How To: Access the Docker Daemon in a Codefresh build

This article describes how to access the Docker Daemon within a pipeline step for custom use cases.

Docker Daemon access support

Codefresh’s built-in steps cover the most common uses-cases for access to the Docker Daemon:

• Build a Docker image: Build step
• Push a Docker image: Push step
• Run a Docker Composition: Composition step and Service Containers

You may have custom use-cases when you need direct access to the Docker Daemon in your steps.
For example:

• As part of your test-step you need to dynamically create new containers (Testcontainers library)
• You need to run a composition and dynamically add to that composition a new container you’ll create
• You need to send specific flags to your docker-build process

For all custom cases, you can access the Docker Daemon in your pipeline step by providing the correct configuration in freestyle and composition steps. .

Direct access to Docker Daemon options

There are two main options to access the Docker Daemon in a pipeline step:

• In a freestyle step: By using an image with Docker installed, and mounting the required volumes (the Docker socket). In Hybrid Runtime Environments, these volumes are already mounted. You don’t need to specify anything else.
• In a composition step: Similar to the freestyle step option, you’ll need to use an image with Docker installed in one of the composition-services. And mount the corresponding volumes to that composition-service.

The following sections provide details on how to use each of the options.

Accessing the Docker Daemon in a freestyle step

The following snippet shows an example of how to access the Docker Daemon in a freestyle step:

docker_daemon_access:
  image: docker
  commands:
    - docker version
    - docker ps
    - docker run alpine ping 8.8.8.8 -c 4
    - docker build -t your/image -f yourDockerfile .

• Hybrid Runtime Environments (REs)
  In Hybrid REs with the Codefresh Runner, this is the default approach to access the Docker Daemon. Since the REs run in your infrastructure, access to the Docker Daemon in a freestyle step is enabled by default.
• SaaS REs
  SaaS REs do not support this approach as the Docker Daemon is not exposed to freestyle steps by default for security reasons.
  You can still use the RE hosted by Codefresh. For this option, you’ll need a dedicated Runtime Environment.

Accessing the Docker Daemon in a composition step

The following snippet shows an example of how to access the Docker Daemon in a composition step:

docker_daemon_access:
  title: composition style step
  type: composition
  composition:
    version: '2'
    services:
      docker_compose:
        image: docker/compose
        command: sh -c "docker-compose --version"
        volumes: # Volumes required to run DIND and to mount your Repository
          - /var/run/docker.sock:/var/run/docker.sock
          - /var/lib/docker:/var/lib/docker
          - ${{CF_VOLUME_NAME}}:/codefresh/volume
  composition_candidates:
    test_service:
      image: docker
      command: docker ps
      volumes: # Volumes required to run DIND and to mount your Repository
        - /var/run/docker.sock:/var/run/docker.sock
        - /var/lib/docker:/var/lib/docker
        - ${{CF_VOLUME_NAME}}:/codefresh/volume

• On-premises
  This approach is supported out-of-the-box in on-premises environments.

• Hybrid REs
  Docker socket mapping in composition is supported only when the concurrency is set to all, or in a dedicated cluster provided by Codefresh.

A similar implementation can be achieved using Service Containers :

docker_daemon_access_serv_cont:
  image: alpine
  commands:
    - echo testing
  services:
    composition:
      my_service:
        image: docker
        command: docker ps
        volumes: # Volumes required to run DIND and to mount your Repository
          - /var/run/docker.sock:/var/run/docker.sock
          - /var/lib/docker:/var/lib/docker
          - ${{CF_VOLUME_NAME}}:/codefresh/volume