How to add "-v /var/run/docker.sock:/var/run/docker.sock" when running container from kubernetes deployment yaml

Question

I'm setting up a kubernetes deployment with an image that will execute docker commands (docker ps etc.).

My yaml looks as the following:

kind: Deployment
apiVersion: apps/v1
metadata:
  name: discovery
  namespace: kube-system
  labels:
    discovery-app: kubernetes-discovery
spec:
  selector:
    matchLabels:
      discovery-app: kubernetes-discovery
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        discovery-app: kubernetes-discovery
    spec:
      containers:
      - image: docker:dind
        name: discover
        ports:
        - containerPort: 8080
          name: my-awesome-port
      imagePullSecrets:
        - name: regcred3
      volumes:
      - name: some-volume
        emptyDir: {}
      serviceAccountName: kubernetes-discovery

Normally I will run a docker container as following:

docker run -v /var/run/docker.sock:/var/run/docker.sock docker:dind

Now, kubernetes yaml supports commands and args but for some reason does not support options.

What is the right thing to do?

Perhaps I should configure a volume, but then, is it volumeMount or just a volume?

I am new with kubernetes so it is important for me to do it the right way.

Thank you

Answer 1

You want to add the volume to the container.

spec:
  containers:
  - name: discover
    image: docker:dind
    volumeMounts:
    - name: dockersock
      mountPath: "/var/run/docker.sock"
  volumes:
  - name: dockersock
    hostPath:
      path: /var/run/docker.sock  

Answer 2

It seems like a bad idea to interact directly with containers on any nodes in Kubernetes. The whole point of Kubernetes is to orchestrate. If you add containers outside of the Pod construct, then Kubernetes will not be aware the processes running on the nodes. This will affect resource allocation.

It also needs to be said that directly working with containers bypasses security.