Guidebook instructions for running Docker in CI jobs on GKE-hosted runners does not work

The guidebook contains instructions for running Docker in CI jobs on GKE-hosted runners. As a test of this, the following GitLab CI job was created for the malware scanner service project:

test-docker-gke:
  image: docker:24-git
  services:
    - docker:24-dind
  script:
    - docker info
  variables:
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_CERTDIR: "/certs"
    DOCKER_TLS_VERIFY: 1
    DOCKER_CERT_PATH: "/certs/client"
  tags:
    - $GKE_RUNNER_TAG

However, it's failing with the error:

$ docker info
Failed to initialize: unable to resolve docker endpoint: open /certs/client/ca.pem: no such file or directory

Log is here.

It's unclear whether the problem is with the guidebook instructions, the runner itself, or both.

UPDATE: Inserting a sleep 20 command at the start of the script block causes the job to pass, so this appears to be a timing issue with when Docker becomes available to a CI job.

Edited Sep 25, 2023 by Dave Hart

Admin message

Guidebook instructions for running Docker in CI jobs on GKE-hosted runners does not work