-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use TLS for secure docker connection #192
Conversation
@Warashi Hey! Thanks for the PR and sorry for the delayed response. It took more time than I had expected due to I had a little vacation. Would you mind reopening this if possible, so that I can test/review this once again? |
Oops, I mistakenly closed this PR and I have not noticed. |
e47992c
to
baf8cc6
Compare
resolved conflicts |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for the enhancement @Warashi
Note that this seem to break Hopefully this can be fixed by migrating to docker's own buildx action in #197
|
Okay even docker's own setup-buildx-action doesn't work 😇
|
Seems this is exactly what docker/buildx#413 says |
You can reproduce docker/buildx#413 on the runner container by running the below steps:
The fix should be indeed to create the dedicated docker context and use that to create the buildx builder:
|
In nutshell, you need to pass the valid docker context that has all the TLS settings inherited from envvars. In the following example, we add
|
The below is the workflow config change you need in order to use mumoshu/actions-runner-controller-ci@e91c8c0 I have no confidence if this should bother |
By #177 、 docker cmd in runner container use tcp connection to communicate with dockerd in dind container, and this connection is not encrypted.
This PR adds configuration to encrypt the connection.
ref: docker-library/docker#170 (comment)