C
Coder.com9mo ago
erik.kubica

docker daemon

Hi, I am learning kubernetes and stuff around it and decided to deploy coder on my home server running microk8s. After like 5 hours, finally got it working with argocd (i am noob with helm yet) but when i try to create a docker template, it throws an error that it cannot connect to docker. any ideas?
21 Replies
Codercord
Codercord9mo ago
<#1216337189030334516>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
Atif
Atif9mo ago
Is Docker installed? And docker socket mounted into the Coder pods?
erik.kubica
erik.kubicaOP9mo ago
Yes, I have. Yes it is. I have mounted it later, now I have issue with permissions, so i have: securityContext: runAsNonRoot: false allowPrivilegeEscalation: true and still does not like the permissions my chart.yaml 
apiVersion: v2
name: coder-custom
description: A custom Helm chart that extends the original-chart.
version: 0.1.0
appVersion: 1.0.0
keywords:
maintainers:
  - name: Erik Kubica
dependencies:
  - name: coder
    version: 2.8.5
    repository: https://helm.coder.com/v2
apiVersion: v2
name: coder-custom
description: A custom Helm chart that extends the original-chart.
version: 0.1.0
appVersion: 1.0.0
keywords:
maintainers:
  - name: Erik Kubica
dependencies:
  - name: coder
    version: 2.8.5
    repository: https://helm.coder.com/v2
my values.yaml 
coder:
  coder:
    env:
      - name: CODER_PG_CONNECTION_URL
        valueFrom:
          secretKeyRef:
            name: coder-db-url
            key: url
      - name: CODER_ACCESS_URL
        value: "https://coder.apps.erik-kubica.dev"
    service:
      enable: true
      type: NodePort
    ingress:
      enable: true
      className: "public"
      host: "coder.apps.erik-kubica.dev"
      tls:
        enable: true
    securityContext:
      runAsNonRoot: false
      allowPrivilegeEscalation: true
    volumes: 
      - name: docker-socket
        hostPath:
          path: /var/run/docker.sock
    volumeMounts:
      - name: docker-socket
        mountPath: /var/run/docker.sock
coder:
  coder:
    env:
      - name: CODER_PG_CONNECTION_URL
        valueFrom:
          secretKeyRef:
            name: coder-db-url
            key: url
      - name: CODER_ACCESS_URL
        value: "https://coder.apps.erik-kubica.dev"
    service:
      enable: true
      type: NodePort
    ingress:
      enable: true
      className: "public"
      host: "coder.apps.erik-kubica.dev"
      tls:
        enable: true
    securityContext:
      runAsNonRoot: false
      allowPrivilegeEscalation: true
    volumes: 
      - name: docker-socket
        hostPath:
          path: /var/run/docker.sock
    volumeMounts:
      - name: docker-socket
        mountPath: /var/run/docker.sock
Atif
Atif9mo ago
What is the gid of docker group on host? Coder user inside the Coder pod needs to be member of that group
erik.kubica
erik.kubicaOP9mo ago
i had no group, so i created one, but pod is trying to run gid 1000 which is my sudoer user how can a user in pod be part of group on host machine? when i tried add coder into group it just said coder user does not exist
Atif
Atif9mo ago
Can you show getent group docker on host?
erik.kubica
erik.kubicaOP9mo ago
root@erik-XPS-15-7590:~/infrastructure# getent group docker
docker:x:1002:erik
root@erik-XPS-15-7590:~/infrastructure# getent group docker
docker:x:1002:erik
if it helps, my docker is a snap install
Atif
Atif9mo ago
hmm. We just need the coder user in coder container to be a meber of 1002 group or have gid 1002
erik.kubica
erik.kubicaOP9mo ago
pod does not deteted the group 
coder-7796f56c98-92wxm:~$ getent group docker
coder-7796f56c98-92wxm:~$
coder-7796f56c98-92wxm:~$ getent group docker
coder-7796f56c98-92wxm:~$
Atif
Atif9mo ago
could you try? 
securityContext:
  runAsGroup: 1002
securityContext:
  runAsGroup: 1002
first only try runAsGroup
erik.kubica
erik.kubicaOP9mo ago
Error pinging Docker server: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/_ping": dial unix /var/run/docker.sock: connect: permission denied
Error pinging Docker server: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/_ping": dial unix /var/run/docker.sock: connect: permission denied
same result with added fsGroup
Atif
Atif9mo ago
ok Try 
securityContext:
  supplementalGroups:
        - 1002
securityContext:
  supplementalGroups:
        - 1002
We do run docker workspaces within a k8s deployment. But our docker hosts are remote. So This has not come so far
erik.kubica
erik.kubicaOP9mo ago
i might have to resolve issue with security context, because argocd reports: securityContext: {}
Atif
Atif9mo ago
erik.kubica
erik.kubicaOP9mo ago
securitz context finally ocntains the values, but no change. i will check the link you posted, theoretically i can have my host machine as "remote" machine right? I probably should have started with a reboot! It works now, not sure which step made a difference but created a docker workspace Thank you very much
Atif
Atif9mo ago
what did you add to values.yaml? Sharing it here will help others with similar issues
erik.kubica
erik.kubicaOP9mo ago
No description
erik.kubica
erik.kubicaOP9mo ago
and ran "newgrp docker" because docker site said "Log out and log back in so that your group membership is re-evaluated." then my docker ps was saying: error error so i did restart and now it works
Atif
Atif9mo ago
that is for the users on the machine where docker is installed. We are just using the docker socket in a container what do you see for securityContext: in argoCD?
erik.kubica
erik.kubicaOP9mo ago
yes, but my argocd is bugging out right now, because even if it syncs, its "out of sync" even if I compare with head it looks in sync. so I had to restart the deployment for it to detect changes in the values.yaml
erik.kubica
erik.kubicaOP9mo ago
the deployment does not really want to sync, even after prune replace
No description
Want results from more Discord servers?
Add your server