Permission denied with Docker in Docker in Atlassian Bamboo Server Permission denied with Docker in Docker in Atlassian Bamboo Server kubernetes kubernetes

Permission denied with Docker in Docker in Atlassian Bamboo Server


docker kubernetes bamboo docker-in-docker dind

The /var/run/docker.sock file on the host system is owned by a different user than the user that is running the bamboo-server container process.

Without knowing any details about your cluster, I would assume docker runs as 'root' (UID=0). The bamboo-server runs as 'bamboo', as can be seen from its Dockerfile, which will normally map to a UID in the 1XXX range on the host system. As these users are different and the container process did not receive any specific permissions over the (host) socket, the error is given.

So I think there are two approaches possible:

  • Or the container process continues to run as the 'bamboo' user, but is given sufficient permissions on the host system to access /var/run/docker.sock. This would normally mean adding the UID the bamboo user maps to on the host system to the docker group on the host system. However, making changes to the host system might or might not be an option depending on the context of your cluster, and is tricky in a cluster context because the pod could migrate to a different node where the changes were not applied and/or the UID changes.

  • Or the container is changed as to run as a sufficiently privileged user to begin with, being the root user. There are two ways to accomplish this: 1. you extend and customize the Atlassian provided base image to change the user or 2. you override the user the container runs as at run-time by means of the 'runAsUser' and 'runAsGroup' securityContext instructions as specified here. Both should be '0'.

docker kubernetes bamboo docker-in-docker dind

As mentioned in the documentation here

If you want to run docker as non-root user then you need to add it to the docker group.

Create the docker group if it does not exist

$ sudo groupadd docker

Add your user to the docker group.

$ sudo usermod -aG docker $USER

Log out and log back in so that your group membership is re-evaluated.

$ newgrp docker

Verify that you can run docker commands without sudo

$ docker run hello-world

If that doesn't help you can change the permissions of docker socket to be able to connect to the docker daemon /var/run/docker.sock.

sudo chmod 666 /var/run

docker kubernetes bamboo docker-in-docker dind

A better way to handle this is to run a sidecar container - docker:dind, and export DOCKER_HOST=tcp://dind:2375 in the main Bamboo container. This way you will invoke Docker in a dind container and won't need to mount /var/run/docker.sock

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last