Is there a proper way to run Docker commands through a Jenkins containerized service?
I see there are many plugins to support Docker commands in the Jenkins ecosystem, although all of them raise errors because Docker isn’t installed in the Jenkins container.
I have a Dockerfile that provides a Jenkins image with a working Docker installation, but to work I have to mount the host’s Docker socket:
FROM jenkins/jenkins:lts USER root RUN apt-get -y update && apt-get -y install sudo apt-transport-https ca-certificates curl gnupg-agent software-properties-common RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" RUN apt-get -y update && apt-get -y install --allow-unauthenticated docker-ce docker-ce-cli containerd.io RUN echo "jenkins:jenkins" | chpasswd && adduser jenkins sudo RUN echo jenkins ALL= NOPASSWD: ALL >> /etc/sudoers USER jenkins
It can be run like this:
docker run -d -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock
This way it’s possible to run Docker commands inside the Jenkins container. Although, I am concerned about security: namely this way the Jenkins container can access all the containers running in the host machine, moreover Jenkins is a root user, which I wouldn’t like for production.
I seek to run a Jenkins instance within a Kubernetes cluster to support CI and CD pipelines within that cluster, therefore I’m guessing Jenkins must be containerized.
Am I missing something?
Source: Docker Questions