don't currently allow users to access the hosts docker daemon, we do provide a docker in docker daemon as part of the step and in a future release are looking to allow users to override this with a dind image of their choosing (so they can run privileged containers and access host networking etc).
In the meantime, it would be interesting to know your use case for accessing the hosts docker daemon, if your willing to share :)
Hey @lassian , related to your comment, more specifically this part "we do provide a docker in docker daemon as part of the step and in a future release are looking to allow users to override this with a dind image of their choosing" - my use case is that I want to run kind in a step to run tests against helm charts (my step is bellow), is this currently possible via some configuration in the runner (I see gitlab runners let you enable privileged for instance) or in the pipeline (perhaps using a different service than docker, referring to some specific image etc.)? In case it is something you plan on releasing later, could you maybe share the feature/story if there is such, so I could watch it? Thanks a lot and sorry if I'm hijacking the topic.
The step in question (the image used is golang 1.16 on alpine):
- step: &test_cls
name: CLS Tests
- cd $BITBUCKET_CLONE_DIR/tests/cls
- make tools
- make cluster #this invokes kind create cluster
- make test # an apply against the kind cluster above
- make test-junit
Sounds awesome @lassian , thanks for the reply, look forward to this being available!
Just to clear things up in my head, in the snippet above, is my assumption correct that the docker service in the services section references https://hub.docker.com/r/atlassian/pipelines-docker-daemon to provide a DinD and the runner itself imposes security restrictions (or best practices, depends on point of view I guess) via plugins to deny having privileged containers, specific volume mounts (outside of BITBUCKET_CLONE_DIR boundaries) etc.?
Thanks again and looking forward to the GA!
Yes those assumptions are correct.
The initial release of runners (beta) we are just aiming for feature parity with our cloud runner before we start relaxing some of the restrictions we have to have in our cloud (due to its multi tenated nature) for self hosted runners (due to their single tenanted nature).
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events