Coder.com•7mo ago

docker daemon

Hi, I am learning kubernetes and stuff around it and decided to deploy coder on my home server running microk8s. After like 5 hours, finally got it working with argocd (i am noob with helm yet) but when i try to create a docker template, it throws an error that it cannot connect to docker. any ideas?

21 Replies

Codercord•7mo ago

<#1216337189030334516>

Category

Help needed

Product

Coder OSS (v2)

Platform

Linux

Logs

Please post any relevant logs/error messages.

Atif•7mo ago

Is Docker installed? And docker socket mounted into the Coder pods?

erik.kubica•7mo ago

Yes, I have. Yes it is. I have mounted it later, now I have issue with permissions, so i have: securityContext: runAsNonRoot: false allowPrivilegeEscalation: true and still does not like the permissions my chart.yaml

apiVersion: v2
name: coder-custom
description: A custom Helm chart that extends the original-chart.
version: 0.1.0
appVersion: 1.0.0
keywords:
maintainers:
  - name: Erik Kubica
    email: erik.kubica@gmail.com
dependencies:
  - name: coder
    version: 2.8.5
    repository: https://helm.coder.com/v2

apiVersion: v2
name: coder-custom
description: A custom Helm chart that extends the original-chart.
version: 0.1.0
appVersion: 1.0.0
keywords:
maintainers:
  - name: Erik Kubica
    email: erik.kubica@gmail.com
dependencies:
  - name: coder
    version: 2.8.5
    repository: https://helm.coder.com/v2

my values.yaml

coder:
  coder:
    env:
      - name: CODER_PG_CONNECTION_URL
        valueFrom:
          secretKeyRef:
            name: coder-db-url
            key: url
      - name: CODER_ACCESS_URL
        value: "https://coder.apps.erik-kubica.dev"
    service:
      enable: true
      type: NodePort
    ingress:
      enable: true
      className: "public"
      host: "coder.apps.erik-kubica.dev"
      tls:
        enable: true
    securityContext:
      runAsNonRoot: false
      allowPrivilegeEscalation: true
    volumes: 
      - name: docker-socket
        hostPath:
          path: /var/run/docker.sock
    volumeMounts:
      - name: docker-socket
        mountPath: /var/run/docker.sock

coder:
  coder:
    env:
      - name: CODER_PG_CONNECTION_URL
        valueFrom:
          secretKeyRef:
            name: coder-db-url
            key: url
      - name: CODER_ACCESS_URL
        value: "https://coder.apps.erik-kubica.dev"
    service:
      enable: true
      type: NodePort
    ingress:
      enable: true
      className: "public"
      host: "coder.apps.erik-kubica.dev"
      tls:
        enable: true
    securityContext:
      runAsNonRoot: false
      allowPrivilegeEscalation: true
    volumes: 
      - name: docker-socket
        hostPath:
          path: /var/run/docker.sock
    volumeMounts:
      - name: docker-socket
        mountPath: /var/run/docker.sock

Atif•7mo ago

What is the gid of docker group on host? Coder user inside the Coder pod needs to be member of that group

erik.kubica•7mo ago

i had no group, so i created one, but pod is trying to run gid 1000 which is my sudoer user how can a user in pod be part of group on host machine? when i tried add coder into group it just said coder user does not exist

Atif•7mo ago

Can you show getent group docker on host?

erik.kubica•7mo ago

root@erik-XPS-15-7590:~/infrastructure# getent group docker
docker:x:1002:erik

root@erik-XPS-15-7590:~/infrastructure# getent group docker
docker:x:1002:erik

if it helps, my docker is a snap install

Atif•7mo ago

hmm. We just need the coder user in coder container to be a meber of 1002 group or have gid 1002

erik.kubica•7mo ago

pod does not deteted the group

coder-7796f56c98-92wxm:~$ getent group docker
coder-7796f56c98-92wxm:~$

coder-7796f56c98-92wxm:~$ getent group docker
coder-7796f56c98-92wxm:~$

Atif•7mo ago

could you try?

securityContext:
  runAsGroup: 1002

securityContext:
  runAsGroup: 1002

first only try runAsGroup

erik.kubica•7mo ago

Error pinging Docker server: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/_ping": dial unix /var/run/docker.sock: connect: permission denied

Error pinging Docker server: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/_ping": dial unix /var/run/docker.sock: connect: permission denied

same result with added fsGroup

Atif•7mo ago

ok Try

securityContext:
  supplementalGroups:
        - 1002

securityContext:
  supplementalGroups:
        - 1002

We do run docker workspaces within a k8s deployment. But our docker hosts are remote. So This has not come so far

erik.kubica•7mo ago

i might have to resolve issue with security context, because argocd reports: securityContext: {}

Atif•7mo ago

As an alternative you can check https://coder.com/docs/v2/latest/platforms/docker#using-remote-docker-host

Docker - Coder v2 Docs

Set up Coder with Docker

erik.kubica•7mo ago

securitz context finally ocntains the values, but no change. i will check the link you posted, theoretically i can have my host machine as "remote" machine right? I probably should have started with a reboot! It works now, not sure which step made a difference but created a docker workspace Thank you very much

Gaming

Programming

docker daemon