docker-in-docker: `Cannot connect to the Docker daemon at tcp://docker:2375`

Question

I am trying to manually use the docker:19.03.5-dind image as shown by the "How to use this image" section.

• First I am running the daemon

  $ docker run --privileged -d --rm --name=docker-daemon \
               --network=test  docker:19.03.5-dind
  e1f8544d30df5bc010d67e38b38be0f47306b29ab0fdeb32861c5716582c9917
  

• I see that it is up and listens on port 2376

  $ docker logs docker-daemon
  ...
  time="2019-11-28T11:31:40.266976728Z" level=info msg="Daemon has completed initialization"
  time="2019-11-28T11:31:40.550083421Z" level=info msg="API listen on [::]:2376"
  time="2019-11-28T11:31:40.550169911Z" level=info msg="API listen on /var/run/docker.sock"
  

• Next I bring up the docker client:

  $ docker run -it --rm --name=my-docker \
        --network=test --link=docker-daemon:docker docker:19.03.5
  

• From the client I can ping the docker-daemon and its docker alias

  # ping docker-daemon -c1
  PING docker-daemon (172.20.0.2): 56 data bytes
  64 bytes from 172.20.0.2: seq=0 ttl=64 time=0.146 ms
  ...
  # ping docker -c1
  PING docker (172.20.0.2): 56 data bytes
  64 bytes from 172.20.0.2: seq=0 ttl=64 time=0.177 ms
  ...
  

• But still I can't run docker:

  # docker ps
  Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
  

Shouldn't it try to connect on port 2376? What am I missing here?

---

My host running Ubuntu 18.04 with Docker version 18.09.7, build 2d0083d

Answer 1

您需要按照链接文档中的步骤进行操作，包括将证书目录作为卷安装在两个容器中，并在客户端容器上传递 env 变量：

$ docker run --privileged --name some-docker -d \
    --network some-network --network-alias docker \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v some-docker-certs-ca:/certs/ca \
    -v some-docker-certs-client:/certs/client \
    docker:dind

$ docker run --rm --network some-network \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v some-docker-certs-client:/certs/client:ro \
    docker:latest version

第一个映像填充卷安装，第二个映像使用这些证书通过 2376 进行通信。如果没有证书，它会尝试连接到未加密的 2375 端口，该端口在 19.03 dind 映像中默认未启用。