[英]Use of docker:dind in docker-compose
So for some reason, I'd like to use a docker:dind inside a docker-compose.yml.所以出于某种原因,我想在 docker-compose.yml 中使用 docker:dind。 I know that the "easy" way is to mount directly the socket inside the image (like that: /var/run/docker.sock:/var/run/docker.sock) but I want to avoid that (for security reasons).我知道“简单”的方法是直接在映像中安装套接字(例如:/var/run/docker.sock:/var/run/docker.sock)但我想避免这种情况(出于安全原因) .
Here is my experimental docker-compose.yml:这是我的实验 docker-compose.yml:
version: '3.8'
services:
dind:
image: docker:19.03.7-dind
container_name: dind
restart: unless-stopped
privileged: true
environment:
- DOCKER_TLS_CERTDIR=/certs
volumes:
- dind-certs-ca:/certs/ca
- dind-certs-client:/certs/client
networks:
- net
expose:
- 2375
- 5000
volumes:
dind-certs-ca:
dind-certs-client:
networks:
net:
driver: bridge
Nothing complexe here, then I try to see if the service is correctly set:这里没什么复杂的,然后我尝试查看服务是否设置正确:
docker logs dind
Here no problem it is up and running.在这里没问题,它已经启动并运行了。 However, once I try to use it with for instance:但是,一旦我尝试使用它,例如:
docker run --rm -it --network net --link dind:docker docker version
I got the following error:我收到以下错误:
Cannot connect to the Docker deamon at tcp://docker:2375. Is there a deamon running ?
Do you have any idea why the deamon is not responding?你知道为什么守护进程没有响应吗?
---------------------------------------------------------- EDIT ---------------------------------------------------------- -------------------------------------------------- - - - - 编辑 - - - - - - - - - - - - - - - - - - - - - -----------------
Following hariK's comment (thanks by the way) I add the port 2376 to the exposed one.根据hariK 的评论(顺便感谢),我将端口 2376 添加到暴露的端口。 I think I'm neer solving my issue.我想我没有解决我的问题。 Here is the error that I get:这是我得到的错误:
error during connect: Get http://docker:2375/v1.40/version dial tcp: lookup on docker on [ip]: no such host
So I look at this error and found that it seems to be a recurrent one on dind versions (there is a lot of issues on gitlab on it like this one ).所以我查看了这个错误,发现它似乎是在 dind 版本上经常出现的错误(gitlab 上有很多问题,就像这个一样)。 There is also a post on stackoverflow on a similar issue for gitlab here .在 stackoverflow 上也有一篇关于 gitlab 的类似问题的帖子。
For the workaround I tried:对于我尝试的解决方法:
DOCKER_TLS_CERTDIR: ""
hopping to turn off TLS... but it failed输入这个值DOCKER_TLS_CERTDIR: ""
跳跃以关闭 TLS...但它失败了If someone has an idea to keep TLS ON and make it works it would be great:) (I'll still be looking on my own but if you can give a nudge with interesting links it would be cool ^^)如果有人有保持 TLS 开启并使其工作的想法,那就太好了:)(我仍然会自己寻找,但如果你能用有趣的链接轻推一下,那就太酷了 ^^)
So for some reason, I'd like to use a docker:dind inside a docker-compose.yml.所以出于某种原因,我想在 docker-compose.yml 中使用 docker:dind。 I know that the "easy" way is to mount directly the socket inside the image (like that: /var/run/docker.sock:/var/run/docker.sock) but I want to avoid that (for security reasons).我知道“简单”的方法是直接在映像中安装套接字(例如:/var/run/docker.sock:/var/run/docker.sock)但我想避免这种情况(出于安全原因) .
Here is my experimental docker-compose.yml:这是我的实验 docker-compose.yml:
version: '3.8'
services:
dind:
image: docker:19.03.7-dind
container_name: dind
restart: unless-stopped
privileged: true
environment:
- DOCKER_TLS_CERTDIR=/certs
volumes:
- dind-certs-ca:/certs/ca
- dind-certs-client:/certs/client
networks:
- net
expose:
- 2375
- 5000
volumes:
dind-certs-ca:
dind-certs-client:
networks:
net:
driver: bridge
Nothing complexe here, then I try to see if the service is correctly set:这里没什么复杂的,然后我尝试查看服务是否设置正确:
docker logs dind
Here no problem it is up and running.在这里没问题,它已经启动并运行了。 However, once I try to use it with for instance:但是,一旦我尝试使用它,例如:
docker run --rm -it --network net --link dind:docker docker version
I got the following error:我收到以下错误:
Cannot connect to the Docker deamon at tcp://docker:2375. Is there a deamon running ?
Do you have any idea why the deamon is not responding?你知道为什么守护进程没有响应吗?
