https://www.cnblogs.com/anliven/p/13551614.html

1 – docker in docker(dind)

有时需要在容器内执行 docker 命令，比如：在 jenkins 容器内运行 docker 命令执行构建镜像
直接在 docker 容器内嵌套安装 docker 未免太过臃肿
更好的办法是：容器内仅部署 docker 命令行工具（作为客户端），实际执行交由宿主机内的 docker-engine（服务器）

回到顶部

2 – 两种方式

在docker容器内启动一个docker daemon，对外提供服务。
每个运行中的容器，都是一个进程，这个进程都托管在docker daemon中。
优点在于镜像和容器都在一个隔离的环境，保持宿主机的环境。

2.1 通过宿主机的docker.sock

通过类似docker run -v /var/run/docker.sock:/var/run/docker.sock的命令将宿主机 docker.sock 文件挂载到容器，并且直接挂载宿主机的/usr/bin/docker，这样容器内就不需安装 Docker 程序。
当容器内使用docker命令时，实际上调用的是宿主机的docker daemon和docker命令。
也就是说，容器内实际并未运行 docker server，但是能够通过宿主机执行docker任务，从而实现轻量级 docker in docker
需要特别说明的是，真正执行 docker 命令的是跑在宿主机上的 docker-engine（服务器），因此这并不是真正的 “Docker in Docker”.

