Docker - docker in docker(dind)

转自:https://jiuaidu.com/jianzhan/924505/

有时需要在容器内执行 docker 命令,比如:在 jenkins 容器内运行 docker 命令执行构建镜像
直接在 docker 容器内嵌套安装 docker 未免太过臃肿
更好的办法是:容器内仅部署 docker 命令行工具(作为客户端),实际执行交由宿主机内的 docker-engine(服务器)

2 - 两种方式

在docker容器内启动一个docker daemon,对外提供服务。
每个运行中的容器,都是一个进程,这个进程都托管在docker daemon中。
优点在于镜像和容器都在一个隔离的环境,保持宿主机的环境。

2.1 通过宿主机的docker.sock

通过类似docker run -v /var/run/docker.sock:/var/run/docker.sock的命令将宿主机 docker.sock 文件挂载到容器, 并且直接挂载宿主机的/usr/bin/docker, 这样容器内就不需安装 Docker 程序。
当容器内使用docker命令时,实际上调用的是宿主机的docker daemon和docker命令。
也就是说,容器内实际并未运行 docker server,但是能够通过宿主机执行docker任务,从而实现轻量级 docker in docker
需要特别说明的是,真正执行 docker 命令的是跑在宿主机上的 docker-engine(服务器),因此这并不是真正的 "Docker in Docker".

2.2 通过docker:dind镜像

先启动一个docker:dind容器A,再启动一个docker容器B,容器B指定host为A容器内的docker daemon。

  • https://wangbaiyuan.cn/docker-in-docker.html
  • https://www.cnblogs.com/kirito-c/p/11357522.html

3 - 实例:Run Jenkins via Docker Desktop on Windows OS

https://www.jenkins.io/doc/book/installing/

启动Jenkins

  1. λ docker network ls
  2. NETWORK ID NAME DRIVER SCOPE
  3. ce94289d7289 bridge bridge local
  4. b47c8fca8bab host host local
  5. 6140a92f13fe none null local
  6. λ docker network create jenkins
  7. 10aa1f469d1ee811c406d1acc009c267e7a288b0bf7818af70832f476dc83974
  8. GuowangLi@CNMCSRFX33 /c/Projects
  9. λ docker network ls
  10. NETWORK ID NAME DRIVER SCOPE
  11. ce94289d7289 bridge bridge local
  12. b47c8fca8bab host host local
  13. 10aa1f469d1e jenkins bridge local
  14. 6140a92f13fe none null local
  15. λ
  16. λ docker volume ls
  17. DRIVER VOLUME NAME
  18. λ docker volume create jenkins-docker-certs
  19. jenkins-docker-certs
  20. λ docker volume create jenkins-data
  21. jenkins-data
  22. λ docker volume ls
  23. DRIVER VOLUME NAME
  24. local jenkins-data
  25. local jenkins-docker-certs
  26. λ docker container run --name jenkins-docker --detach \
  27. > --privileged --network jenkins --network-alias docker \
  28. > --env DOCKER_TLS_CERTDIR=/certs \
  29. > --volume jenkins-docker-certs:/certs/client \
  30. > --volume jenkins-data:/var/jenkins_home \
  31. > docker:dind
  32. Unable to find image 'docker:dind' locally
  33. dind: Pulling from library/docker
  34. df20fa9351a1: Pull complete
  35. 25ad7478873d: Pull complete
  36. 4684f6177b5d: Pull complete
  37. 46e300cec669: Pull complete
  38. 63038576ad94: Pull complete
  39. 0fdb76c4706c: Pull complete
  40. cb7edeffdfd5: Pull complete
  41. cc28bd76800f: Pull complete
  42. 54196fe38f7e: Pull complete
  43. ea71acc29633: Pull complete
  44. 657cc4c15165: Pull complete
  45. Digest: sha256:a8ea5b6b4b7472a3804d22f619097e983cc939344608aa3774e73d24291007d6
  46. Status: Downloaded newer image for docker:dind
  47. 4a8be3066dbd65b85f35933c0d53c174f3c1bfd55b94188baa377be9f275e72e
  48. λ docker container run \
  49. > --name jenkins-blueocean \
  50. > --detach \
  51. > --network jenkins \
  52. > --env DOCKER_HOST=tcp://docker:2376 \
  53. > --env DOCKER_CERT_PATH=/certs/client \
  54. > --env DOCKER_TLS_VERIFY=1 \
  55. > --volume jenkins-data:/var/jenkins_home \
  56. > --volume jenkins-docker-certs:/certs/client:ro \
  57. > --publish 8080:8080 \
  58. > --publish 50000:50000 \
  59. > jenkinsci/blueocean
  60. b0f8d0ca1673f3d74ed764ba49341093277b92b3c02dd2cee0146ebd43ce3cb5
  61. λ
  62. λ docker ps
  63. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
  64. b0f8d0ca1673 jenkinsci/blueocean "/sbin/tini -- /usr/…" 3 minutes ago Up 3 minutes 0.0.0.0:8080->8080/tcp, 0.0.0.0:50000->50000/tcp jenkins-blueocean
  65. 4a8be3066dbd docker:dind "dockerd-entrypoint.…" 4 minutes ago Up 4 minutes 2375-2376/tcp jenkins-docker
  66. λ docker images
  67. REPOSITORY TAG IMAGE ID CREATED SIZE
  68. jenkinsci/blueocean latest 0577399033d7 21 hours ago 579MB
  69. docker dind 66dc2d45749a 7 days ago 226MB
  70. λ

获取初始密码

  1. λ docker exec jenkins-blueocean cat var/jenkins_home/secrets/initialAdminPassword
  2. b22f3b04344f4094bb6b26e1312002e8

4 - Command List

涉及的一些命令

    1. docker network create jenkins
    2. docker volume create jenkins-docker-certs
    3. docker volume create jenkins-data
    4. docker container run \
    5. --name jenkins-docker \
    6. --detach \
    7. --privileged \
    8. --network jenkins \
    9. --network-alias docker \
    10. --env DOCKER_TLS_CERTDIR=/certs \
    11. --volume jenkins-docker-certs:/certs/client \
    12. --volume jenkins-data:/var/jenkins_home \
    13. docker:dind
    14. docker container run \
    15. --name jenkins-blueocean \
    16. --detach \
    17. --network jenkins \
    18. --env DOCKER_HOST=tcp://docker:2376 \
    19. --env DOCKER_CERT_PATH=/certs/client \
    20. --env DOCKER_TLS_VERIFY=1 \
    21. --volume jenkins-data:/var/jenkins_home \
    22. --volume jenkins-docker-certs:/certs/client:ro \
    23. --publish 8080:8080 \
    24. --publish 50000:50000 \
    25. jenkinsci/blueocean
posted @ 2023-05-16 17:22  呆瓜小贼66  阅读(541)  评论(0编辑  收藏  举报