Simplifying Development and Deployment with Isolated Docker Environments
Docker is a platform that simplifies application development, shipping, and deployment processes using containerization. However, what if we can go one step ahead and enclose Docker itself inside a container as Docker allows the layer of containerization.
Explore the ways of setting up a confined environment for Docker operations to execute inside a container for separate development, testing, and experimentation workflows. First, we will understand the concept of Docker in Docker.
What is Docker in Docker?
Docker-in-Docker, the term itself describes that it is a technique of executing one Docker container inside another by using the same daemon. By starting a Docker daemon within a Docker container, it is possible to nest Docker functionality and give the inner Docker instance the ability to manage and run containers just like it would if it were running directly on the host computer.
Containers are managed at the host level by the Docker daemon in a conventional Docker setup. However, Docker in Docker establishes a separate setting in which a container with its own Docker daemon is used to carry out Docker operations.
What are the Use Cases of Docker Running in Docker Container?
Following are the Advantages/Use Cases of Docker-in-Docker.
- Increase Build Efficiency in CI/CD Pipeline: Itenables parallel execution of builds within containers, allowing for increased efficiency and faster CI/CD pipelines.
- Learning/Training : Docker-in-Docker provides learners with a controlled environment to practice Docker commands and explore containerization concepts without impacting their local setup.
- Project Isolation: Developers can create isolated environments for different projects without impacting their host system’s Docker setup. Each project can have its own contained Docker environment for testing and development purposes.
- Version Testing: Docker in Docker allows testing different Docker versions within separate containers, ensuring compatibility and validating changes without affecting the host Docker installation.
- Temporary Environment: We can discard it easily after doing quick testing or after performing specific operations.
Note: It is not recommended to use in production as it may compromise the security.
Prerequisites
Engaging in practical experiences is crucial as it converts theoretical ideas into practical skills and improves the depth of your understanding. Let’s practice hands-on activities directly on your local machine.
Docker Installation
- Verify that Docker is present on your host machine.
docker version
- If it’s not installed, please refer to the official Docker installation instructions for your operating system and follow the steps provided.
- For example we have used the script file to install docker on Linux.
curl -fsSL https://get.docker.com -o install-docker.sh sudo sh install-docker.sh
Let’s start with DinD implementation.
How to Configure Docker in a Docker Container?
We’ll install Docker and create a container using the -v
flag to attach /var/run/docker.sock
to manipulate docker daemon from the host. In this container, we will run docker commands.
Mounting the Host’s Docker Socket /var/run/docker.sock
Mount the host’s Docker socket into a container. This allows Docker commands to run inside the container to execute against the existing daemon. This is the traditional and efficient way to run Docker in the container.
As shown in the above figure, we can run multiple docker containers to run docker commands by using the same daemon from the host system. Let’s pull the Docker image.
- To pull the Docker image,
docker image pull docker
- Run the container
docker-cont
from the docker image withoutprivileged
access.
docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock --name docker-cont docker sh
- Run the following command in
docker-cont
container to verify Docker in Docker Setup,
docker info
- Create a nested container in docker
docker-cont
container,
docker container run -it --name inner-cont -p 8000:80 nginx:alpine
Click on http://localhost:8000 and view the homepage of nginx.
Add following index.html
file to the host.
#index.yaml <html> <head> <title>Welcome to CloudYuga!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body bgcolor=orange> <h1>Welcome to CloudYuga!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
Open Terminal-2,
and change the index.html
by following command from the host.
docker cp index.html inner-cont:/usr/share/nginx/html/
Click on http://localhost:8000 and view the homepage again.
- List the containers from the
host
anddocker-cont
container.
docker container ls
We can see the same list.
Now, we will explore other approach.
Configure Docker in Do cker with otheralternative
Implement DinD using Docker:dind Image
It creates a parent container. We can create a child container in them. We will pull docker:dind official docker image which runs rootless dockerd and provides an isolated environment. Rootless environments are used in container technologies, where users can create and manage containers without needing root privileges.
Using this method, we will get a completely isolated environment as shown in the above figure. It is not sharing the daemon with the host system. Let’s implement this setup in lab.
- Pull
docker:dind
image.
docker image pull docker:dind
- Create a container
cy-nested-cont
using the above image withprivileged
access.
docker container run --privileged -d --name cy-nested-cont docker:dind
Exec
intocy-nested-cont
container.
docker exec -it cy-nested-cont /bin/sh
- To verify docker is running into the container, create a container using
nginx:alpine
image in thecy-nested-cont.
docker container run -d --name cy-dind-img-cont nginx:alpine
- List the containers in the
cy-nested-cont
.
docker ps
- Open another
Terminal-2
and list the container by using above command from the host.
We can see, that the list of containers is different in this case because of the isolated nature of the docker:dind
image.
Disadvantages
Following are the disadvantages of Docker-in-Docker.
- Does not provide a secure environment
- Compatibility Issue
- Networking complexity
- Not recommended for production due to security reasons
- Resource Overhead
Conclusion
Our Hands-on lab equips you with the information and understanding you need to successfully navigate the world of Docker-in-Docker configurations. It is useful for developers or DevOps professionals.
What Next?
You can follow our other hands-on lab to enhance your docker skills.
Recommendations:
[2] How to manage docker as a non-root user?
[3] How to optimize Docker images without compromising their quality?
[4] Which are different image analysis tools and why they are useful?
[5] How to run multi-container application using docker-compose?
[6] How to build multi-architecture images with buildx?
and many more.
References
[1] https://devopscube.com/run-docker-in-docker/
[2] https://blog.packagecloud.io/3-methods-to-run-docker-in-docker-containers
[3] https://www.docker.com/blog/docker-can-now-run-within-docker/