How can I run a fully isolated Docker inside a Docker container?

By
William Rossbach
-
0
0
Asked By TechWiz123 On

Hey everyone! I'm trying to set up a Docker environment where I can run a completely isolated Docker daemon inside a Docker container without affecting the host machine's Docker instance. My service needs to clone a Git repository, build a Docker container from it, and run several instances of that container. While everything is working fine locally, I'm struggling to get it to work when I run it as a Docker image. This is my Dockerfile:

FROM node:18-alpine AS build
WORKDIR /app
COPY . .
# Some build steps here...
FROM docker:24-dind AS runtime
WORKDIR /app
RUN apk add --no-cache nodejs npm git
COPY --from=build /app/build ./
ENTRYPOINT ["dockerd-entrypoint.sh"]
CMD sleep 5 && npm start

And I'm starting it with Docker Compose like this:

my-service:
build:
context: .
dockerfile: ./packages/my-service/Dockerfile
container_name: my-service
privileged: true

But when I try to run it, I get an error:

ERROR: error during connect: Head "http://docker:2375/_ping": dial tcp: lookup docker on 127.0.0.11:53: no such host

Any suggestions on how I can achieve this isolation?

3 Answers

Answered By DevGuru97 On

You might want to explore using Docker in Docker (DIND). While you can run Docker commands, for complete isolation you could also consider mounting the Docker socket directly into the container. However, this might not provide full isolation. Instead, you could check out alternatives to create isolated environments. Also, paths to the Docker socket should be correctly configured to ensure your container's environment can communicate with the Docker daemon effectively.

Answered By IsolationNinja On

Just a heads-up, the isolation you're looking for might not be feasible with the standard Docker socket mounting method. You could achieve some isolation by handling nested volumes, but you'd need to connect through UNIX sockets within your service. This way, the nested sockets will stay confined to your service without exposing them to the host.

Answered By BuildExpert22 On

DIND should work for your needs! I found a great guide that details running Docker-in-Docker. It outlines some practical examples that you can follow to set up your environment properly. That might help you get over the hurdles you're facing!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.