Skip to content

Instantly share code, notes, and snippets.

@deterralba

deterralba/Dockerfile

Created August 23, 2017 14:14
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save deterralba/9dfe0eabf425148bd470293bb8cebab2 to your computer and use it in GitHub Desktop.
Save deterralba/9dfe0eabf425148bd470293bb8cebab2 to your computer and use it in GitHub Desktop.
Download ZIP
Start traefik with docker backend in circleCI 2.0 (after setup_remote_docker)
Raw
README.md

The issue

CircleCI uses a TCP endpoint (echo $DOCKER_HOST) and not the unix socket to communicate with the docker deamon (on another docker machine). Mounting volumes won't work: /var/run/docker.sock:/var/run/docker.sock fails. Source circleCI building-docker-images and circleCI docker-compose

Solution

Setup traefik with a TCP endpoint :

  • You need to copy the certificats: cp -R $DOCKER_CERT_PATH ./circle-cert (after you ran - setup_remote_docker in you circle file)
  • Then docker build -t traefik-ci Dockerfile (see the dockerfile next).
  • You can run docker run --rm -p 80:80 --name traefik-reverse-proxy traefik-ci -l debug --docker --docker.endpoint=$DOCKER_HOST --docker.tls=true --docker.tls.ca=/cert/ca.pem --docker.tls.key=/cert/key.pem --docker.tls.cert=/cert/cert.pem --docker.tls.insecureskipverify=true .

Misc

Thanks to https://discuss.circleci.com/t/gcloud-docker-push-image/15040 and https://discuss.circleci.com/t/cannot-connect-to-the-docker-daemon-at-unix-var-run-docker-sock/12195 for the inspiration.

If something is wrong, say it here! Hope this helps.

Raw
Dockerfile
# Docker file used for traefik in CircleCI
FROM traefik
# Necessary because CircleCI use a tcp endpoint and not the unix socket.
# It requires certificats for TLS, and because CircleCI use docker machine,
# mounting a volume doesn't work.
# NB circle-cert needs to contain $DOCKER_CERT_PATH, see README.md
COPY circle-cert /cert
# if you used to share other volumes, you need to copy them now or with `docker cp`
# NB if you mount volumes in a docker-compose.yml file, they won't be mounted to the container but will
# make it fail if the volume they mount already exists (example here: /ssl or /traefik.toml)
# COPY ssl /ssl
# COPY traefik.ci.toml /traefik.toml
@roborourke
Copy link

Thanks for this. I think I'm doing something wrong though as I still see it complaining about trying to connect to the daemon at http+docker://localhost - have you had to make any updates to this in the last two years?

We run traefik via a separate docker compose file called proxy.yml so I'm not sure how to pass the docker options to it this way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment