alexsun/compose-anything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add more DinD

Browse Source
This commit is contained in:
Sun-ZhenXing
2025-12-29 00:25:53 +08:00
parent d536fbc995
commit 74cc6b49a7
12 changed files with 988 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
builds/debian-dind/.env.example Normal file
View File

@@ -0,0 +1,29 @@
# Debian DinD Configuration
# Timezone (default: UTC)
TZ=UTC
# Debian version (default: 13.2)
DEBIAN_VERSION=13.2
# Docker port override (default: 2375)
DIND_PORT_OVERRIDE=2375
# Install NVIDIA Container Toolkit for GPU support (default: false)
INSTALL_NVIDIA_TOOLKIT=false
# Enable GPU profile (set to --profile gpu when needed)
# COMPOSE_PROFILES=gpu
# Resource limits
DIND_CPU_LIMIT=2.0
DIND_MEMORY_LIMIT=4G
DIND_CPU_RESERVATION=1.0
DIND_MEMORY_RESERVATION=2G
# Docker daemon options
# Disable TLS for simplicity (not recommended for production)
DOCKER_TLS_CERTDIR=
# Data directory for named volume
# DATA_DIR=./data

62
builds/debian-dind/Dockerfile Normal file
View File

@@ -0,0 +1,62 @@
ARG DEBIAN_VERSION=13.2
FROM debian:${DEBIAN_VERSION}
# Install dependencies
# ca-certificates, curl, gnupg: for downloading Docker repo key
# iptables: required for Docker networking
# procps: for ps command
# xz-utils, pigz: for compression
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
curl \
gnupg \
iptables \
procps \
e2fsprogs \
xfsprogs \
xz-utils \
pigz \
&& rm -rf /var/lib/apt/lists/*
# Install Docker
# We use the official Docker repository for Debian
RUN install -m 0755 -d /etc/apt/keyrings \
&& curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
&& chmod a+r /etc/apt/keyrings/docker.gpg \
&& echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
docker-ce \
docker-ce-cli \
containerd.io \
docker-buildx-plugin \
docker-compose-plugin \
&& rm -rf /var/lib/apt/lists/*
# Install NVIDIA Container Toolkit (Optional)
ARG INSTALL_NVIDIA_TOOLKIT=false
RUN if [ "$INSTALL_NVIDIA_TOOLKIT" = "true" ]; then \
curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg \
&& curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | \
tee /etc/apt/sources.list.d/nvidia-container-toolkit.list \
&& apt-get update \
&& apt-get install -y nvidia-container-toolkit \
&& nvidia-ctk runtime configure --runtime=docker \
&& rm -rf /var/lib/apt/lists/*; \
fi
# Set up dind
# Docker needs a place to store data
VOLUME /var/lib/docker
# Copy entrypoint script
COPY dockerd-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/dockerd-entrypoint.sh
# Define entrypoint and default command
ENTRYPOINT ["dockerd-entrypoint.sh"]
CMD ["dockerd"]

126
builds/debian-dind/README.md Normal file
View File

@@ -0,0 +1,126 @@
# Debian DinD
A Docker-in-Docker (DinD) service based on Debian, allowing you to run Docker inside a Docker container. Useful for CI/CD pipelines, development environments, and containerized build systems.
## Features
- Based on latest stable Debian (13.2)
- Out-of-the-box Docker daemon
- Optional NVIDIA Container Toolkit for GPU support
- Resource limits configured
- Healthcheck included
- Customizable via environment variables
## Quick Start
1. Copy the example environment file:
```bash
cp .env.example .env
```
2. Start the service:
```bash
docker compose up -d
```
3. Verify Docker is running inside the container:
```bash
docker compose exec dind docker info
docker compose exec dind docker run hello-world
```
## Configuration
Key environment variables (see `.env.example` for all options):
| Variable | Description | Default |
| ------------------------ | ----------------------------------- | ------- |
| `DEBIAN_VERSION` | Debian base image version | `13.2` |
| `DIND_PORT_OVERRIDE` | Host port for Docker daemon | `2375` |
| `INSTALL_NVIDIA_TOOLKIT` | Install NVIDIA toolkit during build | `false` |
| `TZ` | Timezone | `UTC` |
| `DIND_CPU_LIMIT` | CPU limit | `2.0` |
| `DIND_MEMORY_LIMIT` | Memory limit | `4G` |
## GPU Support
To use DinD with GPU support:
1. Set `INSTALL_NVIDIA_TOOLKIT=true` in `.env`
2. Use the `gpu` profile:
```bash
docker compose --profile gpu up -d
```
Or use the dedicated GPU service:
```bash
docker compose up -d dind-gpu
```
## Security Considerations
⚠️ **Important**: This service runs in privileged mode, which grants the container extensive access to the host system. Only use this in trusted environments.
- Privileged mode is required for DinD to function
- Docker daemon exposed on port 2375 without TLS (development only)
- For production, enable TLS by setting `DOCKER_TLS_CERTDIR=/certs`
## Volume
- `dind-data`: Stores Docker daemon data (images, containers, volumes)
- `dind-gpu-data`: Separate volume for GPU-enabled service
## Resource Limits
Default resource limits:
- CPU: 2.0 cores (limit), 1.0 core (reservation)
- Memory: 4GB (limit), 2GB (reservation)
Adjust these in `.env` based on your workload.
## Advanced Usage
### Connect from host
You can connect to the Docker daemon from your host machine:
```bash
export DOCKER_HOST=tcp://localhost:2375
docker info
```
### Use in CI/CD
Example GitLab CI configuration:
```yaml
services:
- name: your-registry/debian-dind:latest
alias: docker
variables:
DOCKER_HOST: tcp://docker:2375
```
## Build Arguments
When building the image manually:
- `DEBIAN_VERSION`: Debian base version (default: `13.2`)
- `INSTALL_NVIDIA_TOOLKIT`: Install NVIDIA toolkit (default: `false`)
Example:
```bash
docker build --build-arg DEBIAN_VERSION=13.2 --build-arg INSTALL_NVIDIA_TOOLKIT=true -t debian-dind-gpu .
```
## License
This configuration is provided as-is for use with the Compose Anything project.

