Docker Rootless Mode
For details about Docker Rootless check this blog post or this slideshare
We'll be setting up an environment and do a demo of how docker rootless mode works.
We'll use Vagrant and VirtualBox to get a clean OS that can be run on any other OS.
First clone this repo locally and enter inside the checked out repo on CLI. The rest of commands are to be executed there.
Start VMs
There are two VMs rootless
and rootful
that can be started with the following command:
vagrant up
Both are clean Ubuntu OS Xenial64.
Install Docker rootless
To install Docker rootless mode normally the following should be used:
vagrant ssh rootless
# Install Dependencies
/vagrant/scripts/setup.sh
# Install Docker rootless
curl -sSL https://get.docker.com/rootless | sh
Same script pointing to release v19.03.1
is located locally:
/vagrant/scripts/rootless.sh
Install Docker rootful
vagrant ssh rootful
curl -fsSL https://get.docker.com -o get-docker.sh
Start Docker
On one console run docker daemon:
export PATH=/home/vagrant/bin:$PATH
export DOCKER_HOST=unix:///run/user/1000/docker.sock
On another console connect to the daemon:
export PATH=/home/vagrant/bin:$PATH
export DOCKER_HOST=unix:///run/user/1000/docker.sock
docker run hello-world
Demo
The demo script can be run on both VMs so you can see the differences
Docker CLI as root
ubuntu
user is not part of docker
group, so it needs sudo
to access the docker socket:
# On rootful VM
sudo su - ubuntu
docker ps
sudo docker ps
vagrant
user is part of docker
group and can access docker socket directly:
# On rootful VM
docker ps
Run a simple container
docker run hello-world
Overlays are stored in different locations:
ls -al ~/.local/share/docker/overlay
sudo ls -al /var/lib/docker/overlay2
Expose a port
Expose a port of range 1000+
docker run nginx -d -p 32768:80 nginx:alpine
curl localhost:32768
docker rm -f nginx
Expose a port of range 1000-
docker run --name nginx -d -p 80:80 nginx:alpine
docker rm -f nginx