Use the upstream dind package to run docker

It is pretty close to our docker package, if we adjust the command that is run to avoid the actual dind startup script. We can't use the normal docker image as it does not have mkfs and so on. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2025-07-29 13:38:00 +00:00 · 2017-07-17 20:37:01 +01:00 · 2017-07-17 20:37:01 +01:00 · a4650b242f
commit a4650b242f
parent 5df1dbc23e
10 changed files with 20 additions and 66 deletions
--- a/blueprints/docker-for-mac/docker-17.06-ce.yml
+++ b/blueprints/docker-for-mac/docker-17.06-ce.yml
@ -3,7 +3,7 @@ services:
  # Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit
  # for vpnkit coordination and /var/config/docker for the configuration file.
  - name: docker-dfm
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
    net: host
@ -18,7 +18,7 @@ services:
     - /var/config/docker:/var/config/docker
     - /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy
     - /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper 
-    command: [ "/usr/bin/docker-init", "/usr/bin/dockerd", "--",
+    command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
            "--config-file", "/var/config/docker/daemon.json",
            "--swarm-default-advertise-addr=eth0",
            "--userland-proxy-path", "/usr/bin/vpnkit-expose-port",
@ -27,3 +27,7 @@ services:
 files:
    - path: /var/config/docker/daemon.json
      contents: '{ "debug": true }'
+
+trust:
+    org:
+        - library
--- a/examples/docker.yml
+++ b/examples/docker.yml
@ -30,7 +30,7 @@ services:
  - name: ntpd
    image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
    net: host
@ -41,9 +41,11 @@ services:
     - /var/lib/docker:/var/lib/docker
     - /lib/modules:/lib/modules
     - /etc/docker/daemon.json:/etc/docker/daemon.json
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
 files:
  - path: etc/docker/daemon.json
    contents: '{"debug": true}'
 trust:
  org:
    - linuxkit
+    - library
--- a/pkg/docker-ce/Dockerfile
+++ b/pkg/docker-ce/Dockerfile
@ -1,48 +0,0 @@
-FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror
-
-# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
-# removed openssl as I do not think server needs it
-RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
-RUN apk add --no-cache --initdb -p /out \
-	alpine-baselayout \
-	btrfs-progs \
-	busybox \
-	ca-certificates \
-	curl \
-	e2fsprogs \
-	e2fsprogs-extra \
-	iptables \
-	musl \
-	xfsprogs \
-	xz
-RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
-
-FROM scratch
-COPY --from=mirror /out/ /
-
-# set up Docker group
-# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
-RUN set -x \
-	&& addgroup -S docker \
-	&& addgroup -S dockremap \
-	&& adduser -S -G dockremap dockremap \
-	&& echo 'dockremap:165536:65536' >> /etc/subuid \
-	&& echo 'dockremap:165536:65536' >> /etc/subgid
-
-# DOCKER_TYPE is stable, edge or test
-ENV DOCKER_TYPE stable
-ENV DOCKER_VERSION 17.06.0-ce
-ENV DOCKER_SHA256 e582486c9db0f4229deba9f8517145f8af6c5fae7a1243e6b07876bd3e706620
-
-# we could avoid installing client here I suppose
-RUN set -x \
-	&& curl -fSL "https://download.docker.com/linux/static/${DOCKER_TYPE}/$(uname -m)/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \
-	&& echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
-	&& tar -xzvf docker.tgz \
-	&& mv docker/* /usr/bin/ \
-	&& rmdir docker \
-	&& rm docker.tgz \
-	&& docker -v
-
-# use the Docker copy of tini as our init for zombie reaping
-ENTRYPOINT ["/usr/bin/docker-init", "/usr/bin/dockerd"]
--- a/pkg/docker-ce/Makefile
+++ b/pkg/docker-ce/Makefile
@ -1,4 +0,0 @@
-IMAGE=docker-ce
-NETWORK=1
-
-include ../package.mk
--- a/projects/compose/compose-dynamic.yml
+++ b/projects/compose/compose-dynamic.yml
@ -27,10 +27,9 @@ services:
  - name: ntpd
    image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
-    net: host
    mounts:
     - type: cgroup
       options: ["rw","nosuid","noexec","nodev","relatime"]
@ -39,6 +38,7 @@ services:
     - /lib/modules:/lib/modules
     - /var/run:/var/run
     - /var/html:/var/html
+    command: ["/usr/bin/docker-init", "/usr/bin/dockerd"]
  - name: compose
    image: linuxkitprojects/compose:0535e78608f57702745dfd56fbe78d28d237e469
    binds:
--- a/projects/compose/compose-static.yml
+++ b/projects/compose/compose-static.yml
@ -27,10 +27,9 @@ services:
  - name: ntpd
    image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
-    net: host
    mounts:
     - type: cgroup
       options: ["rw","nosuid","noexec","nodev","relatime"]
@ -39,6 +38,7 @@ services:
     - /lib/modules:/lib/modules
     - /var/run:/var/run
     - /var/html:/var/html
+    command: ["/usr/bin/docker-init", "/usr/bin/dockerd"]
  - name: compose
    image: linuxkitprojects/compose:0535e78608f57702745dfd56fbe78d28d237e469
    binds:
--- a/projects/kubernetes/image-cache/Dockerfile
+++ b/projects/kubernetes/image-cache/Dockerfile
@ -1,4 +1,4 @@
-FROM linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+FROM docker:17.06.0-ce-dind
 ADD . /images
 ENTRYPOINT [ "/bin/sh", "-c" ]
 CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
--- a/projects/kubernetes/kube-master.yml
+++ b/projects/kubernetes/kube-master.yml
@ -38,10 +38,9 @@ services:
  - name: sshd
    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
-    net: host
    pid: host
    mounts:
     - type: cgroup
@ -54,6 +53,7 @@ services:
     - /etc/cni:/etc/cni:rshared,rbind
     - /opt/cni:/opt/cni:rshared,rbind
    rootfsPropagation: shared
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
  - name: kubernetes-image-cache-common
    image: linuxkit/kubernetes:latest-image-cache-common
    binds:
--- a/projects/kubernetes/kube-node.yml
+++ b/projects/kubernetes/kube-node.yml
@ -38,10 +38,9 @@ services:
  - name: sshd
    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
-    net: host
    pid: host
    mounts:
     - type: cgroup
@ -54,6 +53,7 @@ services:
     - /etc/cni:/etc/cni:rshared,rbind
     - /opt/cni:/opt/cni:rshared,rbind
    rootfsPropagation: shared
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
  - name: kubernetes-image-cache-common
    image: linuxkit/kubernetes:latest-image-cache-common
    binds:
--- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml
+++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml
@ -24,10 +24,9 @@ services:
  - name: dhcpcd
    image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
-    net: host
    mounts:
     - type: cgroup
       options: ["rw","nosuid","noexec","nodev","relatime"]
@ -35,6 +34,7 @@ services:
     - /var/lib/docker:/var/lib/docker
     - /lib/modules:/lib/modules
     - /run:/var/run
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
  - name: test-docker-bench
    image: linuxkit/test-docker-bench:4999d3484771e8466580c0dc2e479595e49faa85
    ipc: host