• Docker inside Docker 基于 Alpine Linux


    Study From 

    https://hub.docker.com/_/docker/

    感慨一句 这些人真牛B ..

    简单测试

    拉取镜像

    docker pull docker:dind

    运行镜像

    docker run -it --privileged --name dind -d docker:dind

    查看镜像

    [root@CentOS75 ~]# docker exec -it some-docker sh
    / # docker version
    Client:
     Version:      18.05.0-ce
     API version:  1.37
     Go version:   go1.9.2
     Git commit:   f150324
     Built:        Wed May  9 22:11:29 2018
     OS/Arch:      linux/amd64
     Experimental: false
     Orchestrator: swarm
    
    Server:
     Engine:
      Version:      18.05.0-ce
      API version:  1.37 (minimum version 1.12)
      Go version:   go1.10.1
      Git commit:   f150324
      Built:        Wed May  9 22:20:42 2018
      OS/Arch:      linux/amd64
      Experimental: false
    / # 

    其实也可以查看这个机器的版本信息

    vi /etc/os-release 
    
    NAME="Alpine Linux"
    ID=alpine
    VERSION_ID=3.7.0
    PRETTY_NAME="Alpine Linux v3.7"
    HOME_URL="http://alpinelinux.org"
    BUG_REPORT_URL="http://bugs.alpinelinux.org"

    github上面有完整的dockerfile文件  我用centos 的改了半天死活不行

    https://github.com/docker-library/docker/blob/9ecb1c3a6bd766b69eb1858ef721f62fbd930a2b/18.06-rc/dind/Dockerfile

    内容为

    FROM docker:18.06-rc
    
    # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
    RUN set -eux; 
        apk add --no-cache 
            btrfs-progs 
            e2fsprogs 
            e2fsprogs-extra 
            iptables 
            xfsprogs 
            xz 
    # pigz: https://github.com/moby/moby/pull/35697 (faster gzip implementation)
            pigz 
        ; 
    # only install zfs if it's available for the current architecture
    # https://git.alpinelinux.org/cgit/aports/tree/main/zfs/APKBUILD?h=3.6-stable#n9 ("all !armhf !ppc64le" as of 2017-11-01)
    # "apk info XYZ" exits with a zero exit code but no output when the package exists but not for this arch
        if zfs="$(apk info --no-cache --quiet zfs)" && [ -n "$zfs" ]; then 
            apk add --no-cache zfs; 
        fi
    
    # TODO aufs-tools
    
    # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
    RUN set -x 
        && addgroup -S dockremap 
        && adduser -S -G dockremap dockremap 
        && echo 'dockremap:165536:65536' >> /etc/subuid 
        && echo 'dockremap:165536:65536' >> /etc/subgid
    
    # https://github.com/docker/docker/tree/master/hack/dind
    ENV DIND_COMMIT 52379fa76dee07ca038624d639d9e14f4fb719ff
    
    RUN set -ex; 
        apk add --no-cache --virtual .fetch-deps libressl; 
        wget -O /usr/local/bin/dind "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind"; 
        chmod +x /usr/local/bin/dind; 
        apk del .fetch-deps
    
    COPY dockerd-entrypoint.sh /usr/local/bin/
    
    VOLUME /var/lib/docker
    EXPOSE 2375
    
    ENTRYPOINT ["dockerd-entrypoint.sh"]
    CMD []

    带安装docker部分的 dockerfile

    FROM alpine:3.7
    
    RUN apk add --no-cache 
            ca-certificates
    
    # set up nsswitch.conf for Go's "netgo" implementation (which Docker explicitly uses)
    # - https://github.com/docker/docker-ce/blob/v17.09.0-ce/components/engine/hack/make.sh#L149
    # - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275
    # - docker run --rm debian:stretch grep '^hosts:' /etc/nsswitch.conf
    RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
    
    ENV DOCKER_CHANNEL test
    ENV DOCKER_VERSION 18.06.0-ce-rc3
    # TODO ENV DOCKER_SHA256
    # https://github.com/docker/docker-ce/blob/5b073ee2cf564edee5adca05eee574142f7627bb/components/packaging/static/hash_files !!
    # (no SHA file artifacts on download.docker.com yet as of 2017-06-07 though)
    
    RUN set -ex; 
    # why we use "curl" instead of "wget":
    # + wget -O docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-17.03.1-ce.tgz
    # Connecting to download.docker.com (54.230.87.253:443)
    # wget: error getting response: Connection reset by peer
        apk add --no-cache --virtual .fetch-deps 
            curl 
            tar 
        ; 
        
    # this "case" statement is generated via "update.sh"
        apkArch="$(apk --print-arch)"; 
        case "$apkArch" in 
            x86_64) dockerArch='x86_64' ;; 
            armhf) dockerArch='armel' ;; 
            aarch64) dockerArch='aarch64' ;; 
            ppc64le) dockerArch='ppc64le' ;; 
            s390x) dockerArch='s390x' ;; 
            *) echo >&2 "error: unsupported architecture ($apkArch)"; exit 1 ;;
        esac; 
        
        if ! curl -fL -o docker.tgz "https://download.docker.com/linux/static/${DOCKER_CHANNEL}/${dockerArch}/docker-${DOCKER_VERSION}.tgz"; then 
            echo >&2 "error: failed to download 'docker-${DOCKER_VERSION}' from '${DOCKER_CHANNEL}' for '${dockerArch}'"; 
            exit 1; 
        fi; 
        
        tar --extract 
            --file docker.tgz 
            --strip-components 1 
            --directory /usr/local/bin/ 
        ; 
        rm docker.tgz; 
        
        apk del .fetch-deps; 
        
        dockerd -v; 
        docker -v
    
    COPY modprobe.sh /usr/local/bin/modprobe
    COPY docker-entrypoint.sh /usr/local/bin/
    
    ENTRYPOINT ["docker-entrypoint.sh"]
    CMD ["sh"]
  • 相关阅读:
    链接
    Oracle创建表空间
    C#中的全局异常捕捉
    软件架构入门
    Nginx安装及配置详解包括windows环境
    极路由4增强版(B70)HC5962离线ROOT通过Breed刷openwrt教程
    vue自定义全局指令v-emoji限制input输入表情和特殊字符
    【vue】@input
    【window】常用软件
    Vbox 虚拟机全屏
  • 原文地址:https://www.cnblogs.com/jinanxiaolaohu/p/9337866.html
Copyright © 2020-2023  润新知