How To: Access the Docker Daemon in a Codefresh build
This article describes how to access the Docker Daemon within a pipeline step for custom use cases.
Docker Daemon access support
Codefresh’s built-in steps cover the most common uses-cases for access to the Docker Daemon:
- Build a Docker image: Build step
- Push a Docker image: Push step
- Run a Docker Composition: Composition step and Service Containers
You may have custom use-cases when you need direct access to the Docker Daemon in your steps.
For example:
- As part of your test-step you need to dynamically create new containers (Testcontainers library)
- You need to run a composition and dynamically add to that composition a new container you’ll create
- You need to send specific flags to your docker-build process
For all custom cases, you can access the Docker Daemon in your pipeline step by providing the correct configuration in freestyle
and composition
steps. .
Direct access to Docker Daemon options
There are two main options to access the Docker Daemon in a pipeline step:
- In a
freestyle
step: By using an image with Docker installed, and mounting the required volumes (the Docker socket). In Hybrid Runtime Environments, these volumes are already mounted. You don’t need to specify anything else. - In a
composition
step: Similar to thefreestyle
step option, you’ll need to use an image with Docker installed in one of the composition-services. And mount the corresponding volumes to that composition-service.
The following sections provide details on how to use each of the options.
Accessing the Docker Daemon in a freestyle
step
The following snippet shows an example of how to access the Docker Daemon in a freestyle
step:
docker_daemon_access:
image: docker
commands:
- docker version
- docker ps
- docker run alpine ping 8.8.8.8 -c 4
- docker build -t your/image -f yourDockerfile .
- Hybrid Runtime Environments (REs)
In Hybrid REs with the Codefresh Runner, this is the default approach to access the Docker Daemon. Since the REs run in your infrastructure, access to the Docker Daemon in afreestyle
step is enabled by default. - SaaS REs
SaaS REs do not support this approach as the Docker Daemon is not exposed tofreestyle
steps by default for security reasons.
You can still use the RE hosted by Codefresh. For this option, you’ll need a dedicated Runtime Environment.
Accessing the Docker Daemon in a composition step
The following snippet shows an example of how to access the Docker Daemon in a composition
step:
docker_daemon_access:
title: composition style step
type: composition
composition:
version: '2'
services:
docker_compose:
image: docker/compose
command: sh -c "docker-compose --version"
volumes: # Volumes required to run DIND and to mount your Repository
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker:/var/lib/docker
- ${{CF_VOLUME_NAME}}:/codefresh/volume
composition_candidates:
test_service:
image: docker
command: docker ps
volumes: # Volumes required to run DIND and to mount your Repository
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker:/var/lib/docker
- ${{CF_VOLUME_NAME}}:/codefresh/volume
-
On-premises
This approach is supported out-of-the-box in on-premises environments. -
Hybrid REs
Docker socket mapping incomposition
is supported only when the concurrency is set to all, or in a dedicated cluster provided by Codefresh.
A similar implementation can be achieved using Service Containers :
docker_daemon_access_serv_cont:
image: alpine
commands:
- echo testing
services:
composition:
my_service:
image: docker
command: docker ps
volumes: # Volumes required to run DIND and to mount your Repository
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker:/var/lib/docker
- ${{CF_VOLUME_NAME}}:/codefresh/volume
We encourage you to keep using our built-in steps as they cover almost all common use cases for access to the Docker Daemon.
Because the built-in steps support different levels of optimization, such as the Codefresh caching mechanism, their usage is directly related to the level of traceability. For example, the images you build in Codefresh using the build
step are reflected in the images view and other dashboards we provide.
Reserve directly accessing the Docker Dameon for very specific use-cases.