how to bring up a docker-compose container as privileged - docker

I was running my container with the command sudo docker run --privileged container_name. But now I'm using a yml and and the command docker-compose up to bring it up but I don't know how to add the --privileged flag when bringing up the container with that command. I already tried adding privileged: true to the yml but it doesn't work in that case.

There is an apposite parameter to use:
web:
image: an_image-image:1.0
container_name: my-container
privileged: true
entrypoint: ["/usr/sbin/init"]
ports:
- "8280:8280"

I solved it myself by doing the following:
in the docker-compose.yml file I have these two lines for specifying the image and container's name
version: "3"
services:
app:
image: my_image
container_name: my-container
so to run it with the --privileged flag I used the command: sudo docker run --privileged my-container

Related

How to test extra_hosts configuration?

How can I check if my extra_hosts configuration is working?
version: '3.5'
services:
nginx:
image: nginx:stable
extra_hosts:
- "host.docker.internal:host-gateway"
I tried docker exec nginx /bin/sh -c 'ping host.docker.internal'
but got /bin/sh: 1: ping: not found
Is there some kind of ping alternative available in the nginx docker image?
Testing on Ubuntu 20.04.3 LTS host, with docker version 20.10.11 and docker-compose version 1.29.2.
nginx image does not come with ping command, you can add a busybox to test in and out:
cat << EOF > docker-compose.yaml
version: '3.5'
services:
nginx:
image: nginx:stable
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- 8080:80
busybox:
image: busybox
extra_hosts:
- "host.docker.internal:host-gateway"
command: ash -c 'sleep 3600'
EOF
docker-compose up -d
docker-compose exec busybox ping host.docker.internal
docker-compose exec busybox wget -qO- nginx
docker-compose exec busybox wget -qO- host.docker.internal:8080
docker-compose down
Always use sidecar container & do not overwhelm the main image:
k8s community provides a good image for network debugging which includes almost all famous CLIs : dig, nslookup, ping,.etc
k8s.gcr.io/e2e-test-images/jessie-dnsutils:1.3
Use it the same way the busybox way explained by gohm'c

is there is any way we can use bind mount in dockerfile or it neccessary to use compose-file.yml

how can we use below sample code in Docker-file
sample 1
docker container run -p 80:4000 -v $(pwd):/site/jekyll-serve
sample 2
docker container run -p 8080:80 --name web2 -v $(pwd):/usr/share/nginx/html nginx
i have recently started learning docker and swarm orchestration just need to know about this issue. is there any update in future release or any fixes to this....???
as of 9/9/21 you need to use docker compose
https://docs.docker.com/compose/networking/
services:
web:
build: .
ports:
- "80:4000"
https://docs.docker.com/storage/volumes/
services:
frontend:
volumes:
- $(pwd):/site/jekyll-serve
volumes:
myapp:
Named volumes: Docker-compose named mounted volume
my-named-volume:
driver_opts:
type: none
device: /home/full/path #NOTE needs full path (~ doesn't work)
o: bind

How to use docker command in container?

I want to use docker command in container on the centos 7.8
I already installed docker at the centos and want to use docker command in the docker container.
So, I added volume in the docker compose file like below.
services:
test_container:
container_name: test
image: app:${DOCKER_TAG}
privileged: true
ports:
- 80:3000
environment:
ENVIRONMENT: develop
volumes:
- /var/lib/docker:/var/lib/docker
- /lib/systemd/system/docker.service:/lib/systemd/system/docker.service
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker
- /etc/sysconfig/docker:/etc/sysconfig/docker
But when I run docker compose and use docker command in the container, it shows like this.
You don't have either docker-client or docker-client-latest installed. Please install either one and retry.
How could I fix this? or How could I use the docker command in docker container?
Thank you for reading my questions.
In order to run docker in a docker container, you should use "DinD"( docker in docker ) with privileges. Something like this should work;
docker run --privileged -d docker:find
Another option - instead of starting “child” containers like DinD, it will start “sibling” containers.
docker run -v /var/run/docker.sock:/var/run/docker.sock \
-ti docker
For docker compose;
version: "2"
services:
docker-in-docker:
image: docker:dind
privileged: true
expose:
- 2375
- 2376
node1:
image: docker
links:
- docker-in-docker
environment:
DOCKER_HOST: tcp://docker-in-docker:2375
command: docker ps -a

Putting docker run parameters into Dockerfile

I have a working docker command:
docker run -p 3001:8080 -p 50000:50000 -v /Users/thomas/Desktop/digital-ocean-jenkins/jenkins:/var/jenkins_home jenkins/jenkins:lts
I'd like to put these config variables in a Dockerfile:
FROM jenkins/jenkins:lts
EXPOSE 3001 8080
EXPOSE 50000 50000
VOLUME jenkins:var/jenkins_home
However it's not taking any of these configuration variables. How can I pass in the parameters I am passing to docker run as apart of the build?
I built and ran using this:
docker build -t treggi-jenkins .
docker run treggi-jenkins
I think you'd need to use docker-compose for something like that.
See docker-compose docs
The docker-compose file could look something like this
version: '3'
services:
jenkins:
image: jenkins/jenkins:lts
ports:
- "3001:8080"
- "50000:50000"
volumes:
- jenkins:var/jenkins_home
volumes:
jenkins:

Set storage-driver in Docker Compose file

I need to run the DinD docker image with overlay2 drivers, so I'd normally execute (as explained in dind Hub page):
docker run --privileged -d --name inner-docker docker:dind --storage-driver=overlay2
Is there a way to set storage-driver option in docker-compose.yml?
e.g.
app-docker:
container_name: inner-docker
image: docker:dind
privileged: true
storage_driver: overlay2
I could not find any trace in compose file docs (overlay is only referred as a network driver here).
I tried with storage_driver, storage-driver and similar with no luck.
There is an omonimous option discussed here, but it seems a totally different scope to me.
When you run below
docker run --privileged -d --name inner-docker docker:dind --storage-driver=overlay2
What you are doing is passing docker:dind arguments --storage-driver=overlay2 and not passing a option to docker run. So use below
app-docker:
container_name: inner-docker
image: docker:dind
privileged: true
command: --storage-driver=overlay2

Resources