背景
从上周开始,CI/CD平台间歇性的会构建失败,当时没太注意,对于失败的job 重试就ok了 ,但是这周就直接构建失败了,主要出现在使用dind的时候不能正常使用docker功能。
报错截图
原因:
由于我们使用的是docker官方的 docker:dind 镜像, 该镜像在18.09+下做了变化
主要是TLS 证书认证这块 , gitlab没有适配这个变化
Starting in 18.09+, the dind variants of this image will automatically generate TLS certificates in the directory specified by the DOCKER_TLS_CERTDIR environment variable.
Warning: in 18.09, this behavior is disabled by default (for compatibility). If you use --network=host, shared network namespaces (as in Kubernetes pods), or otherwise have network access to the container (including containers started within the dind instance via their gateway interface), this is a potential security issue (which can lead to access to the host system, for example). It is recommended to enable TLS by setting the variable to an appropriate value (-e DOCKER_TLS_CERTDIR=/certs or similar). In 19.03+, this behavior is enabled by default.
This means that when the service starts it will try and create the certificates, which Gitlab Runner doesn't seem to accept this.
解决办法
gitlab-ci.yml文件里面添加一句
DOCKER_TLS_CERTDIR: ‘’
variables:
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ''
官方的issue:
https://gitlab.com/charts/gitlab/issues/1477
https://gitlab.com/gitlab-org/gitlab-runner/issues/4501#per-job
1327
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
