2019年7月22日，docker发布了新的版本19.03。

在新版本的更新（docker:dink会自动生成TLS证书并要求使用证书来使用docker服务）会影响GitLAB CI/CD中docker:dind有关服务。

官方说明：

Starting in 18.09+, the dind variants of this image will automatically generate TLS certificates in the directory specified by the DOCKER_TLS_CERTDIR environment variable. Warning: in 18.09, this behavior is disabled by default (for compatibility). If you use –network=host, shared network namespaces (as in Kubernetes pods), or otherwise have network access to the container (including containers started within the dind instance via their gateway interface), this is a potential security issue (which can lead to access to the host system, for example). It is recommended to enable TLS by setting the variable to an appropriate value (-e DOCKER_TLS_CERTDIR=/certs or similar). In 19.03+, this behavior is enabled by default.

当你使用docker:dind（更新到最新docker版本）服务时，也许会遇见以下错误：

docker: Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?.

有两个解决方法：

1. 配置GitLab Runner使用TLS

2. 关闭TLS

GiLab Runner中配置TLS：

    * 配置文件添加volumes=["/certs/client","/cache"]。因为服务docker:dind会创建证书，我们只需要挂载证书到容器。

       比如：

        [[runners]]
          name="My Docker Runner"
          url="http://gitlab.com"
          token=""executor="docker"
          [runners.custom_build_dir]
          [runners.docker]
            privileged=true
            volumes=["/certs/client","/cache"]

     * 在 .gitlab-ci.yml 中添加新variables DOCKER_TLS_CERTDIR:"/certs"

2. 关闭TLS

     * 在 .gitlab-ci.yml 中添加新variables DOCKER_TLS_CERTDIR:""

Reference：

https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03/