---------------------------------------------------------- EDIT ---------------------------------------------------------- -------------------------------------------------- - - - - 编辑 - - - - - - - - - - - - - - - - - - - - - -----------------
Following hariK's comment (thanks by the way) I add the port 2376 to the exposed one.根据hariK 的评论(顺便感谢),我将端口 2376 添加到暴露的端口。 I think I'm neer solving my issue.我想我没有解决我的问题。 Here is the error that I get:这是我得到的错误:
error during connect: Get http://docker:2375/v1.40/version dial tcp: lookup on docker on [ip]: no such host
So I look at this error and found that it seems to be a recurrent one on dind versions (there is a lot of issues on gitlab on it like this one ).所以我查看了这个错误,发现它似乎是在 dind 版本上经常出现的错误(gitlab 上有很多问题,就像这个一样)。 There is also a post on stackoverflow on a similar issue for gitlab here .在 stackoverflow 上也有一篇关于 gitlab 的类似问题的帖子。
For the workaround I tried:对于我尝试的解决方法:
DOCKER_TLS_CERTDIR: ""
hopping to turn off TLS... but it failed输入这个值DOCKER_TLS_CERTDIR: ""
跳跃以关闭 TLS...但它失败了If someone has an idea to keep TLS ON and make it works it would be great:) (I'll still be looking on my own but if you can give a nudge with interesting links it would be cool ^^)如果有人有保持 TLS 开启并使其正常工作的想法,那就太好了:)(我仍然会自己看,但如果你能用有趣的链接轻推一下,那就太酷了 ^^)
So for some reason, I'd like to use a docker:dind inside a docker-compose.yml.所以出于某种原因,我想在 docker-compose.yml 中使用 docker:dind。 I know that the "easy" way is to mount directly the socket inside the image (like that: /var/run/docker.sock:/var/run/docker.sock) but I want to avoid that (for security reasons).我知道“简单”的方法是直接在映像中安装套接字(例如:/var/run/docker.sock:/var/run/docker.sock)但我想避免这种情况(出于安全原因) .
Here is my experimental docker-compose.yml:这是我的实验 docker-compose.yml:
version: '3.8'
services:
dind:
image: docker:19.03.7-dind
container_name: dind
restart: unless-stopped
privileged: true
environment:
- DOCKER_TLS_CERTDIR=/certs
volumes:
- dind-certs-ca:/certs/ca
- dind-certs-client:/certs/client
networks:
- net
expose:
- 2375
- 5000
volumes:
dind-certs-ca:
dind-certs-client:
networks:
net:
driver: bridge
Nothing complexe here, then I try to see if the service is correctly set:这里没什么复杂的,然后我尝试查看服务是否设置正确:
docker logs dind
Here no problem it is up and running.在这里没问题,它已经启动并运行了。 However, once I try to use it with for instance:但是,一旦我尝试使用它,例如:
docker run --rm -it --network net --link dind:docker docker version
I got the following error:我收到以下错误:
Cannot connect to the Docker deamon at tcp://docker:2375. Is there a deamon running ?
Do you have any idea why the deamon is not responding?你知道为什么守护进程没有响应吗?
---------------------------------------------------------- EDIT ---------------------------------------------------------- -------------------------------------------------- - - - - 编辑 - - - - - - - - - - - - - - - - - - - - - -----------------
Following hariK's comment (thanks by the way) I add the port 2376 to the exposed one.根据hariK 的评论(顺便感谢),我将端口 2376 添加到暴露的端口。 I think I'm neer solving my issue.我想我没有解决我的问题。 Here is the error that I get:这是我得到的错误:
error during connect: Get http://docker:2375/v1.40/version dial tcp: lookup on docker on [ip]: no such host
So I look at this error and found that it seems to be a recurrent one on dind versions (there is a lot of issues on gitlab on it like this one ).所以我查看了这个错误,发现它似乎是在 dind 版本上经常出现的错误(gitlab 上有很多问题,就像这个一样)。 There is also a post on stackoverflow on a similar issue for gitlab here .在 stackoverflow 上也有一篇关于 gitlab 的类似问题的帖子。
For the workaround I tried:对于我尝试的解决方法:
DOCKER_TLS_CERTDIR: ""
hopping to turn off TLS... but it failed输入这个值DOCKER_TLS_CERTDIR: ""
跳跃以关闭 TLS...但它失败了If someone has an idea to keep TLS ON and make it works it would be great:) (I'll still be looking on my own but if you can give a nudge with interesting links it would be cool ^^)如果有人有保持 TLS 开启并使其正常工作的想法,那就太好了:)(我仍然会自己看,但如果你能用有趣的链接轻推一下,那就太酷了 ^^)
Some time later, and I was looking for the same thing.一段时间后,我也在寻找同样的东西。 Here is an example that with specific versions for the images, that should still work in a few years from now:这是一个使用特定版本的图像的示例,它应该在几年后仍然可以使用:
version: '3'
services:
docker:
image: docker:20.10.17-dind-alpine3.16
privileged: yes
volumes:
- certs:/certs
docker-client:
image: docker:20.10.17-cli
command: sh -c 'while [ 1 ]; do sleep 1; done'
environment:
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: /certs/client
volumes:
- certs:/certs
volumes:
certs:
The TLS certificates are generated by the "docker" service on startup and shared using a volume. TLS 证书由“docker”服务在启动时生成并使用卷共享。
Use the client as follows:使用客户端如下:
docker-compose exec docker-client sh
#now within docker-client container
docker run hello-world
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.