by Adam Brett

Docker Patterns - Socket Mount (Docker-in-Docker)

It seems like since the dawn of time, or at least as soon as people learn about docker, everyone wants to know how to run more docker containers inside their docker containers. This completely misses the point, but there are ways and means.

Sometimes it makes sense to have a tool inside docker that can launch docker containers, or at least control them, for example, a control panel application, or for the [Launcher Container] pattern

In order to do this, we don't run docker-in-docker, and instead use a Socket Mount. By default the local docker client will communicate with the local docker server via a socket in /var/run/docker.sock. By mounting this location in our container we can actually control the docker server on the host, allowing us to launch new containers or do whatever we want!

It looks like this:

docker run -d -v /var/run/docker.sock:/var/run/docker.sock:ro someapp

and of course, the docker-compose version:

  image: someapp
    - /var/run/docker.sock:/var/run/docker.sock:ro

You'll note we're mounting the docker socket with the readonly flags. This stops you from writing over the socket file itself, but doesn't stop you interacting with it (including "writes") to control docker!

For exclusive content, including screen-casts, videos, and early beta access to my projects, subscribe to my email list below.

I love discussion, but not blog comments. If you want to comment on what's written above, head over to twitter.