Update using_docker_build.md, clarify the 'privileged' mode requirement

[ci skip]

Update using_docker_build.md, clarify the 'privileged' mode requirement
[ci skip]
5fc6a7dc · Tomasz Maczukin · 793a7664 · 5fc6a7dc
Commit 5fc6a7dc authored Apr 25, 2016 by Tomasz Maczukin
Show whitespace changes
Inline Side-by-side

Showing with 48 additions and 16 deletions

doc/ci/docker/using_docker_build.md doc/ci/docker/using_docker_build.md +48 -16

No files found.
--- a/doc/ci/docker/using_docker_build.md
+++ b/doc/ci/docker/using_docker_build.md
@@ -88,24 +88,56 @@ In order to do that follow the steps:
      --token RUNNER_TOKEN \
      --executor docker \
      --description "My Docker Runner" \
-      --docker-image "gitlab/dind:latest" \
+      --docker-image "docker:latest" \
      --docker-privileged
    ```

-    The above command will register new Runner to use special [gitlab/dind](https://registry.hub.docker.com/u/gitlab/dind/) image which is provided by GitLab Inc.
-    The image at the start runs Docker daemon in [docker-in-docker](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/) mode.
+    The above command will register a new Runner to use special `docker:latest` image which is provided by Docker
+    creators. **Notice that it's using the `privileged` mode to start build and service containers.** If you want to use
+    [docker-in-docker](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/) mode, you always have to use
+    `privileged = true` in your docker containers.
+
+    The above command will create a `config.toml` entry similar to this:
+
+    ```
+    [[runners]]
+      url = "https://gitlab.com/ci"
+      token = TOKEN
+      executor = "docker"
+      [runners.docker]
+        tls_verify = false
+        image = "docker:latest"
+        privileged = true
+        disable_cache = false
+        volumes = ["/cache"]
+      [runners.cache]
+        Insecure = false
+    ```
+
+    If you want to use Shared Runners available on your GitLab CE/EE installation, to build docker images, then
+    make sure that your Shared Runners configuration have `privileged` mode set to `true`.

 1. You can now use `docker` from build script:

    ```yaml
+    image: docker:latest
+
+    services:
+    - docker:dind
+
    before_script:
      - docker info

-    build_image:
+    build:
+      stage: build
      script:
      - docker build -t my-docker-image .
      - docker run my-docker-image /script/to/run/tests
    ```

-1. However, by enabling `--docker-privileged` you are effectively disables all security mechanisms of containers and exposing your host to privilege escalation which can lead to container breakout.
-For more information, check out [Runtime privilege](https://docs.docker.com/reference/run/#runtime-privilege-linux-capabilities-and-lxc-configuration).
\ No newline at end of file
+1. However, by enabling `--docker-privileged` you are effectively disables all security mechanisms of containers and
+   exposing your host to privilege escalation which can lead to container breakout.
+
+   For more information, check out [Runtime privilege](https://docs.docker.com/reference/run/#runtime-privilege-linux-capabilities-and-lxc-configuration).
+
+An example project using this approach can be found here: https://gitlab.com/gitlab-examples/docker.