Running Docker commands inside Jenkins pipeline

  docker, dockerfile, jenkins, jenkins-pipeline, kubernetes

Is there a proper way to run Docker commands through a Jenkins containerized service?

I see there are many plugins to support Docker commands in the Jenkins ecosystem, although all of them raise errors because Docker isn’t installed in the Jenkins container.

I have a Dockerfile that provides a Jenkins image with a working Docker installation, but to work I have to mount the host’s Docker socket:

FROM jenkins/jenkins:lts

USER root

RUN apt-get -y update && 
    apt-get -y install sudo 
    apt-transport-https 
    ca-certificates 
    curl 
    gnupg-agent 
    software-properties-common

RUN add-apt-repository 
    "deb [arch=amd64] https://download.docker.com/linux/debian 
    $(lsb_release -cs) 
    stable"

RUN apt-get -y update && 
    apt-get -y install --allow-unauthenticated 
    docker-ce 
    docker-ce-cli 
    containerd.io

RUN echo "jenkins:jenkins" | chpasswd && adduser jenkins sudo

RUN echo jenkins ALL= NOPASSWD: ALL >> /etc/sudoers

USER jenkins

It can be run like this:

docker run -d -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock

This way it’s possible to run Docker commands inside the Jenkins container. Although, I am concerned about security: namely this way the Jenkins container can access all the containers running in the host machine, moreover Jenkins is a root user, which I wouldn’t like for production.

I seek to run a Jenkins instance within a Kubernetes cluster to support CI and CD pipelines within that cluster, therefore I’m guessing Jenkins must be containerized.

Am I missing something?

Source: Docker Questions

LEAVE A COMMENT