126
builds/debian-dind/README.zh.md Normal file
View File

@@ -0,0 +1,126 @@
# Debian DinD
基于 Debian 的 Docker-in-DockerDinD服务允许你在 Docker 容器内运行 Docker。适用于 CI/CD 流水线、开发环境和容器化构建系统。
## 特性
- 基于最新稳定版 Debian13.2
- 开箱即用的 Docker 守护进程
- 可选的 NVIDIA Container Toolkit支持 GPU
- 配置了资源限制
- 包含健康检查
- 通过环境变量自定义配置
## 快速开始
1. 复制示例环境文件:
```bash
cp .env.example .env
```
2. 启动服务:
```bash
docker compose up -d
```
3. 验证 Docker 是否在容器内运行:
```bash
docker compose exec dind docker info
docker compose exec dind docker run hello-world
```
## 配置说明
主要环境变量(查看 `.env.example` 了解所有选项):
| 变量 | 说明 | 默认值 |
| ------------------------ | ------------------------- | ------- |
| `DEBIAN_VERSION` | Debian 基础镜像版本 | `13.2` |
| `DIND_PORT_OVERRIDE` | Docker 守护进程的主机端口 | `2375` |
| `INSTALL_NVIDIA_TOOLKIT` | 构建时安装 NVIDIA 工具包 | `false` |
| `TZ` | 时区 | `UTC` |
| `DIND_CPU_LIMIT` | CPU 限制 | `2.0` |
| `DIND_MEMORY_LIMIT` | 内存限制 | `4G` |
## GPU 支持
使用 GPU 支持的 DinD
1. 在 `.env` 中设置 `INSTALL_NVIDIA_TOOLKIT=true`
2. 使用 `gpu` profile
```bash
docker compose --profile gpu up -d
```
或使用专用的 GPU 服务:
```bash
docker compose up -d dind-gpu
```
## 安全注意事项
⚠️ **重要**:此服务以特权模式运行,这会授予容器对主机系统的广泛访问权限。仅在可信环境中使用。
- DinD 运行需要特权模式
- Docker 守护进程在端口 2375 上暴露,未启用 TLS仅用于开发
- 生产环境请通过设置 `DOCKER_TLS_CERTDIR=/certs` 启用 TLS
## 数据卷
- `dind-data`:存储 Docker 守护进程数据(镜像、容器、卷)
- `dind-gpu-data`GPU 服务的独立数据卷
## 资源限制
默认资源限制:
- CPU2.0 核心限制1.0 核心(预留)
- 内存4GB限制2GB预留
根据你的工作负载在 `.env` 中调整这些值。
## 高级用法
### 从主机连接
你可以从主机连接到 Docker 守护进程:
```bash
export DOCKER_HOST=tcp://localhost:2375
docker info
```
### 在 CI/CD 中使用
GitLab CI 配置示例:
```yaml
services:
- name: your-registry/debian-dind:latest
alias: docker
variables:
DOCKER_HOST: tcp://docker:2375
```
## 构建参数
手动构建镜像时:
- `DEBIAN_VERSION`Debian 基础版本(默认:`13.2`
- `INSTALL_NVIDIA_TOOLKIT`:安装 NVIDIA 工具包(默认:`false`
示例:
```bash
docker build --build-arg DEBIAN_VERSION=13.2 --build-arg INSTALL_NVIDIA_TOOLKIT=true -t debian-dind-gpu .
```
## 许可证
此配置按原样提供,用于 Compose Anything 项目。

