メモ:Docker in DockerをTanzu Kubernetes Grid(TKGm) v1.3.1で試してみる

-

自分備忘録用メモ。TKGm v1.3.1 のWorkload Cluster 上でPod 内のコンテナでdocker コマンドが実行出来るかどうかの確認


前提条件

  • TKGm v1.3.1
  • Workload Cluster のKubernetes v1.19.9
  • containerd v1.4.3

作業メモ

Workload Cluster の確認をします。

$ k get nodes
NAME                           STATUS   ROLES    AGE   VERSION
fender-control-plane-48lfk     Ready    master   39h   v1.19.9+vmware.1
fender-md-0-7f8474584d-7pp7n   Ready    <none>   39h   v1.19.9+vmware.1


Docker in Docker を動かすためのマニフェストファイルの作成します。Docker Hub にあるイメージを使います。20.x19.x では上手く動かなかったため、18.09.9 というバージョンを利用して試しました。

k run dind --image=docker:18.09.9 --dry-run=client -oyaml > docker-in-docker.yaml
vim docker-in-docker.yaml

$ cat docker-in-docker.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: dind
  name: dind
spec:
  containers:
  - image: docker:18.09.9
    name: dind
    command: ["docker", "run", "nginx:latest"]
    env:
      - name: DOCKER_HOST
        value: tcp://localhost:2375
    resources: {}
  - name: dind-daemon
    image: docker:18.09.9-dind
    resources:
      requests:
        cpu: 20m
        memory: 512Mi
    securityContext:
      privileged: true
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}


実行してみます。

k apply -f docker-in-docker.yaml


ちゃんと動いていそうです。

$ k get pods
NAME   READY   STATUS    RESTARTS   AGE
dind   2/2     Running   1          9s


Pod 内のコンテナに入って確認してみます。以下の通り、Pod 内でdocker コマンドを実行出来ている事を確認出来ました。

k exec -it dind -c dind -- /bin/sh


/ # docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              d1a364dc548d        9 hours ago         133MB


/ # docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
f054c0260aa2        nginx:latest        "/docker-entrypoint.…"   6 minutes ago       Up 6 minutes        80/tcp              gallant_neumann


/ # docker info
Containers: 1
 Running: 1
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 18.09.9
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 5.4.0-72-generic
Operating System: Alpine Linux v3.10 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.775GiB
Name: dind
ID: ZJGP:SB73:K7Q7:IPM4:HJ3G:KSVK:O7NK:K2QB:WE2S:SNTO:V53F:2W3M
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: No swap limit support


/ # ps aux |grep docker
    1 root      0:00 docker run nginx:latest
   48 root      0:00 grep docker

このブログの人気の投稿