Docker - docker in docker(dind)
转自:https://jiuaidu.com/jianzhan/924505/
有时需要在容器内执行 docker 命令,比如:在 jenkins 容器内运行 docker 命令执行构建镜像
直接在 docker 容器内嵌套安装 docker 未免太过臃肿
更好的办法是:容器内仅部署 docker 命令行工具(作为客户端),实际执行交由宿主机内的 docker-engine(服务器)
2 - 两种方式
在docker容器内启动一个docker daemon,对外提供服务。
每个运行中的容器,都是一个进程,这个进程都托管在docker daemon中。
优点在于镜像和容器都在一个隔离的环境,保持宿主机的环境。
2.1 通过宿主机的docker.sock
通过类似docker run -v /var/run/docker.sock:/var/run/docker.sock
的命令将宿主机 docker.sock 文件挂载到容器, 并且直接挂载宿主机的/usr/bin/docker
, 这样容器内就不需安装 Docker 程序。
当容器内使用docker命令时,实际上调用的是宿主机的docker daemon和docker命令。
也就是说,容器内实际并未运行 docker server,但是能够通过宿主机执行docker任务,从而实现轻量级 docker in docker
需要特别说明的是,真正执行 docker 命令的是跑在宿主机上的 docker-engine(服务器),因此这并不是真正的 "Docker in Docker".
2.2 通过docker:dind
镜像
先启动一个docker:dind
容器A,再启动一个docker容器B,容器B指定host为A容器内的docker daemon。
- https://wangbaiyuan.cn/docker-in-docker.html
- https://www.cnblogs.com/kirito-c/p/11357522.html
3 - 实例:Run Jenkins via Docker Desktop on Windows OS
https://www.jenkins.io/doc/book/installing/
启动Jenkins
λ docker network ls
NETWORK ID NAME DRIVER SCOPE
ce94289d7289 bridge bridge local
b47c8fca8bab host host local
6140a92f13fe none null local
λ docker network create jenkins
10aa1f469d1ee811c406d1acc009c267e7a288b0bf7818af70832f476dc83974
GuowangLi@CNMCSRFX33 /c/Projects
λ docker network ls
NETWORK ID NAME DRIVER SCOPE
ce94289d7289 bridge bridge local
b47c8fca8bab host host local
10aa1f469d1e jenkins bridge local
6140a92f13fe none null local
λ
λ docker volume ls
DRIVER VOLUME NAME
λ docker volume create jenkins-docker-certs
jenkins-docker-certs
λ docker volume create jenkins-data
jenkins-data
λ docker volume ls
DRIVER VOLUME NAME
local jenkins-data
local jenkins-docker-certs
λ docker container run --name jenkins-docker --detach \
> --privileged --network jenkins --network-alias docker \
> --env DOCKER_TLS_CERTDIR=/certs \
> --volume jenkins-docker-certs:/certs/client \
> --volume jenkins-data:/var/jenkins_home \
> docker:dind
Unable to find image 'docker:dind' locally
dind: Pulling from library/docker
df20fa9351a1: Pull complete
25ad7478873d: Pull complete
4684f6177b5d: Pull complete
46e300cec669: Pull complete
63038576ad94: Pull complete
0fdb76c4706c: Pull complete
cb7edeffdfd5: Pull complete
cc28bd76800f: Pull complete
54196fe38f7e: Pull complete
ea71acc29633: Pull complete
657cc4c15165: Pull complete
Digest: sha256:a8ea5b6b4b7472a3804d22f619097e983cc939344608aa3774e73d24291007d6
Status: Downloaded newer image for docker:dind
4a8be3066dbd65b85f35933c0d53c174f3c1bfd55b94188baa377be9f275e72e
λ docker container run \
> --name jenkins-blueocean \
> --detach \
> --network jenkins \
> --env DOCKER_HOST=tcp://docker:2376 \
> --env DOCKER_CERT_PATH=/certs/client \
> --env DOCKER_TLS_VERIFY=1 \
> --volume jenkins-data:/var/jenkins_home \
> --volume jenkins-docker-certs:/certs/client:ro \
> --publish 8080:8080 \
> --publish 50000:50000 \
> jenkinsci/blueocean
b0f8d0ca1673f3d74ed764ba49341093277b92b3c02dd2cee0146ebd43ce3cb5
λ
λ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0f8d0ca1673 jenkinsci/blueocean "/sbin/tini -- /usr/…" 3 minutes ago Up 3 minutes 0.0.0.0:8080->8080/tcp, 0.0.0.0:50000->50000/tcp jenkins-blueocean
4a8be3066dbd docker:dind "dockerd-entrypoint.…" 4 minutes ago Up 4 minutes 2375-2376/tcp jenkins-docker
λ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jenkinsci/blueocean latest 0577399033d7 21 hours ago 579MB
docker dind 66dc2d45749a 7 days ago 226MB
λ
获取初始密码
λ docker exec jenkins-blueocean cat var/jenkins_home/secrets/initialAdminPassword
b22f3b04344f4094bb6b26e1312002e8
4 - Command List
涉及的一些命令
docker network create jenkins
docker volume create jenkins-docker-certs
docker volume create jenkins-data
docker container run \
--name jenkins-docker \
--detach \
--privileged \
--network jenkins \
--network-alias docker \
--env DOCKER_TLS_CERTDIR=/certs \
--volume jenkins-docker-certs:/certs/client \
--volume jenkins-data:/var/jenkins_home \
docker:dind
docker container run \
--name jenkins-blueocean \
--detach \
--network jenkins \
--env DOCKER_HOST=tcp://docker:2376 \
--env DOCKER_CERT_PATH=/certs/client \
--env DOCKER_TLS_VERIFY=1 \
--volume jenkins-data:/var/jenkins_home \
--volume jenkins-docker-certs:/certs/client:ro \
--publish 8080:8080 \
--publish 50000:50000 \
jenkinsci/blueocean