Run Docker Inside Docker
This article contains information about how to launch/run docker inside docker. Firstly, let’s see some basic terminologies.
What is Docker?
Docker is a container management tool. It is an application build and deployment tool. It is based on the idea of that you can package your code with dependencies into a deployable unit called a container. Docker was develop by Solomon Hykes in 2013, and main motive was for shipping purpose.
Hence, Docker is an open platform for developing and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly.
What is Container?
Containers are a form of operating system virtualization. A single container might be used to run anything from a small microservice or software process to a larger application. Inside a container are all the necessary executables, binary code, libraries, and configuration files. Some examples include: Container Linux (formerly CoreOS Linux) — one of the first lightweight container operating systems built for containers.
Docker inside Docker Use Cases ::
- CI pipeline, where you need to build and push docker images to a container registry after a successful code build.
- Building Docker images with a VM is pretty straightforward.
- Sandboxed environments.
Different Ways to Launch/Run Docker inside Docker
There are two ways to achieve docker in docker ::
→ Run Docker by mounting “docker.sock” method.
→ “dind” method.
Technique 1: Using /var/run/docker.sock
What is /var/run/docker.sock?
“/var/run/docker/sock” is the default Unix socket. Sockets are meant for communication between processes on the same host. Docker daemon by default listens to docker.sock. If you are on the same host where docker daemon is running, you can use the /var/run/docker.sock to manage containers.
In other words, “docker.sock” is the UNIX socket that Docker daemon is listening to. It’s the main entry point for Docker API. It also can be TCP socket but by default for security reasons Docker defaults to use UNIX socket. Docker cli client uses this socket to execute docker commands by default. You can override these settings as well.
Follow the below step for setup.
Step 1: Start Docker container in interactive mode mounting the “docker.sock” as volume. We will use the official docker image.
→ docker run -v /var/run/docker.sock:/var/run/docker.sock -it docker
Step 2: Once inside the container, execute docker commands
→ docker images
Step 3: Launch a container inside container (i.e. new OS)
→ docker run -it centos
Step 4: Stop both containers using “exit”
Technique 2: Using dind
This method actually creates a child container inside a container. Use this method only if you really want to have the containers and images inside the container. Otherwise, I would suggest you use the first approach.
For this, you just need to use the official docker image with “dind” tag. The dind image is baked with required utilities for Docker to run inside a docker container.
Note :: This requires container to be run in privileged mode.
Follow the below step for setup.
Step 1: Create a container named “test” with “docker:dind” image.
docker run — -privileged -d — -name test1 docker:dind
Step 2: Log in to the container using exec.
→ docker exec -it test1 /bin/sh
Step 3: Run docker commands
- Use Docker in Docker only if it is a requirement.
- While using containers in privileged mode, make sure you get the necessary approvals from enterprise security teams on what you are planning to do.