What is the difference between docker:latest and docker:dind

Background:

When writing CI, the image is declared as the execution environment of the job, and each job is executed in a pure container.

Sometimes, we need a docker container environment to perform docker build, docker push and other operations. Looking at the official docker image, we find that there are two main versions: docker:latest, docker:dind and docker:git.

(Recommended tutorial: docker tutorial)

docker:dind

This image contains Docker client (command line tool) and Docker daemon.

Through the docker history docker:dind command, we found that docker:dind installed Docker daemon on the basis of docker:latest, and the last two build commands are:

IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
66dc2d45749a        8 weeks ago         /bin/sh -c #(nop)  CMD []                       0B                  
<missing>           8 weeks ago         /bin/sh -c #(nop)  ENTRYPOINT ["dockerd-entr…   0B                  
...

In run the image When, the sh CMD parameter cannot be specified. The dockerd-entrypoint.sh command will not start the Docker daemon when receiving this parameter. To correctly start the Docker daemon in the container and enter the container, you need to proceed step by step:

$ docker run -d --name dind --privileged docker:dind # 启动容器
$ docker logs -f dind # 查看启动日志
$ docker exec -it dind sh # 进入容器

When starting the docker:dind container, the parameter --privileged must be added, otherwise the Docker daemon will report an error when starting.

docker:latest

This image only contains the Docker client and requires Docker daemon support. You can use docker:dind or mount the host's /var/run/docker. sock.

The --privileged parameter is not required to start this image.

Through the docker history docker:latest command, the CMD default is sh:

81f5749c9058        3 months ago        /bin/sh -c #(nop)  CMD ["sh"]                   0B                  
<missing>           3 months ago        /bin/sh -c #(nop)  ENTRYPOINT ["docker-entry…   0B                  
...

Startup method one: Mount the host sock file

$ docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker:latest

Startup method two: Cooperate with docker: dind

Put docker:dind and docker:latest into the same network, and specify the alias of the dind container in the network as docker, because the default daemon host in the latest container is called docker.

In addition, you need to pay attention to the certificate issue. The new version of Docker client requires a TLS certificate to communicate with the Docker daemon to ensure communication security. The docker:dind container will generate the certificate to the directory specified by the environment variable DOCKER_TLS_CERTDIR. The certificate needs to be mounted and provided. For use by docker:latest containers.

$ docker run --privileged --name some-docker -d \
    --network some-network --network-alias docker \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v some-docker-certs-ca:/certs/ca \
    -v some-docker-certs-client:/certs/client \
    docker:dind
$ docker run --rm --network some-network \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v some-docker-certs-client:/certs/client:ro \
    docker:latest

docker:git

docker:git is docker:latest that contains the git command, which is convenient for using Git in CI.

The above is the detailed content of What is the difference between docker:latest and docker:dind. For more information, please follow other related articles on the PHP Chinese website!