90
builds/debian-dind/docker-compose.yaml Normal file
View File

@@ -0,0 +1,90 @@
# Docker-in-Docker (DinD) service based on Debian
# This allows running Docker inside a Docker container
x-defaults: &defaults
restart: unless-stopped
logging:
driver: json-file
options:
max-size: 100m
max-file: "3"
services:
dind:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}alexsuntop/debian-dind:${DEBIAN_DIND_VERSION:-0.1.0}
build:
context: .
dockerfile: Dockerfile
args:
- DEBIAN_VERSION=${DEBIAN_VERSION:-13.2}
- INSTALL_NVIDIA_TOOLKIT=${INSTALL_NVIDIA_TOOLKIT:-false}
privileged: true
ports:
- "${DIND_PORT_OVERRIDE:-2375}:2375"
volumes:
- dind-data:/var/lib/docker
environment:
- TZ=${TZ:-UTC}
- DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR:-}
healthcheck:
test: ["CMD", "docker", "info"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
deploy:
resources:
limits:
cpus: ${DIND_CPU_LIMIT:-2.0}
memory: ${DIND_MEMORY_LIMIT:-4G}
reservations:
cpus: ${DIND_CPU_RESERVATION:-1.0}
memory: ${DIND_MEMORY_RESERVATION:-2G}
profiles:
- ${COMPOSE_PROFILES:-}
# GPU-enabled DinD (optional)
dind-gpu:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}alexsuntop/debian-dind:${DEBIAN_DIND_GPU_VERSION:-0.1.0-gpu}
build:
context: .
dockerfile: Dockerfile
args:
- DEBIAN_VERSION=${DEBIAN_VERSION:-13.2}
- INSTALL_NVIDIA_TOOLKIT=true
privileged: true
ports:
- "${DIND_PORT_OVERRIDE:-2375}:2375"
volumes:
- dind-gpu-data:/var/lib/docker
environment:
- TZ=${TZ:-UTC}
- DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR:-}
- NVIDIA_VISIBLE_DEVICES=all
- NVIDIA_DRIVER_CAPABILITIES=compute,utility
healthcheck:
test: ["CMD", "docker", "info"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
deploy:
resources:
limits:
cpus: ${DIND_CPU_LIMIT:-2.0}
memory: ${DIND_MEMORY_LIMIT:-4G}
reservations:
cpus: ${DIND_CPU_RESERVATION:-1.0}
memory: ${DIND_MEMORY_RESERVATION:-2G}
devices:
- driver: nvidia
count: 1
capabilities: [gpu]
profiles:
- gpu
volumes:
dind-data:
dind-gpu-data:

58
builds/debian-dind/dockerd-entrypoint.sh Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/sh
set -e
# Adapted from official docker-library/docker dind entrypoint
# https://github.com/docker-library/docker/blob/master/24/dind/dockerd-entrypoint.sh
if [ -z "$DOCKER_HOST" ]; then
case "$1" in
dockerd*)
# If we're running dockerd, we need to make sure we have cgroups mounted
if [ ! -d /sys/fs/cgroup ]; then
mkdir -p /sys/fs/cgroup
fi
if ! mountpoint -q /sys/fs/cgroup; then
mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
fi
# Mount cgroup v2 if available and not mounted
if [ -e /sys/fs/cgroup/cgroup.controllers ] && ! mountpoint -q /sys/fs/cgroup; then
mount -t cgroup2 -o nsdelegate cgroup2 /sys/fs/cgroup
fi
# If /sys/fs/cgroup is not a cgroup2 mount, we might need to mount cgroup v1 hierarchies
if ! mountpoint -q /sys/fs/cgroup || [ "$(stat -f -c %T /sys/fs/cgroup)" != "cgroup2fs" ]; then
if [ -d /sys/fs/cgroup/cgroup.controllers ]; then
# It is cgroup2 but maybe not mounted as such?
# Actually if it exists, it's likely v2.
:
else
# cgroup v1
for subsystem in $(awk '/^[^#]/ { print $1 }' /proc/cgroups); do
mkdir -p "/sys/fs/cgroup/$subsystem"
if ! mountpoint -q "/sys/fs/cgroup/$subsystem"; then
mount -t cgroup -o "$subsystem" cgroup "/sys/fs/cgroup/$subsystem"
fi
done
fi
fi
;;
esac
fi
if [ "$1" = 'dockerd' ] || [ "${1#-}" != "$1" ]; then
# if the first argument is "dockerd" or a flag (starts with -)
if [ "${1#-}" != "$1" ]; then
set -- dockerd "$@"
fi
# Explicitly use iptables-legacy if available, as it is often more stable for DinD
if command -v update-alternatives >/dev/null; then
if update-alternatives --query iptables | grep -q "iptables-legacy"; then
update-alternatives --set iptables /usr/sbin/iptables-legacy || true
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true
fi
fi
fi
exec "$@"