2.2 通过`docker:dind`镜像

先启动一个docker:dind容器A，再启动一个docker容器B，容器B指定host为A容器内的docker daemon。

回到顶部

3 – 实例:Run Jenkins via Docker Desktop on Windows OS

https://www.jenkins.io/doc/book/installing/

启动Jenkins

λ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
ce94289d7289        bridge              bridge              local
b47c8fca8bab        host                host                local
6140a92f13fe        none                null                local
λ docker network <span class="hljs-keyword">create</span> jenkins
<span class="hljs-number">10</span>aa1f469d1ee811c406d1acc009c267e7a288b0bf7818af70832f476dc83974
GuowangLi@CNMCSRFX33 /c/Projects
λ docker network ls
NETWORK <span class="hljs-keyword">ID</span>          <span class="hljs-keyword">NAME</span>                DRIVER              <span class="hljs-keyword">SCOPE</span>
ce94289d7289        bridge              bridge              <span class="hljs-keyword">local</span>
b47c8fca8bab        host                host                <span class="hljs-keyword">local</span>
<span class="hljs-number">10</span>aa1f469d1e        jenkins             bridge              <span class="hljs-keyword">local</span>
<span class="hljs-number">6140</span>a92f13fe        <span class="hljs-keyword">none</span>                <span class="hljs-literal">null</span>                <span class="hljs-keyword">local</span>
λ
λ docker volume ls
DRIVER              VOLUME <span class="hljs-keyword">NAME</span>
λ docker volume <span class="hljs-keyword">create</span> jenkins-docker-certs
jenkins-docker-certs
λ docker volume <span class="hljs-keyword">create</span> jenkins-<span class="hljs-keyword">data</span>
jenkins-<span class="hljs-keyword">data</span>
λ docker volume ls
DRIVER              VOLUME <span class="hljs-keyword">NAME</span>
<span class="hljs-keyword">local</span>               jenkins-<span class="hljs-keyword">data</span>
<span class="hljs-keyword">local</span>               jenkins-docker-certs
λ docker <span class="hljs-keyword">container</span> run <span class="hljs-comment">--name jenkins-docker --detach \</span>
&gt;   <span class="hljs-comment">--privileged --network jenkins --network-alias docker \</span>
&gt;   <span class="hljs-comment">--env DOCKER_TLS_CERTDIR=/certs \</span>
&gt;   <span class="hljs-comment">--volume jenkins-docker-certs:/certs/client \</span>
&gt;   <span class="hljs-comment">--volume jenkins-data:/var/jenkins_home \</span>
&gt;   docker:dind
Unable <span class="hljs-keyword">to</span> find image <span class="hljs-string">'docker:dind'</span> locally
dind: Pulling <span class="hljs-keyword">from</span> <span class="hljs-keyword">library</span>/docker
df20fa9351a1: Pull <span class="hljs-keyword">complete</span>
<span class="hljs-number">25</span>ad7478873d: Pull <span class="hljs-keyword">complete</span>
<span class="hljs-number">4684</span>f6177b5d: Pull <span class="hljs-keyword">complete</span>
<span class="hljs-number">46e300</span>cec669: Pull <span class="hljs-keyword">complete</span>
<span class="hljs-number">63038576</span>ad94: Pull <span class="hljs-keyword">complete</span>
<span class="hljs-number">0</span>fdb76c4706c: Pull <span class="hljs-keyword">complete</span>
cb7edeffdfd5: Pull <span class="hljs-keyword">complete</span>
cc28bd76800f: Pull <span class="hljs-keyword">complete</span>
<span class="hljs-number">54196</span>fe38f7e: Pull <span class="hljs-keyword">complete</span>
ea71acc29633: Pull <span class="hljs-keyword">complete</span>
<span class="hljs-number">657</span>cc4c15165: Pull <span class="hljs-keyword">complete</span>
Digest: sha256:a8ea5b6b4b7472a3804d22f619097e983cc939344608aa3774e73d24291007d6
<span class="hljs-keyword">Status</span>: Downloaded newer image <span class="hljs-keyword">for</span> docker:dind
<span class="hljs-number">4</span>a8be3066dbd65b85f35933c0d53c174f3c1bfd55b94188baa377be9f275e72e
λ docker <span class="hljs-keyword">container</span> run \
&gt;   <span class="hljs-comment">--name jenkins-blueocean \</span>
&gt;   <span class="hljs-comment">--detach \</span>
&gt;   <span class="hljs-comment">--network jenkins \</span>
&gt;   <span class="hljs-comment">--env DOCKER_HOST=tcp://docker:2376 \</span>
&gt;   <span class="hljs-comment">--env DOCKER_CERT_PATH=/certs/client \</span>
&gt;   <span class="hljs-comment">--env DOCKER_TLS_VERIFY=1 \</span>
&gt;   <span class="hljs-comment">--volume jenkins-data:/var/jenkins_home \</span>
&gt;   <span class="hljs-comment">--volume jenkins-docker-certs:/certs/client:ro \</span>
&gt;   <span class="hljs-comment">--publish 8080:8080 \</span>
&gt;   <span class="hljs-comment">--publish 50000:50000 \</span>
&gt;   jenkinsci/blueocean
b0f8d0ca1673f3d74ed764ba49341093277b92b3c02dd2cee0146ebd43ce3cb5
λ
λ docker ps
<span class="hljs-keyword">CONTAINER</span> <span class="hljs-keyword">ID</span>        IMAGE                 COMMAND                  CREATED             <span class="hljs-keyword">STATUS</span>              PORTS                                              <span class="hljs-keyword">NAMES</span>
b0f8d0ca1673        jenkinsci/blueocean   <span class="hljs-string">"/sbin/tini -- /usr/…"</span>   <span class="hljs-number">3</span> <span class="hljs-keyword">minutes</span> ago       Up <span class="hljs-number">3</span> <span class="hljs-keyword">minutes</span>        <span class="hljs-number">0.0</span><span class="hljs-number">.0</span><span class="hljs-number">.0</span>:<span class="hljs-number">8080</span>-&gt;<span class="hljs-number">8080</span>/tcp, <span class="hljs-number">0.0</span><span class="hljs-number">.0</span><span class="hljs-number">.0</span>:<span class="hljs-number">50000</span>-&gt;<span class="hljs-number">50000</span>/tcp   jenkins-blueocean
<span class="hljs-number">4</span>a8be3066dbd        docker:dind           <span class="hljs-string">"dockerd-entrypoint.…"</span>   <span class="hljs-number">4</span> <span class="hljs-keyword">minutes</span> ago       Up <span class="hljs-number">4</span> <span class="hljs-keyword">minutes</span>        <span class="hljs-number">2375</span><span class="hljs-number">-2376</span>/tcp                                      jenkins-docker
λ docker images
REPOSITORY            TAG                 IMAGE <span class="hljs-keyword">ID</span>            CREATED             <span class="hljs-keyword">SIZE</span>
jenkinsci/blueocean   latest              <span class="hljs-number">0577399033</span>d7        <span class="hljs-number">21</span> <span class="hljs-keyword">hours</span> ago        <span class="hljs-number">579</span>MB
docker                dind                <span class="hljs-number">66</span>dc2d45749a        <span class="hljs-number">7</span> <span class="hljs-keyword">days</span> ago          <span class="hljs-number">226</span>MB
λ

