Can Docker client(within container) talk to docker daemon on EC2 using UNIX socket?

问题

As part of Jenkins docker image,

am supposed to install docker client(only),

that can talk to docker daemon installed on underlying EC2 instance.

UNIX socket, I mean socket(AF_UNIX,,)

---

Background

As per the instruction, given here,

I do not see the necessity to install docker daemon withink jenkins image,

because the author is using UNIX socket to talk to underlying docker daemon running in EC2 instance, as shown here.

My understanding is, installing docker client installation(only) within jenkins image, would suffice to talk to docker daemon running on EC2 instance, using UNIX socket(/var/run/docker.sock)

---

1)

Can docker client running in jenkins image communicate to docker daemon running in underlying EC2 instance? with below mapping...

volumes:
    - /var/run/docker.sock:/var/run/docker.sock

2)

How to install docker client only in below jenkins image?

FROM jenkins:1.642.1


# Suppress apt installation warnings
ENV DEBIAN_FRONTEND=noninteractive

# Official Jenkins image does not include sudo, change to root user
USER root

# Used to set the docker group ID
# Set to 497 by default, which is the groupID used by AWS Linux ECS instance
ARG DOCKER_GID=497

# Create Docker Group with GID
# Set default value of 497 if DOCKER_GID set to blank string by Docker compose
RUN groupadd -g ${DOCKER_GID:-497} docker

回答1:

To use Docker in Jenkins, Jenkins must have access to the docker.sock.

What you are proposing here is a docker in docker approach, by installing docker inside the jenkins container, but actually this is not necessary. You only need a valid docker daemon, and for that reason, the usual approach is to map /var/run/docker.sock from the host to the container.

Have a look at this amazing post https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/

回答2:

You need to install docker inside the jenkins image then bind mount the /var/run/docker.sock so that you can run side car containers as explained in Jérôme Petazzoni's blog post on the subject. This is my jenkins Dockerfile:

FROM jenkins/jenkins:lts

USER root
RUN apt-get update && \
    apt-get install -y \
        maven \
        apt-transport-https \
        ca-certificates \
        curl \
        gnupg-agent \
        lsb-release \
        software-properties-common

RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

RUN add-apt-repository \
    "deb [arch=amd64] https://download.docker.com/linux/debian \
    $(lsb_release -cs) \
    stable"

RUN apt-get update && \
    apt-get install -y \
        docker-ce \
        docker-ce-cli \
        containerd.io

RUN usermod -a -G docker jenkins

COPY plugins.txt /usr/share/jenkins/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/plugins.txt

USER jenkins
WORKDIR /var/jenkins_home

Note: you can install your plugins during the build using the plugins.sh as explained here.

Build the jenkins image i.e.: docker build --rm -t so:58652650 .

Run the container mounting /var/run/docker.sock i.e.: docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock --entrypoint bash so:58652650

Inside the image as the jenkins user the docker commands should work as expected:

来源：https://stackoverflow.com/questions/58652650/can-docker-clientwithin-container-talk-to-docker-daemon-on-ec2-using-unix-sock