#.gitlab-ci.yml without docker-in-docker

I want to run a go dagger ci pipline on gitlab. Problem is the runner is already a container and hence docker-in-docker is not possible. Any examples of a .gitlab-ci.yml avaiable in this case?

Any hints on how to run it is also possible.

Good question, typically container-based runners have a way to give your container extra privileges. In this case you want the ability to access the underlying docker engine socket. Another option is to setup the dagger engine in "rootless" mode, which will require some tweaking on our end

Are you able to share your gitlab configuration?

Maybe something like this works

docker-build-backend:
  image: docker:stable-dind
  stage: docker-build
  variables:
    # Tell docker CLI how to talk to Docker daemon; see
    # https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-executor
    DOCKER_HOST: tcp://thedockerhost:2375/
    # Use the overlayfs driver for improved performance:
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ""
  services:
    - name: docker:dind
      alias: thedockerhost
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

[[runners]]
  url = "https://gitlab.com/"
  token = TOKEN
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "docker:20.10.16"
    privileged = true                     <------ This here might be necessary in your config.toml
    disable_cache = false
    volumes = ["/cache"]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]

More info and alternatives here:
https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-executor

correct, for runners running in containers there's a way to expose the host docker socket so you can access it with Dagger. Take into account that this implies some security warnings that your project / organization should be ok with.
https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding

We really want to use dagger but our organization security team, doesn’t allow DinD. Any other solutions ? we are planning to use dagger with gitlab ci

do you run gitlab CI self-hosted?

Yes

In that case, there is another solution that avoids DinD. You can run the Dagger engine as a sidecar container, and configure the dagger client in your CI runner to connect to that engine.

If you are running your Gitlab CI runners on Kubernetes, then that would be implemented with a Daemonset. This way, each node in your kubernetes cluster gets one dedicated engine. This maximizes horizontal scaling, and minimizes waste

Can u provide some example please

Sure, if you want we can get on a zoom call to look at your use case and recommend a configuration

Yeah, that would be awesome. My email is is mhari.hm@gmail.com

Can I schedule a call on webex ?

I'm sure we can arrange that 🙂

I found a link https://applatix.com/case-docker-docker-kubernetes-part2/

Does this describe what u talked about ?

that link shows me 404 for me..