# add docker in docker

czy21 · Sep 5, 2024 · c3ccc15 · c3ccc15
1 parent 50c55c9
commit c3ccc15
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 14 deletions.
diff --git a/server/docker/ops/docker/conf/daemon.json b/server/docker/ops/docker/conf/daemon.json
@@ -0,0 +1,4 @@
+{
+    "registry-mirrors": ["http://registry-proxy.czy21-internal.com"],
+    "insecure-registries": ["registry.czy21-internal.com", "registry-proxy.czy21-internal.com"]
+}
diff --git a/server/docker/ops/docker/deploy.yml b/server/docker/ops/docker/deploy.yml
@@ -0,0 +1,17 @@
+version: "3.9"
+
+services:
+
+  docker:
+    image: "docker:27.2.0-dind"
+    pull_policy: always
+    container_name: docker
+    hostname: docker
+    privileged: true
+    volumes:
+      - {{ param_docker_data }}/{{ param_role_name }}/conf/daemon.json:/etc/docker/daemon.json
+      - {{ param_docker_data }}/{{ param_role_name }}/conf/certs/:/certs/client
+      - {{ param_docker_data }}/{{ param_role_name }}/data/:/var/lib/docker
+    environment:
+      DOCKER_TLS_CERTDIR: /certs
+    restart: always
diff --git a/server/docker/ops/jenkins-ssh-agent/Dockerfile b/server/docker/ops/jenkins-ssh-agent/Dockerfile
@@ -1,9 +1,7 @@
 FROM jenkins/ssh-agent:5.46.0-jdk17
 
 USER root
-RUN apt update && apt install git sudo curl -y
-RUN curl -L "https://github.com/docker/compose/releases/download/v{{ param_compose_version }}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-RUN chmod +x /usr/local/bin/docker-compose
-RUN ln -sf /usr/local/bin/docker-compose /usr/bin/docker-compose
-RUN echo -n "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/99-custom
-RUN usermod -aG sudo jenkins
+RUN apt-get update && apt-get install -y lsb-release
+RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc https://download.docker.com/linux/debian/gpg
+RUN echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.asc] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
+RUN apt-get update && apt-get install -y docker-ce-cli
diff --git a/server/docker/ops/jenkins-ssh-agent/deploy.yml b/server/docker/ops/jenkins-ssh-agent/deploy.yml
@@ -13,9 +13,13 @@ services:
       - {{ param_docker_data }}/{{ param_role_name }}/data/:/home/jenkins/
       - {{ param_docker_data }}/{{ param_role_name }}/data/.jenkins:/home/jenkins/.jenkins
       - {{ param_docker_data }}/{{ param_role_name }}/data/agent:/home/jenkins/agent
+      - {{ param_docker_data }}/docker/conf/certs/:/certs/client
       - /run/:/run/
       - /var/run/:/var/run/
       - /tmp/:/tmp/
     environment:
       JENKINS_AGENT_SSH_PUBKEY: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNiu2EIXk3id8QagrKhcHqzdGPzjE0oLag1lAMK/oBT3nidQb9o7Cprj+iJeeghWw3NjcFHppMmzzmnzI7lseiVZ0s/tgH6qBAozUkIqHFROKvnMi0oQ/oVBqgRVAO8tVLjou31e6DB4ru3ycBEnNZXj2Z+6CPvZc7s4LuTdvgnJFgPPBWYKzqMh0BsWFskO72tjkd3SrIA0KL36Ezy/e82g2qozCISO+X3Y7lnWqP9WRuAzWLwm24iH01X5/EdkfupW6pDsrA8PwHnbFMvNBEaCQZpEk3Nbw5pg6lMYfZX6q4wzqFnrS6A2zFKgZuT/PcptTxhuDQsbyEf4hcJMCXuHRHWsnNYqmtffEenydYojcLK7cWSDifq7gqci/SpmUTC8VlSYLHwL6AFLAoAOez7Zq5+wGlUaqZ4tddZ4dLRlMLL0ZQi5N0tDbmvkSKDjkJSGJcEbpR6/hcvDqmuPcttb26X0jc0HeEApx2+cWOnD9BUxTVSAOqD2kzLIAsitE= 805899926@qq.com
+      DOCKER_HOST: tcp://docker:2376
+      DOCKER_CERT_PATH: /certs/client
+      DOCKER_TLS_VERIFY: 1
     restart: always
diff --git a/server/docker/ops/jenkins/Dockerfile b/server/docker/ops/jenkins/Dockerfile
@@ -1,10 +1,8 @@
-FROM jenkins/jenkins:2.474-jdk17
+FROM jenkins/jenkins:2.475-jdk17
 
 USER root
-RUN apt update && apt install sudo -y
-RUN curl -L "https://github.com/docker/compose/releases/download/v{{ param_compose_version }}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-RUN chmod +x /usr/local/bin/docker-compose
-RUN ln -sf /usr/local/bin/docker-compose /usr/bin/docker-compose
-RUN echo -n "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/99-custom
-RUN usermod -aG sudo jenkins
+RUN apt-get update && apt-get install -y lsb-release
+RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc https://download.docker.com/linux/debian/gpg
+RUN echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.asc] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
+RUN apt-get update && apt-get install -y docker-ce-cli
 USER jenkins
diff --git a/server/docker/ops/jenkins/deploy.yml b/server/docker/ops/jenkins/deploy.yml
@@ -19,11 +19,14 @@ services:
       - "50000:50000"
     volumes:
       - {{ param_docker_data }}/{{ param_role_name }}/data/:/var/jenkins_home/
-      - /var/run/docker.sock:/var/run/docker.sock
+      - {{ param_docker_data }}/docker/conf/certs/:/certs/client
     environment:
       JENKINS_UC: https://mirrors.aliyun.com/jenkins/updates/update-center.json
       JENKINS_UC_EXPERIMENTAL: https://mirrors.aliyun.com/jenkins/updates/experimental/update-center.json
       JAVA_OPTS: "-Xverify:none"
+      DOCKER_HOST: tcp://docker:2376
+      DOCKER_CERT_PATH: /certs/client
+      DOCKER_TLS_VERIFY: 1
     deploy:
       resources:
         limits: