在 alpine linux 容器内构建 docker 映像

Question

我们使用运行 alpine linux 的 docker 容器作为竹子中的构建代理。作为构建计划的一部分，需要创建一个 docker 镜像。

我们的构建代理安装了 docker，但是由于 docker 守护程序没有运行，我们遇到了错误。启动守护进程

/usr/local/bin/dockerd

给出以下内容：

INFO[0000] libcontainerd: new containerd process, pid: 640 
ERRO[0001] 'overlay' is not supported over overlayfs    
INFO[0001] Graph migration to content-addressability took 0.00 seconds 
INFO[0001] Loading containers: start.                   
WARN[0001] Running modprobe bridge br_netfilter failed with message: modprobe: can't change directory to '/lib/modules': No such file or directory
, error: exit status 1 
WARN[0001] Running modprobe nf_nat failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1 
WARN[0001] Running modprobe xt_conntrack failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1 
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain: Iptables not found

为了解决这个问题，我安装了 iptables。现在，当我尝试运行 docker 守护进程时，我得到：

INFO[0000] libcontainerd: new containerd process, pid: 705 
ERRO[0001] 'overlay' is not supported over overlayfs    
INFO[0001] Graph migration to content-addressability took 0.00 seconds 
INFO[0001] Loading containers: start.                   
WARN[0001] Running modprobe bridge br_netfilter failed with message: modprobe: can't change directory to '/lib/modules': No such file or directory
, error: exit status 1 
WARN[0001] Running modprobe nf_nat failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1 
WARN[0001] Running modprobe xt_conntrack failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1 
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.0: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)

由于 sudo 在 alpine 上不存在，所以我有点不知道该去哪里。

Answer 1

在 Docker 容器内运行 Docker 守护进程通常是一个不靠谱的前景。我们有这个完全相同的需求，我们通过将 Docker 主机中的 /var/run/docker.sock 挂载到 Docker 容器中来解决它：

docker run -v /var/run/docker.sock:/var/run/docker.sock --privileged

这样，构建代理容器内的docker 命令实际上是在与主机上的 Docker 守护进程对话，而不是在容器内。对我们来说效果很好。