λ docker network ls

NETWORK ID NAME DRIVER SCOPE

ce94289d7289 bridge bridge local

b47c8fca8bab host host local

6140a92f13fe none null local

λ docker network create jenkins

10aa1f469d1ee811c406d1acc009c267e7a288b0bf7818af70832f476dc83974

GuowangLi@CNMCSRFX33 /c/Projects

λ docker network ls

NETWORK ID NAME DRIVER SCOPE

ce94289d7289 bridge bridge local

b47c8fca8bab host host local

10aa1f469d1e jenkins bridge local

6140a92f13fe none null local

λ docker volume ls

DRIVER VOLUME NAME

λ docker volume create jenkins-docker-certs

jenkins-docker-certs

λ docker volume create jenkins-data

jenkins-data

λ docker volume ls

DRIVER VOLUME NAME

local jenkins-data

local jenkins-docker-certs

λ docker container run --name jenkins-docker --detach \

> --privileged --network jenkins --network-alias docker \

> --env DOCKER_TLS_CERTDIR=/certs \

> --volume jenkins-docker-certs:/certs/client \

> --volume jenkins-data:/var/jenkins_home \

> docker:dind

Unable to find image 'docker:dind' locally

dind: Pulling from library/docker

df20fa9351a1: Pull complete

25ad7478873d: Pull complete

4684f6177b5d: Pull complete

46e300cec669: Pull complete

63038576ad94: Pull complete

0fdb76c4706c: Pull complete

cb7edeffdfd5: Pull complete

cc28bd76800f: Pull complete

54196fe38f7e: Pull complete

ea71acc29633: Pull complete

657cc4c15165: Pull complete

Digest: sha256:a8ea5b6b4b7472a3804d22f619097e983cc939344608aa3774e73d24291007d6

Status: Downloaded newer image for docker:dind

4a8be3066dbd65b85f35933c0d53c174f3c1bfd55b94188baa377be9f275e72e

λ docker container run \

> --name jenkins-blueocean \

> --detach \

> --network jenkins \

> --env DOCKER_HOST=tcp://docker:2376 \

> --env DOCKER_CERT_PATH=/certs/client \

> --env DOCKER_TLS_VERIFY=1 \

> --volume jenkins-data:/var/jenkins_home \

> --volume jenkins-docker-certs:/certs/client:ro \

> --publish 8080:8080 \

> --publish 50000:50000 \

> jenkinsci/blueocean

b0f8d0ca1673f3d74ed764ba49341093277b92b3c02dd2cee0146ebd43ce3cb5

λ docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

b0f8d0ca1673 jenkinsci/blueocean "/sbin/tini -- /usr/…" 3 minutes ago Up 3 minutes 0.0.0.0:8080->8080/tcp, 0.0.0.0:50000->50000/tcp jenkins-blueocean

4a8be3066dbd docker:dind "dockerd-entrypoint.…" 4 minutes ago Up 4 minutes 2375-2376/tcp jenkins-docker

λ docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

jenkinsci/blueocean latest 0577399033d7 21 hours ago 579MB

docker dind 66dc2d45749a 7 days ago 226MB

获取初始密码

λ docker <span class="hljs-built_in">exec</span> jenkins-blueocean cat var/jenkins_home/secrets/initialAdminPassword
b22f3b04344f4094bb6b26e1312002e8

λ docker exec jenkins-blueocean cat var/jenkins_home/secrets/initialAdminPassword

b22f3b04344f4094bb6b26e1312002e8

回到顶部

4 – Command List

涉及的一些命令

<span class="hljs-attr">docker</span> <span class="hljs-string">network create jenkins</span>

<span class="hljs-attr">docker</span> <span class="hljs-string">volume create jenkins-docker-certs</span>
<span class="hljs-attr">docker</span> <span class="hljs-string">volume create jenkins-data</span>

<span class="hljs-attr">docker</span> <span class="hljs-string">container run \
  --name jenkins-docker \
  --detach \
  --privileged \
  --network jenkins \
  --network-alias docker \
  --env DOCKER_TLS_CERTDIR=/certs \
  --volume jenkins-docker-certs:/certs/client \
  --volume jenkins-data:/var/jenkins_home \
  docker:dind</span>

<span class="hljs-attr">docker</span> <span class="hljs-string">container run \
  --name jenkins-blueocean \
  --detach \
  --network jenkins \
  --env DOCKER_HOST=tcp://docker:2376 \
  --env DOCKER_CERT_PATH=/certs/client \
  --env DOCKER_TLS_VERIFY=1 \
  --volume jenkins-data:/var/jenkins_home \
  --volume jenkins-docker-certs:/certs/client:ro \
  --publish 8080:8080 \
  --publish 50000:50000 \
  jenkinsci/blueocean</span>

docker network create jenkins

docker volume create jenkins-docker-certs

docker volume create jenkins-data

docker container run \

--name jenkins-docker \

--detach \

--privileged \

--network jenkins \

--network-alias docker \

--env DOCKER_TLS_CERTDIR=/certs \

--volume jenkins-docker-certs:/certs/client \

--volume jenkins-data:/var/jenkins_home \

docker:dind

docker container run \

--name jenkins-blueocean \

--detach \

--network jenkins \

--env DOCKER_HOST=tcp://docker:2376 \

--env DOCKER_CERT_PATH=/certs/client \

--env DOCKER_TLS_VERIFY=1 \

--volume jenkins-data:/var/jenkins_home \

--volume jenkins-docker-certs:/certs/client:ro \

--publish 8080:8080 \

--publish 50000:50000 \

jenkinsci/blueocean

Action is the antidote to despair!

欢迎转载和引用，但请在明显处保留原文链接和原作者信息!
本博客内容多为个人工作与学习的记录，少部分内容来自于网络并略有修改，已尽力标明原文链接和转载说明。如有冒犯，即刻删除！

以所舍，求所获，有所依，方所成。

分类: Docker

IT问题

程序员的疑难杂症录

转：Docker – docker in docker(dind)

1 – docker in docker(dind)

2 – 两种方式

2.1 通过宿主机的docker.sock

2.2 通过`docker:dind`镜像

3 – 实例:Run Jenkins via Docker Desktop on Windows OS

4 – Command List

发表评论取消回复

1 – docker in docker(dind)

2 – 两种方式

2.1 通过宿主机的docker.sock

2.2 通过docker:dind镜像

3 – 实例:Run Jenkins via Docker Desktop on Windows OS

4 – Command List

发表评论 取消回复

2.2 通过`docker:dind`镜像

发表评论取消回复