title | permalink |
---|---|
Use Docker container |
advanced/ci_cd/run_in_container/use_docker_container.html |
NOTICE: werf currently supports building images with the Docker server or without the Docker server (in experimental mode). Building images without the Docker server is still experimental, however, it is the only recommended mode.
NOTICE: For now, only the Dockerfile image builder is available for this type of builds. The Stapel image builder will be available soon.
There is an official image with werf 1.2 for this method (1.1 is not supported): ghcr.io/werf/werf
.
Select one of the [available operating modes]({{ "advanced/ci_cd/run_in_container/how_it_works.html#modes-of-operation" | true_relative_url }}).
In this case, you only need to disable the seccomp and AppArmor profiles. Below is an example of a command that does this:
docker run \
--security-opt seccomp=unconfined --security-opt apparmor=unconfined \
ghcr.io/werf/werf:latest WERF_COMMAND
In this case, just use the privileged container. Below is an example of a command that does this:
docker run \
--privileged \
ghcr.io/werf/werf:latest WERF_COMMAND
In this case, disable the seccomp and AppArmor profiles and enable /dev/fuse
in the container (so that fuse-overlayfs
can work). Below is an example of a command that does this:
docker run \
--device /dev/fuse \
--security-opt seccomp=unconfined --security-opt apparmor=unconfined \
ghcr.io/werf/werf:latest WERF_COMMAND
This method supports building Dockerfile images or Stapel images.
Below is an example of a command that does this:
docker run \
--privileged \
--volume $HOME/.werf:/root/.werf \
--volume /tmp:/tmp \
--volume /var/run/docker.sock:/var/run/docker.sock \
IMAGE WERF_COMMAND
For this method, build your own Docker image using werf.
This method only supports building Dockerfile images. Stapel images are not supported because the Stapel image builder uses mounts from the host system to Docker images.
The easiest way to use a remote Docker server inside a Docker container is Docker-in-Docker (dind).
For this method, build your own image based on docker:dind
.
Below is an example of a command:
docker run \
--env DOCKER_HOST="tcp://HOST:PORT" \
IMAGE WERF_COMMAND
Build your own docker image with werf for this method.
In case of problems, refer to the [troubleshooting section]({{ "advanced/ci_cd/run_in_container/how_it_works.html#troubleshooting" | true_relative_url }})