Shulou(Shulou.com)06/02 Report--

Translator's note: this blog describes what / var/run/docker.sock is and how to use / var/run/docker.sock to communicate with the Docker daemon, and provides two simple examples. Understanding this, we can run some Docker containers that can manage Docker, such as Portainer, Kubernetes, isn't it amazing?

Original: About / var/run/docker.sock

Translator: Fundebug

In order to ensure readability, this paper adopts free translation rather than literal translation.

If you have run Docker Hub's Docker image, you will find that some of these containers need to mount the / var/run/docker.sock file. What is this document? Why do some containers need to use it? Simply put, it is the Unix domain socket (Unix domain socket) that the Docker daemon (Docker daemon) listens to by default, through which processes in the container can communicate with the Docker daemon.

Give an example

Take a look at Portainer, which provides a graphical interface for managing Docker hosts and Swarm clusters. If you use Portainer to manage local Docker hosts, you need to bind / var/run/docker.sock:

Docker run-d-p 9000 9000-v / var/run/docker.sock:/var/run/docker.sock portainer/portainer

Access port 9000 to view the graphical interface, you can manage containers (container), mirrors (image), data volumes (volume).

Portainer communicates with the Docker daemon through the bound / var/run/docker.sock file to perform various administrative operations.

API of the Docker daemon

After installing Docker, the Docker daemon listens on the Unix domain socket: / var/run/docker.sock. This can be seen in the configuration options of Docker daemon (execute cat / etc/default/docker on ubuntu):

-H unix:///var/run/docker.sock

Note: monitoring network TCP sockets or other sockets requires the appropriate-H option.

All HTTP interfaces defined by Docker engine API v1.27 (the latest version) can be called through / var/run/docker.sock.

Run the container

Using Portainer's UI, you can easily create containers. In fact, the HTTP request is sent to the Docker daemon through docker.sock. You can illustrate this by creating containers through curl. Using the HTTP interface to run the container requires two steps: first create the container, and then start the container.

1. Create a nginx container

The curl command sends {"Image": "nginx"} through the Unix socket to the / containers/create interface of the Docker daemon, which will create the container based on the Nginx image and return the container's ID.

Curl-XPOST-- unix-socket / var/run/docker.sock-d'{"Image": "nginx"}'- H 'Content-Type: application/json' http://localhost/containers/create

The output returns the container ID:

{"Id": "fcb65c6147efb862d5ea3a2ef20e793c52f0fafa3eb04e4292cb4784c5777d65", "Warnings": null} 2. Start the nginx container

Use the returned container ID and call the / containers//start API to start the newly created container.

Curl-XPOST-unix-socket / var/run/docker.sock http://localhost/containers/fcb6...7d65/start

View the started containers:

Docker lsCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESfcb65c6147ef nginx "nginx-g'daemon..." 5 minutes ago Up 5 seconds 80/tcp, 443/tcp ecstatic_kirch...

As you can see, running the container using docker.sock is actually very simple.

Event flow for the Docker daemon

Docker's API provides the / events interface, which can be used to get all the event streams generated by the Docker daemon. The load balancing component (load balancer) component can update the configuration dynamically by getting the create / delete events of the container. By creating a simple container, we can see how to take advantage of the events of the Docker daemon.

1. Run the alpine container

The following command is used to run the container and bind the docker.sock in interactive mode (interactive mode, which goes directly into the container).

Docker run-v / var/run/docker.sock:/var/run/docker.sock-ti alpine sh2. Listen for the event flow of the Docker daemon

Within the alpine container, you can send HTTP requests to the / events interface through Docker sockets. This command will always wait for the Docker daemon event. When a new event occurs (for example, a new container is created), you will see the output information.

Curl-- unix-socket / var/run/docker.sock http://localhost/events3. Observe events

After running the container based on the Nginx image, the events generated by the aplpine can be observed through the standard output of the Docker daemon container.

Docker run-p 8080 80-d nginx

Three events can be observed:

Create a container connection default bridging network (bridge network) to start the container conclusion

Hopefully these simple explanations will help you understand the / var/run/docker.sock file and what it does when binding to a container. Obviously, real applications use code instead of curl commands to send HTTP requests to the Docker daemon.

Note: after binding the Docker socket, the container has high permissions to control the Docker daemon. Therefore, this must be used with caution and can only be used for containers that are sufficiently trusted.

About Fundebug

Fundebug specializes in real-time BUG monitoring of JavaScript, WeChat Mini Programs, Wechat, Mini Game, Mini Program, React Native, Node.js and Java. Since the official launch of Singles' Day in 2016, Fundebug has handled a total of 700 million + errors, which has been recognized by many well-known users, such as Google, 360,360, Kingsoft, people's Network and so on. Welcome to try it for free!

Copyright notice

Please indicate the author's Fundebug and the address of this article when reprinting:

Https://blog.fundebug.com/2017/04/17/about-docker-sock/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.