Can't run compose in bitbucket pipelines getting --privileged=true is not allowed

red888 January 8, 2023

Compose is supposed to be supported.

Buildkit is supposed to be supported.

It seems buildkit and compose is not supported?

Here is my compose file:

version: "3.9"
services:
  myservice:
    platform: linux/amd64
    privileged: false # I also tried adding this
    image: someimage
    build:
      context: .
      dockerfile: "Dockerfile"
      secrets:
        - pypi_conf

secrets:
  pypi_conf:
    file: "${BITBUCKET_CLONE_DIR}/pypi_config/pip/pip.conf"

 Here is my yaml file:

image: atlassian/default-image:3

definitions:
  services:
    docker:
      memory: 3072
  steps:
    - step: &build
        name: Build
        image:
          name: tiangolo/docker-with-compose
        script:
          - export DOCKER_BUILDKIT=1
          - docker compose build
        services:
          - docker
pipelines:
  default:
    - step: *build
  branches:
    master:
      - step: *build

Im not mounting anything outside of the allowed BITBUCKET_CLONE_DIR.

But I get this error:

#1 [internal] booting buildkit
#1 pulling image moby/buildkit:buildx-stable-1
#1 pulling image moby/buildkit:buildx-stable-1 3.1s done
#1 creating container buildx_buildkit_default done
#1 ERROR: Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed
------
 > [internal] booting buildkit:
------
Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed
make: *** [Makefile:134: testing] Error 17

Even if I remove the `secrets` mount config and keep  `DOCKER_BUILDKIT=1` I get this error. So is buildkit and compose together not supported for some reason?

If I set `DOCKER_BUILDKIT=0` I don't get a perms error, but I need that to mount secrets. 

All of this is supposed to be supported so I'm not understanding why I'm getting these errors.

3 answers

5 votes
Sander Mol January 27, 2023

Encountered the same, might this have to do with the buildx driver that seems to be used by default? Atlassian does not allow running `privileged` containers within a pipeline, and it seems this is exactly how the build container (`--driver docker-container`) seems to work.

It might be solved if someone can give directions on how to use the option to not have this build container (`--driver docker`), so the `privileged` container will not be spawned at all.

Anyone from Atlassian might be able to give more feedback? Might this be a default Docker Deamon setting?

2 votes
Seth Miller April 27, 2023

So BuildKit support is just completely broken?

Rich Kalsky June 2, 2023

Did you get any replies/answers for this?

0 votes
Aymen Toukabri
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 15, 2024

is there any updates ? 

Gianpietro Basei March 15, 2024

Hi, I doubt this will ever change; We are currently building each service separately (without using compose)

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events