end0tknr's kipple - web写経開発

太宰府天満宮の狛犬って、妙にカワイイ

docker in docker (dind)

以下の書籍「Docker/Kubernetes 実践コンテナ」にある「3.5.1 Docker Swarm」の写経です。

www.amazon.co.jp

目次

書籍記載の docker-compose.yml は、docker:18.05.0-ce-dind で古い
- Error starting daemon: Devices cgroup isn't mounted
- iptables v1.6.1: can't initialize iptables
$ vi docker-compose.yml
docker compose 起動と、起動していることの確認

書籍記載の docker-compose.yml は、docker:18.05.0-ce-dind で古い

この為、当初、以下のようなエラーとなりました。

このエラーの修正法はあるかもしれませんが、結局、docker:20.10.23-dind へバージョンアップすることで、解消しました。

Error starting daemon: Devices cgroup isn't mounted

cf. https://qiita.com/Suzuki09/items/f3f31901f3bf0a929668

$ sudo vi /etc/default/grub

  old GRUB_CMDLINE_LINUX="【略】rd.lvm.lv=almalinux/swap"
  new GRUB_CMDLINE_LINUX="【略】rd.lvm.lv=almalinux/swap systemd.unified_cgroup_hierarchy=0"

$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
$ sudo reboot

iptables v1.6.1: can't initialize iptables

Error starting daemon: Error initializing network controller:
error obtaining controller instance: failed to create NAT chain DOCKER:
iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1:
can't initialize iptables table `nat':
Table does not exist (do you need to insmod?)

$ vi docker-compose.yml

version: "3"
services:
  registry:
    container_name: registry
    image: registry:2.6
    ports:
      - 5000:5000
    volumes:
      - "./registry-data:/var/lib/registry"
  manager:
    container_name: manager
    image: docker:20.10.23-dind
    privileged: true
    tty: true
    ports:
      - 8000:80
      - 9000:9000
    depends_on:
      - registry
    expose:
      - 3375
    command: "--insecure-registry registry:5000"
    volumes:
      - "./stack:/stack"
  worker01:
    container_name: worker01
    image: docker:20.10.23-dind
    privileged: true
    tty: true
    depends_on:
      - manager
      - registry
    expose:
      - 7946
      - 7946/udp
      - 4789/udp
    command: "--insecure-registry registry:5000"
  worker02:
    container_name: worker02
    image: docker:20.10.23-dind
    privileged: true
    tty: true
    depends_on:
      - manager
      - registry
    expose:
      - 7946
      - 7946/udp
      - 4789/udp
    command: "--insecure-registry registry:5000"

※ 「--insecure-registry registry:5000」は https以外のhttp:5000で、 registryでアクセス可にする為のものです

docker compose 起動と、起動していることの確認

$ docker compose up -d

$ docker compose ps
NAME      IMAGE                 COMMAND               SERVICE   PORTS
manager   docker:20.10.23-dind  "dockerd-entrypoint." manager   2375-2376/tcp,3375/tcp,:::9000->9000/tcp,:::8000->80/tcp
registry  registry:2.6          "/entrypoint.sh /etc" registry  0.0.0.0:5000->5000/tcp, :::5000->5000/tcp
worker01  docker:20.10.23-dind  "dockerd-entrypoint." worker01  2375-2376/tcp,4789/udp,7946/tcp,7946/udp
worker02  docker:20.10.23-dind  "dockerd-entrypoint." worker02  2375-2376/tcp,4789/udp,7946/tcp,7946/udp