C
Coder.com8mo ago
JFK

Setting up a Privileged Sidecar

Following the documentation here: https://coder.com/docs/v2/latest/templates/docker-in-workspaces#use-a-privileged-sidecar-container-in-docker-based-templates I started with the starter template for docker containers. Addded the resource block for a private network, the dind container and updated the networks_advanced entry and the DOCKER_HOST env setting in the workspace container. I can see that both are loaded. However, maybe mistakenly, I expect to run a docker command from the shell. This is probably my lack of understanding, but I'm basically trying to get docker commands in the workspace and rather than trying to install docker in the container, I thought it would be simpler to just add the sidecar.
Docker in workspaces - Coder v2 Docs
Use Docker inside containerized templates
No description
6 Replies
Codercord
Codercord8mo ago
<#1224707470941880350>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
sharkymark
sharkymark8mo ago
it works for me, (docker run hello-world) - did you use codercom/enterprise-base? It has the Docker CLI and the container user is in the docker group - so if you use a custom image, it needs the same. Here's the enterprise-base Dockerfile https://github.com/coder/enterprise-images/tree/main/images/base But there is a missing item in the docs - there's isn't a count on the dind container so it will stay running when the workspace shuts down.
GitHub
enterprise-images/images/base at main · coder/enterprise-images
Example Docker images for use with Coder. Contribute to coder/enterprise-images development by creating an account on GitHub.
sharkymark
sharkymark8mo ago
Also keep in mind the security issues with a side-car - the dind container has to be privileged which means it can access the host.
JFK
JFKOP8mo ago
ugh, you know what? I am using ubuntu: latest as the base container... I bet that is the issue. Understand the security issue. This coder instance is closed to a small dev team, so not overly concerned as they all have access to the host anyway.
sharkymark
sharkymark8mo ago
ok sounds good, just pointing it out. i like the convenience of side car too.
JFK
JFKOP8mo ago
I'm attempting to use the codercom/enterprise-base but I'm running into all kinds of issues. The sidecar definitely works with that container. So that's a great thing. But I have a bunch of other things I need to add for our environment. I appreicate the help. If you want you can close this. I have other questions but not about the sidecar, so will ask in a different thread.
Want results from more Discord servers?
Add your server