Docker inside Docker 基于 Alpine Linux

Study From 

https://hub.docker.com/_/docker/

感慨一句 这些人真牛B ..

简单测试

拉取镜像

docker pull docker:dind

运行镜像

docker run -it --privileged --name dind -d docker:dind

查看镜像

[root@CentOS75 ~]# docker exec -it some-docker sh
/ # docker version
Client:
 Version:      18.05.0-ce
 API version:  1.37
 Go version:   go1.9.2
 Git commit:   f150324
 Built:        Wed May  9 22:11:29 2018
 OS/Arch:      linux/amd64
 Experimental: false
 Orchestrator: swarm

Server:
 Engine:
  Version:      18.05.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.10.1
  Git commit:   f150324
  Built:        Wed May  9 22:20:42 2018
  OS/Arch:      linux/amd64
  Experimental: false
/ # 

其实也可以查看这个机器的版本信息

vi /etc/os-release 

NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.7.0
PRETTY_NAME="Alpine Linux v3.7"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"

 

github上面有完整的dockerfile文件  我用centos 的改了半天死活不行

 

https://github.com/docker-library/docker/blob/9ecb1c3a6bd766b69eb1858ef721f62fbd930a2b/18.06-rc/dind/Dockerfile

内容为

FROM docker:18.06-rc

# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
RUN set -eux; \
    apk add --no-cache \
        btrfs-progs \
        e2fsprogs \
        e2fsprogs-extra \
        iptables \
        xfsprogs \
        xz \
# pigz: https://github.com/moby/moby/pull/35697 (faster gzip implementation)
        pigz \
    ; \
# only install zfs if it's available for the current architecture
# https://git.alpinelinux.org/cgit/aports/tree/main/zfs/APKBUILD?h=3.6-stable#n9 ("all !armhf !ppc64le" as of 2017-11-01)
# "apk info XYZ" exits with a zero exit code but no output when the package exists but not for this arch
    if zfs="$(apk info --no-cache --quiet zfs)" && [ -n "$zfs" ]; then \
        apk add --no-cache zfs; \
    fi

# TODO aufs-tools

# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
RUN set -x \
    && addgroup -S dockremap \
    && adduser -S -G dockremap dockremap \
    && echo 'dockremap:165536:65536' >> /etc/subuid \
    && echo 'dockremap:165536:65536' >> /etc/subgid

# https://github.com/docker/docker/tree/master/hack/dind
ENV DIND_COMMIT 52379fa76dee07ca038624d639d9e14f4fb719ff

RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps libressl; \
    wget -O /usr/local/bin/dind "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind"; \
    chmod +x /usr/local/bin/dind; \
    apk del .fetch-deps

COPY dockerd-entrypoint.sh /usr/local/bin/

VOLUME /var/lib/docker
EXPOSE 2375

ENTRYPOINT ["dockerd-entrypoint.sh"]
CMD []

带安装docker部分的 dockerfile

 

FROM alpine:3.7

RUN apk add --no-cache \
        ca-certificates

# set up nsswitch.conf for Go's "netgo" implementation (which Docker explicitly uses)
# - https://github.com/docker/docker-ce/blob/v17.09.0-ce/components/engine/hack/make.sh#L149
# - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275
# - docker run --rm debian:stretch grep '^hosts:' /etc/nsswitch.conf
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf

ENV DOCKER_CHANNEL test
ENV DOCKER_VERSION 18.06.0-ce-rc3
# TODO ENV DOCKER_SHA256
# https://github.com/docker/docker-ce/blob/5b073ee2cf564edee5adca05eee574142f7627bb/components/packaging/static/hash_files !!
# (no SHA file artifacts on download.docker.com yet as of 2017-06-07 though)

RUN set -ex; \
# why we use "curl" instead of "wget":
# + wget -O docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-17.03.1-ce.tgz
# Connecting to download.docker.com (54.230.87.253:443)
# wget: error getting response: Connection reset by peer
    apk add --no-cache --virtual .fetch-deps \
        curl \
        tar \
    ; \
    \
# this "case" statement is generated via "update.sh"
    apkArch="$(apk --print-arch)"; \
    case "$apkArch" in \
        x86_64) dockerArch='x86_64' ;; \
        armhf) dockerArch='armel' ;; \
        aarch64) dockerArch='aarch64' ;; \
        ppc64le) dockerArch='ppc64le' ;; \
        s390x) dockerArch='s390x' ;; \
        *) echo >&2 "error: unsupported architecture ($apkArch)"; exit 1 ;;\
    esac; \
    \
    if ! curl -fL -o docker.tgz "https://download.docker.com/linux/static/${DOCKER_CHANNEL}/${dockerArch}/docker-${DOCKER_VERSION}.tgz"; then \
        echo >&2 "error: failed to download 'docker-${DOCKER_VERSION}' from '${DOCKER_CHANNEL}' for '${dockerArch}'"; \
        exit 1; \
    fi; \
    \
    tar --extract \
        --file docker.tgz \
        --strip-components 1 \
        --directory /usr/local/bin/ \
    ; \
    rm docker.tgz; \
    \
    apk del .fetch-deps; \
    \
    dockerd -v; \
    docker -v

COPY modprobe.sh /usr/local/bin/modprobe
COPY docker-entrypoint.sh /usr/local/bin/

ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["sh"]