这个有点像 Java程序,用java 写一个源程序,再用 java 程序编译完,直接再装载java class文件,再运行。

1, DinD 需要以特权模式启动,这种嵌套会带来潜在的安全风险。
docker run —privileged -e DOCKER_TLS_CERTDIR=”” -d —name dockerd docker:dind

docker run —rm -it —link dockerd:docker docker:latest sh

Notes: 后面的docker 就是 1个docker 容器
在 DinD 容器中,拉取镜像
#

root@racknerd-1cbb93:~# docker run —rm -it —link dockerd:docker docker:latest sh
/ # hostname
ec674f8b01b3
/ # cat /etc/os-release
NAME=”Alpine Linux”
ID=alpine
VERSION_ID=3.12.1
PRETTY_NAME=”Alpine Linux v3.12”
HOME_URL=”https://alpinelinux.org/
BUG_REPORT_URL=”https://bugs.alpinelinux.org/
/ # docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
5f5dd3e95e9f: Pull complete
Digest: sha256:9f1c79411e054199210b4d489ae600a061595967adb643cd923f8515ad8123d2
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
/ #

键入 exit 退出容器,通过主机上的 Docker Daemon

  1. $ docker images |grep  busybox

2, DooD

  • 运行一个容器

docker run —rm -it -v /var/run/docker.sock:/var/run/docker.sock alpine sh

curl -XPOST —unix-socket /var/run/docker.sock http://localhost/images/create?fromImage=nginx

notes: 这个命令有 bug,会要求 拉所有版本的images

/ # curl -XPOST —unix-socket /var/run/docker.sock http://localhost/images/creat
e?fromImage=shaowenchen/docker-robotframework&tag=latest
/ # {“message”:”toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit”}

键入 exit 退出容器,通过主机上的 Docker Daemon

  1. $ docker images |grep robotframework
  2. shaowenchen/docker-robotframework                              latest                         d99cfa7ee716

使用yaml文件在k8s 里尝试

apiVersion: apps/v1
kind: Deployment
metadata:
name: dind
spec:
replicas: 1
selector:
matchLabels:
app: dind
template:
metadata:
labels:
app: dind
spec:
containers:
- name: dockerd
image: ‘docker:dind’
env:
- name: DOCKER_TLS_CERTDIR
value: “”
securityContext:
privileged: true
- name: docker-cli
image: ‘docker:latest’
env:
- name: DOCKER_HOST
value: 127.0.0.1
command: [“/bin/sh”]
args: [“-c”, “sleep 86400;”]

其中 docker:latest 不是 太合适
需要 docker tag docker: dind docker:latest

kubectl apply -f dind.yaml

kubectl get pod |grep dind
dind-5446ffbc8d-68q28 2/2 Running 0 12s

/ # docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
852e50cd189d: Pull complete
571d7e852307: Pull complete
addb10abd9cb: Pull complete
d20aa7ccdb77: Pull complete
8b03f1e11359: Pull complete
Digest: sha256:6b1daa9462046581ac15be20277a7c75476283f969cb3a61c8725ec38d3b01c3
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
/ # docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest bc9a0695f571 5 days ago 133MB
/ #
exit

  • 创建一个 dood.yaml 文件,内容如下:
    1. apiVersion: apps/v1
    2. kind: Deployment
    3. metadata:
    4. name: dood
    5. spec:
    6. replicas: 1
    7. selector:
    8.   matchLabels:
    9.     app: dood
    10. template:
    11.   metadata:
    12.     labels:
    13.       app: dood
    14.   spec:
    15.     containers:
    16.       - image: docker:latest
    17.         name: docker-cli
    18.         securityContext:
    19.           privileged: false
    20.         command: ["/bin/sh"]
    21.         args: ["-c", "sleep 86400;"]
    22.         volumeMounts:
    23.         - mountPath: /var/run/docker.sock
    24.           name: volume-docker
    25.     volumes:
    26.       - hostPath:
    27.           path: /var/run/docker.sock
    28.           type: ""
    29.         name: volume-docker

[root@node-10-120-127-235 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
counter 3/3 Running 0 68d 192.168.69.243 node-10-120-127-237
dind-78588dd555-54vgw 2/2 Running 0 17m 192.168.56.158 node-10-120-127-235
dood-667d8bcfc6-5xwbj 1/1 Running 0 10s 192.168.3.157 node-10-120-127-238
nginx-86c57db685-5925s 1/1 Running 0 65d 192.168.95.60 node-10-120-127-236
nginx-86c57db685-fkmw2 1/1 Running 0 65d 192.168.69.245 node-10-120-127-237
nginx-86c57db685-t5lfl 1/1 Running 0 65d 192.168.3.149 node-10-120-127-238
spy-3437 1/1 Running 0 19d 10.120.127.238 node-10-120-127-238
spy-5107 1/1 Running 0 19d 10.120.127.238 node-10-120-127-238
spy-6179 1/1 Running 0 19d 10.120.127.237 node-10-120-127-237
spy-8003 1/1 Running 0 19d 10.120.127.238 node-10-120-127-238
spy-8868 1/1 Running 0 19d 10.120.127.238 node-10-120-127-238
spy-9310 1/1 Running 0 19d 10.120.127.238 node-10-120-127-238
[root@node-10-120-127-235 ~]# kubectl exec -it dood-667d8bcfc6-5xwbj -c docker-cli sh
/ # dokcer pull nginx
sh: dokcer: not found
/ # docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
852e50cd189d: Pull complete
571d7e852307: Pull complete
addb10abd9cb: Pull complete
d20aa7ccdb77: Pull complete
8b03f1e11359: Pull complete
Digest: sha256:6b1daa9462046581ac15be20277a7c75476283f969cb3a61c8725ec38d3b01c3
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
/ #