在高山linux容器內構建docker映像

Question

我們使用運行Alpine Linux的Docker容器作為Bamboo中的構建代理。 作為構建計划的一部分，需要創建docker映像。

我們的構建代理已安裝了docker，但是由於docker守護程序未運行，我們遇到了錯誤。 用以下命令啟動守護進程

/usr/local/bin/dockerd

給出以下內容：

INFO[0000] libcontainerd: new containerd process, pid: 640 
ERRO[0001] 'overlay' is not supported over overlayfs    
INFO[0001] Graph migration to content-addressability took 0.00 seconds 
INFO[0001] Loading containers: start.                   
WARN[0001] Running modprobe bridge br_netfilter failed with message: modprobe: can't change directory to '/lib/modules': No such file or directory
, error: exit status 1 
WARN[0001] Running modprobe nf_nat failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1 
WARN[0001] Running modprobe xt_conntrack failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1 
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain: Iptables not found

為了解決這個問題，我已經安裝了iptables。 現在，當我嘗試運行docker守護程序時，我得到：

INFO[0000] libcontainerd: new containerd process, pid: 705 
ERRO[0001] 'overlay' is not supported over overlayfs    
INFO[0001] Graph migration to content-addressability took 0.00 seconds 
INFO[0001] Loading containers: start.                   
WARN[0001] Running modprobe bridge br_netfilter failed with message: modprobe: can't change directory to '/lib/modules': No such file or directory
, error: exit status 1 
WARN[0001] Running modprobe nf_nat failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1 
WARN[0001] Running modprobe xt_conntrack failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1 
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.0: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)

我對現在的去向有些困惑，因為sudo在高山上已不是問題。

Answer 1

在Docker容器中運行Docker守護程序通常是一個令人生畏的前景。 我們有完全相同的要求，我們可以通過將/var/run/docker.sock從Docker主機安裝到Docker容器中來解決：

docker run -v /var/run/docker.sock:/var/run/docker.sock --privileged

這樣，構建代理容器中的docker命令實際上是在與主機上的Docker守護進程通信，而不是與容器內部的Docker守護進程通信。 對我們來說真的很好。