How to Fix Docker Connection Refused on Google Cloud Run

The Root Cause

On Google Cloud Run, services are deployed as pre-built container images and do not have access to a Docker daemon within their execution environment. Attempts by an application running inside a Cloud Run service to connect to a local Docker socket (e.g., /var/run/docker.sock) will always result in “Connection Refused” because no Docker daemon is present or exposed.

Quick Fix (CLI)

The immediate fix involves deploying an updated container image where your application no longer attempts to interact with a Docker daemon.

# 1. Build a new container image locally after removing any Docker-dependent code
docker build -t gcr.io/YOUR_PROJECT_ID/YOUR_SERVICE_NAME:no-docker-interaction .

# 2. Push the new image to Google Container Registry (GCR) or Artifact Registry (GAR)
docker push gcr.io/YOUR_PROJECT_ID/YOUR_SERVICE_NAME:no-docker-interaction

# 3. Deploy the updated image to your Cloud Run service
gcloud run deploy YOUR_SERVICE_NAME \
  --image gcr.io/YOUR_PROJECT_ID/YOUR_SERVICE_NAME:no-docker-interaction \
  --platform managed \
  --region YOUR_CLOUD_RUN_REGION \
  --allow-unauthenticated # Adjust authentication as per your service requirements

Configuration Check

The primary file to check and modify is your application’s source code files (e.g., main.py, app.js, server.go). You need to identify and remove or comment out any lines that attempt to:

  • Import Docker client libraries (e.g., docker in Python, docker-java in Java, github.com/docker/docker/client in Go).
  • Instantiate a Docker client, often done with methods like docker.from_env(), new DockerClient(), or similar.
  • Directly connect to unix:///var/run/docker.sock or tcp://localhost:2375.
  • Execute shell commands such as docker build, docker run, docker pull, or docker inspect.

Example (Python app.py):

# Before (causing 'Docker Connection Refused'):
import docker
client = docker.from_env() # This line attempts to connect to a local Docker daemon
# client.containers.run(...)

# After (corrected):
# Remove or refactor any code that imports or instantiates a Docker client.
# Cloud Run executes pre-built containers; dynamic container management within the service
# is not supported and should be offloaded to CI/CD pipelines or external services.

Verification

After deploying the corrected image, invoke your Cloud Run service and monitor its logs to confirm the absence of the “Docker Connection Refused” error.

# Invoke your Cloud Run service URL (replace with your actual URL)
curl https://YOUR_SERVICE_URL

# Stream logs for your service to ensure the error does not reappear
gcloud run services logs tail YOUR_SERVICE_NAME \
  --region YOUR_CLOUD_RUN_REGION \
  --platform managed

⚡ Related Troubleshooting Guides