16

I am using a third party library that creates sibling docker containers via:

docker run -d /var/run/docker.sock:/var/run/docker.sock ...

I am trying to create a Kubernetes deployment out of the above container, but currently getting:

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

This is expected because I am not declaring /var/run/docker.sock as a volume in the deployment yaml.

The problem is I don't know how to do this. Is it possible to mount /var/run/docker.sock as a volume in a deployment yaml?

If not, what is the best approach to run docker sibling-containers from within a Kubernetes deployment/pod?

rys
  • 339
  • 1
  • 3
  • 9

2 Answers2

22

Unverified as it sounds brittle to me to start a container outside of k8s supervision, but you should be able to mount /var/run/docker.sock with a hostPath volume.

Example variation from the documentation:

apiVersion: v1
kind: Pod
metadata:
  name: test-pd
spec:
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volumeMounts:
    - mountPath: /var/run/docker.sock
      name: docker-sock-volume
  volumes:
  - name: docker-sock-volume
    hostPath:
      # location on host
      path: /var/run/docker.sock
      # this field is optional
      type: File

I think a simple mount should be enough to allow communication from docker client within the container to docker daemon on host but in case you get a write permission error it means you need to run your container as privileged container using a securityContext object like such (just an extract from above to show the addition, values taken from the documentation):

spec:
  containers:
  - image: gcr.io/google_containers/test-webserver
    securityContext:
      privileged: true
    name: test-container
Tensibai
  • 11,416
  • 2
  • 37
  • 63
3

Although this is a working solution (I use it myself), there some drawbacks for running Docker in a Kubernetes pod by mounting /var/run/docker.sock

Mostly the fact you are working with Docker containers outside the control of Kubernetes.

Another suggested solution I found is using a side-car container in your pod. See A Case for Docker-in-Docker on Kubernetes. There are two parts to it where the proposed solution is in part 2.

I hope this helps.

Eldad Assis
  • 378
  • 3
  • 9