Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use Docker commands in Docker". In daily operation, I believe many people have doubts about how to use Docker commands in Docker. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to use Docker commands in Docker". Next, please follow the editor to study!

1. Typical applicable scenario

In CI, there is usually a CI Engine responsible for parsing the process, controlling the entire build process, and leaving the actual build to Agent to complete. For example, this is true for both Jenkins and GitLab.

As shown in the figure below, there are many kinds of Agent connected to CI Engine. This is to meet the requirements of different projects for the build environment.

At the same time, Agent is dynamic, needed when building, and destroyed when the build is complete. CI is very suitable for practicing container, Serverless, and other technologies, so Agent is often containerized in the production process.

So here's the problem? If CI Engine is also containerized, how can you use Agent containers to build in containers? If Agent is already containerized, how do you build an image on Agent? This is the answer given in this article, how to use Docker in Docker.

two。 Two modes of use

We need to know that Docker works in Cramp S mode, which is mainly divided into two parts, Docker CLI and Docker Daemon. Docker CLI, that is, the client, provides users with command-line operations on Docker, such as docker create/images/ps, and so on. Docker Damon, the daemon, is responsible for receiving user instructions and maintaining the lifecycle of the container.

2.1 Docker in Docker

Docker in Docker, hereinafter referred to as DinD.

As shown above, you can run a Docker Daemon directly in Container, and then use the Docker CLI tool in Container to manipulate the container.

In this way, the Docker Daemon in the container is completely independent of the outside and has good isolation characteristics. It seems that Container is similar to a VM, but the authors of DinD do not recommend it very much.

The main reason is security. DinD needs to be started in privileged mode, and this nesting poses potential security risks.

In this way, containers that respond to commands are nested within containers that use the docker command.

2.2 Docker outside of Docker

Docker outside of Docker, hereinafter referred to as DooD.

As shown in the figure above, Docker works in Cramp S mode, with users focusing on the C side and lifecycle management on the S side.

Therefore, you only need to mount the external Docker Daemon service of Container to Container. Mislead Container into thinking that Docker Daemon is running locally, and when you use the Docker CLI command, the external Docker Daemon will respond to the request.

In this way, the container that responds to the command is at the same level as the container using the docker command.

3. Demo in Docker environment

3.1 DinD

Run the DinD container

$docker run-- privileged-e DOCKER_TLS_CERTDIR= ""-d-- name dockerd docker:dind d6414f2ff0076c42de19a8a1fe122481c1a72b3bd45fd490dbe1c427414b4139

Run the container link DinD container with CLI

$docker run-rm-it-link dockerd:docker docker:latest sh

In the DinD container, pull the image

# pull image $docker pull shaowenchen/devops-java-sample # View image $docker images REPOSITORY TAG IMAGE ID CREATED SIZE shaowenchen/devops-java-sample latest fa4651c24a18 6 weeks ago 122MB

It works the same as a separate Docker Daemon environment.

Check to see if the outside is affected

Type exit to exit the container through the Docker Daemon on the host

$docker images | grep fa4651c24a18

As expected. DinD uses a stand-alone Docker Daemon that has no direct impact on external instances.

3.2 DooD

Run a container

$docker run-- rm-it-v / var/run/docker.sock:/var/run/docker.sock alpine sh

Install curl

To avoid installing Docker CLI, call Docker Daemon's API directly using curl.

$apk update & & apk add curl

Pull the image

$curl-XPOST-- unix-socket / var/run/docker.sock http://localhost/images/create?fromImage=shaowenchen/docker-robotframework&tag=latest. {"status": "Status: Downloaded newer image for shaowenchen/docker-robotframework"}

View the pulled image

Type exit to exit the container through the Docker Daemon on the host

$docker images | grep robotframework shaowenchen/docker-robotframework latest d99cfa7ee716 12 months ago 1.5GB

As expected. External Docker Daemon used directly in DooD mode.

4. Demonstration in Kubernetes environment

4.1 DinD

Create a dind.yaml file with the following contents:

ApiVersion: apps/v1 kind: Deployment metadata: name: dind spec: replicas: 1 selector: matchLabels: app: dind template: metadata: labels: app: dind spec: containers:-name: dockerd image: 'docker:dind' env:-name: DOCKER_TLS_CERTDIR Value: "" securityContext: privileged: true-name: docker-cli image: 'docker:latest' env:-name: DOCKER_HOST value: 127.0.0.1 command: ["/ bin/sh"] args: ["- c" "sleep 86400 "]

Create Deployment

$kubectl apply-f dind.yaml

View the Pod name created

$kubectl get pod | grep dind dind-5446ffbc8d-68q28 2 Running 2 Running 0 12s

Enter Pod

$kubectl exec-it dind-5446ffbc8d-68q28-c docker-cli sh

Test whether to use a stand-alone Docker Daemon

$docker pull nginx $docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest daee903b4e43 3 days ago 133MB

As expected, only the image of the Nginx just pulled is shown here, which is completely independent of the Docker Daemon of the host.

4.2 DooD

Create a dood.yaml file with the following contents:

ApiVersion: apps/v1 kind: Deployment metadata: name: dood spec: replicas: 1 selector: matchLabels: app: dood template: metadata: labels: app: dood spec: containers:-image: docker:latest name: docker-cli securityContext: privileged: false command: ["/ bin/ Sh "] args: ["-c " "sleep 86400 "] volumeMounts:-mountPath: / var/run/docker.sock name: volume-docker volumes:-hostPath: path: / var/run/docker.sock type:"name: volume-docker

Create Deployment

$kubectl apply-f dood.yaml

View the Pod name created

$kubectl get pod | grep dood dood-667d8bcfc6-d5fzf 1 Running 1 Running 0 15s

Enter Pod

$kubectl exec-it dood-667d8bcfc6-d5fzf-c docker-cli sh

Test whether the host's Docker Daemon is being used

$docker images | wc 69 482 8509

As expected, the Docker command here uses the external Docker Daemon.

5. Referenc

Https://medium.com/better-programming/about-var-run-docker-sock-3bfd276e12fd

Https://github.com/jpetazzo/dind

At this point, the study on "how to use the Docker command in Docker" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.