Skip to content

Build docker image in K8S with docker

Archived (pre-2022)

Preserved for reference only -- likely outdated. View original | Last updated: March 2020

To build docker image with docker on kubernetes you need to implement following steps:

  1. Create docker image with docker command inside, install there aws cli and docker-credential-ecr-login to be able authorise in ECR
  2. Create pod with mounted docker socket and appropriate privileges for container

Docker image with docker, aws cli and docker-credential-ecr-login inside: Dockerfile (Github)

Spec for pod:

kind: Pod
apiVersion: v1
metadata:
  name: jenkins-docker
spec:
  securityContext:
    fsGroup: 995    # Group ID of docker group on k8s nodes.
  containers:
  - name: jenkins-docker
    image: 767648288756.dkr.ecr.eu-west-1.amazonaws.com/bln-docker-aws:latest
    imagePullPolicy: Always
    resources:
      requests:
        cpu: 1
    env:
    - name: AWS_SDK_LOAD_CONFIG
      value: "true"
    command:
    - /bin/cat
    tty: true
    volumeMounts:
      - name: docker-config
        mountPath: /root/.docker/
      - name: aws-creds
        mountPath: /root/.aws/credentials
        subPath: ..data/credentials
      - name: aws-config
        mountPath: /root/.aws/config
        subPath: ..data/config
      - name: dockersock
        mountPath: "/var/run/docker.sock"
  volumes:
  - name: docker-config
    configMap:
      defaultMode: 420
      name: docker-config
  - name: aws-creds
    secret:
      secretName: aws-creds
  - name: aws-config
    configMap:
      defaultMode: 420
      name: aws-config
  - name: dockersock
    hostPath:
      path: /var/run/docker.sock

Jenkins library to build and push image to ECR: DockerBuildDocker.groovy (Bitbucket)

Complete example of the task:

@Library('bln-jenkins-shared')_

def project = 'build-zeppelin'
def BRANCH = env.BRANCH
def DOCKER_FILE = env.DOCKER_FILE
def DOCKERFILE_PATH = env.DOCKERFILE_PATH

pipeline {

  options {
    ansiColor('xterm')
  } 

  agent {
    kubernetes {
      //cloud 'kubernetes'
      label "jenkins-docker-${project}"
      yaml """
kind: Pod
apiVersion: v1
metadata:
  name: jenkins-docker
spec:
  securityContext:
    fsGroup: 995    # Group ID of docker group on k8s nodes.
  containers:
  - name: jenkins-docker
    image: 767648288756.dkr.ecr.eu-west-1.amazonaws.com/bln-docker-aws:latest
    imagePullPolicy: Always
    resources:
      requests:
        cpu: 1
    env:
    - name: AWS_SDK_LOAD_CONFIG
      value: "true"
    command:
    - /bin/cat
    tty: true
    volumeMounts:
      - name: docker-config
        mountPath: /root/.docker/
      - name: aws-creds
        mountPath: /root/.aws/credentials
        subPath: ..data/credentials
      - name: aws-config
        mountPath: /root/.aws/config
        subPath: ..data/config
      - name: dockersock
        mountPath: "/var/run/docker.sock"
  volumes:
  - name: docker-config
    configMap:
      defaultMode: 420
      name: docker-config
  - name: aws-creds
    secret:
      secretName: aws-creds
  - name: aws-config
    configMap:
      defaultMode: 420
      name: aws-config
  - name: dockersock
    hostPath:
      path: /var/run/docker.sock
"""
    }
  }
  stages {
    stage('Checkout') {
      steps {
        git branch: BRANCH, 
            credentialsId: 'ci_fyber_com', 
            url: 'git@github.com:SponsorPay/aws-infrastructure-code.git'
      }
    }
    stage('Build with docker inside docker') {
      steps {
        container(name: 'jenkins-docker', shell: '/bin/bash') {
          DockerBuildDocker(DOCKER_FILE, DOCKERFILE_PATH)
        }
      }
    }
  }
}