2019/09/14/dind

[utterances-bot]

Secure Docker-in-Docker with System Containers | Nestybox Blog Site

Docker-in-Docker (DinD), Docker-out-of-Docker (DooD), Nestybox system containers.

https://blog.nestybox.com/2019/09/14/dind.html

[rLoka]

What does this exactly mean:

the mount path must be relative to the host (as otherwise the host Docker daemon on the host won't be able to perform the mount correctly).

Could you please provide an example?

[ctalledo]

Sure: say inside the Docker CLI container you create a dir under /tmp/somedir and you want to bind-mount it into a container. You would normally launch the container with a docker run command such as:

docker run --mount type=bind,source=/tmp/somedir,target=/mnt/somedir <my_image>

But since the Docker CLI container is talking to a Docker daemon running at host level, and directory /tmp/somedir does not exist at host level, the docker run command will fail.

The point is that when using the DooD approach, the docker run command is invoked within a container yet is executed by a Docker daemon at host level. Therefore the entity that issues the docker run command and the entity that executes it are in different contexts.

Hope that clarifies.

[wanfuse123]

Is it possible to do this: with Nestybox? ( This is a copy of a post I put on Redit with no answer)

Hi! I am looking to do the following Windows-WSLg-Ubuntu-DOCKER(maybe DooD))-NVIDIADRIVER(version x,y,z) -CUDA(ver(a,b,c))-Python(ver(r,s,t))-Tensorflow(ver(l,m,n)) working together Hi! I am running a windows 10 (developer version) latest with a Ubuntu guest and with docker. I CAN SUCCESSFULLY get a container to see the nvidia card and process AI software. However the solution is a pain because of versional conflicts between NVIDIA versions CUDA VERSIONS Python VERSIONS and Tensorflow versions. I am wondering HOW in the world I can get get one docker container to see different combinations of each of these separate 4 base containers. EXAMPLE #1: For one project I might need CONTAINER #1 nvidia driver x and CONTAINER #2 CUDA version c, and CONTAINER #3 Python version r and CONTAINER #4 Tensorflow version m But for the next instance of software I might need EXAMPLE #2 (4 separate containers as well) nvidia driver y and CUDA version b, and Python version s and Tensorflow verion n basically I have 4 categorieso on and so forth with variable combinations. What I can not figure out is how to get nvidia to communicate with combinations of these instead of creating one giant monolithic container. It takes up much less space to keep them separate and I dont have to make a million containers (one for each combination) Other requirements is I like using python notebooks (not always) and I also like using google colab but really want to try to keep all the pieces local on the hosting windows machine (plenty of space) I dont think I can use docker networking with nvidia (please correct me if I am wrong ) I need to find a good example of doing this. Also I have heard briefly about Docker on Docker (DooD) and have seen this thread which is of some interest Is it ok to run docker from inside docker? and aufs, kaniko, Nestybox, Dind but it seems I might be getting in over my head without a similar example and it seems like it could really messing with the host system(file corruption and security isues). Perhaps it is the right way to go? Need an example or Perhaps there is an easier way? Seems like nvidia doesnt make it easy to do this sort of thing and there is limited giant monolithic historical containers and combinations to work with. Help is greatly appreciated! I have hundreds of projects written with different combinations and hate the thought of rewriting all of them to bring them up to date (it would be time and money prohibitive) Thanks!

I hope to hear from you soon!

Regards,

Steven Anderson
firstcontact@savegreen.energy