Using the DinD example that stores the built image in the container
registry may not be visible to the Kubernetes executor if the default
image pull policy defaults to IfNotPresent.
Docker 19.03 enables TLS by default:
```
Starting in 18.09+, the dind variants of this image will automatically
generate TLS certificates in the directory specified by the
DOCKER_TLS_CERTDIR environment variable.
Warning: in 18.09, this behavior is disabled by default (for
compatibility). If you use --network=host, shared network namespaces (as
in Kubernetes pods), or otherwise have network access to the container
(including containers started within the dind instance via their gateway
interface), this is a potential security issue (which can lead to access
to the host system, for example). It is recommended to enable TLS by
setting the variable to an appropriate value (-e
DOCKER_TLS_CERTDIR=/certs or similar). In 19.03+, this behavior is
enabled by default.
```
Update the example to use docker over TLS.
Many code blocks are 4spaced, and they render in GitLab
without coloring as a result, even though they are
fenced with a language label. If in a list, other items
will render as being in a code block too, even if not
meant to. This fixes all these issues for most docs in
/ci, and cleans up other minor whitespace issues too.
When using `docker:dind` service and the Runner has the socket mounted
as well it will lead to the following error:
```
Failed to load listeners: can't create unix socket /var/run/docker.sock:
device or resource busy
```
reference https://gitlab.com/gitlab-org/gitlab-ce/issues/63418
* master: (230 commits)
Fix N+1 query in loading pipelines in merge requests
Fix Spinach and Capybara dependencies
Prevent users from disconnecting gitlab account from CAS
30276 Move issue, mr, todos next to profile dropdown in top nav
Refactor SearchController#show
Properly eagerly-load the Capybara server for JS feature specs only
Updating documentation to include a missing step in the update procedure
Eager-load the Capybara server to prevent timeouts
Increase Capybara's timeout
Add metrics button to Environment Overview page
Fix link to Jira service documentation
Handle parsing OpenBSD ps output properly to display sidekiq infos on ...
Eliminate unnecessary queries that add ~500 ms of load time for a large issue
20914 Limits line length for project home page
Allow users to import GitHub projects to subgroups
Update dpl CI example
Fix the docs:check:links job
Don't clean up the gitlab-test-fork_bare repo
Make GitLab use Gitaly for commit_is_ancestor
Remove unnecessary ORDER BY clause from `forked_to_project_id` subquery
...
* master: (1327 commits)
Merge branch 'render-json-leak' into 'security'
Merge branch 'ssrf' into 'security'
Merge branch 'ssrf' into 'security'
Merge branch 'fix-links-target-blank' into 'security'
Merge branch '28058-hide-emails-in-atom-feeds' into 'security'
Fix karma test
Reset filters after click
Handle Route#name being nil after an update
Only add frontend code coverage instrumentation when generating coverage report
fix recompile assets step in 9.0 upgrade guide to use yarn
Undo explicit conversion to Integer
Make level_value accept string integers
Make feature spec more robust
Removed d3.js from the main application.js bundle
Extend compound status for manual actions specs
Update css to be nice and tidy.
Fix pipeline status for transition between stages
add an index to the ghost column
Return 404 in project issues API endpoint when project cannot be found
Improve rename projects migration
...
Conflicts:
doc/ci/docker/using_docker_build.md
spec/lib/gitlab/import_export/all_models.yml
GitLab 8.12 introduced a new permissions model which tightened the
security of Container Registry. It is now required to use a personal
token if 2FA is enabled.
[ci skip]
Fix docker.sock reference in config.toml
## What does this MR do?
`config.toml` sample did not correctly represent the `/var/run/docker.sock` mapping, causing it to be created as a volume instead.
## Why was this MR needed?
It was broken.
See merge request !5172
GitLab Bot
Marcel Amirault
Kyle Russell
NeroBurner
Steve Azzopardi
Evan Read
Danial Khoshkhou
Sven Gerlach
Tristan Williams
Christian Morsing
Siim Tiilen
Achilleas Pipinellis
Cauan Cabral
Cam
Brett Walker
Tobias Hernstig
Tomasz Maczukin
Philippe Lafoucrière
Athar Hameed
Teresa e Junior
Dominik
Fabio Busatto
Achilleas Pipinellis
Grzegorz Bizon
Niklas
Z.J. van de Weg
Andre Guedes
Rémy Coutable
Dmitriy Volkov
Connor Shea
Sean McGivern
Ben Bodenmiller
Aurelio Jargas
Niels Keurentjes
Mark Pundsack
Takuya Noguchi
Alex Jordan
Cyriac Thomas
Kamil Trzcinski
Douwe Maan