Thanks Rupert for the excellent article.
I do have a comment on launching the Jenkins+Docker container using the mount into the host’s Docker socket (i.e., `-v /var/run/docker.sock:/var/run/docker.sock`).
This may work in some cases, but if you want to run a Jenkins pipeline that executes Docker build/run steps using the Jenkins Docker Plugin (a common scenario), you’ll run into trouble such as “permission denied” errors. I wrote a blog about the problems you’ll face at https://blog.nestybox.com/2019/09/29/jenkins.html.
A good way to resolve these problems is to create a Jenkins container that not only has the Docker CLI in it (as in your example), but also the Docker engine in it (i.e., Docker-in-Docker).
You mentioned that running Docker-in-Docker is not a good idea. Until recently that used to be the case, due to security and functional issues. But it’s no longer the case: Nestybox (www.nestybox.com) has developed a container runtime that enables running Docker-in-Docker without problems and securely (i.e., without using privileged containers).
By deploying a container that has Jenkins + Docker (both CLI and engine), many headaches regarding running Jenkins in a container go away. The reason is that you end up deploying a sandbox in which Jenkins interacts with a dedicated Docker engine, in total isolation from the host, bypassing permission and context-related problems that I described in the blog listed above.
Hope this helps!