From 83857ba7e0911375e9da984cb8d40413aacd242b Mon Sep 17 00:00:00 2001
From: Shinnosuke Sawada <6warashi9@gmail.com>
Date: Thu, 12 Nov 2020 08:07:52 +0900
Subject: [PATCH] use tcp DOCKER_HOST instead of sharing docker.sock

---
 controllers/runner_controller.go | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/controllers/runner_controller.go b/controllers/runner_controller.go
index 2dac1406..37ddcff4 100644
--- a/controllers/runner_controller.go
+++ b/controllers/runner_controller.go
@@ -381,23 +381,17 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 					EmptyDir: &corev1.EmptyDirVolumeSource{},
 				},
 			},
-			{
-				Name: "docker",
-				VolumeSource: corev1.VolumeSource{
-					EmptyDir: &corev1.EmptyDirVolumeSource{},
-				},
-			},
 		}
 		pod.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{
 			{
 				Name:      "work",
 				MountPath: "/runner/_work",
 			},
-			{
-				Name:      "docker",
-				MountPath: "/var/run",
-			},
 		}
+		pod.Spec.Containers[0].Env = append(pod.Spec.Containers[0].Env, corev1.EnvVar{
+			Name:  "DOCKER_HOST",
+			Value: "tcp://localhost:2375",
+		})
 		pod.Spec.Containers = append(pod.Spec.Containers, corev1.Container{
 			Name:  "docker",
 			Image: r.DockerImage,
@@ -406,9 +400,11 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 					Name:      "work",
 					MountPath: "/runner/_work",
 				},
+			},
+			Env: []corev1.EnvVar {
 				{
-					Name:      "docker",
-					MountPath: "/var/run",
+					Name: "DOCKER_TLS_CERTDIR",
+					Value: "",
 				},
 			},
 			SecurityContext: &corev1.SecurityContext{