127 lines
3.1 KiB
Markdown
127 lines
3.1 KiB
Markdown
# Debian DinD
|
|
|
|
A Docker-in-Docker (DinD) service based on Debian, allowing you to run Docker inside a Docker container. Useful for CI/CD pipelines, development environments, and containerized build systems.
|
|
|
|
## Features
|
|
|
|
- Based on latest stable Debian (13.2)
|
|
- Out-of-the-box Docker daemon
|
|
- Optional NVIDIA Container Toolkit for GPU support
|
|
- Resource limits configured
|
|
- Healthcheck included
|
|
- Customizable via environment variables
|
|
|
|
## Quick Start
|
|
|
|
1. Copy the example environment file:
|
|
|
|
```bash
|
|
cp .env.example .env
|
|
```
|
|
|
|
2. Start the service:
|
|
|
|
```bash
|
|
docker compose up -d
|
|
```
|
|
|
|
3. Verify Docker is running inside the container:
|
|
|
|
```bash
|
|
docker compose exec dind docker info
|
|
docker compose exec dind docker run hello-world
|
|
```
|
|
|
|
## Configuration
|
|
|
|
Key environment variables (see `.env.example` for all options):
|
|
|
|
| Variable | Description | Default |
|
|
| ------------------------ | ----------------------------------- | ------- |
|
|
| `DEBIAN_VERSION` | Debian base image version | `13.2` |
|
|
| `DIND_PORT_OVERRIDE` | Host port for Docker daemon | `2375` |
|
|
| `INSTALL_NVIDIA_TOOLKIT` | Install NVIDIA toolkit during build | `false` |
|
|
| `TZ` | Timezone | `UTC` |
|
|
| `DIND_CPU_LIMIT` | CPU limit | `2.0` |
|
|
| `DIND_MEMORY_LIMIT` | Memory limit | `4G` |
|
|
|
|
## GPU Support
|
|
|
|
To use DinD with GPU support:
|
|
|
|
1. Set `INSTALL_NVIDIA_TOOLKIT=true` in `.env`
|
|
2. Use the `gpu` profile:
|
|
|
|
```bash
|
|
docker compose --profile gpu up -d
|
|
```
|
|
|
|
Or use the dedicated GPU service:
|
|
|
|
```bash
|
|
docker compose up -d dind-gpu
|
|
```
|
|
|
|
## Security Considerations
|
|
|
|
⚠️ **Important**: This service runs in privileged mode, which grants the container extensive access to the host system. Only use this in trusted environments.
|
|
|
|
- Privileged mode is required for DinD to function
|
|
- Docker daemon exposed on port 2375 without TLS (development only)
|
|
- For production, enable TLS by setting `DOCKER_TLS_CERTDIR=/certs`
|
|
|
|
## Volume
|
|
|
|
- `dind-data`: Stores Docker daemon data (images, containers, volumes)
|
|
- `dind-gpu-data`: Separate volume for GPU-enabled service
|
|
|
|
## Resource Limits
|
|
|
|
Default resource limits:
|
|
|
|
- CPU: 2.0 cores (limit), 1.0 core (reservation)
|
|
- Memory: 4GB (limit), 2GB (reservation)
|
|
|
|
Adjust these in `.env` based on your workload.
|
|
|
|
## Advanced Usage
|
|
|
|
### Connect from host
|
|
|
|
You can connect to the Docker daemon from your host machine:
|
|
|
|
```bash
|
|
export DOCKER_HOST=tcp://localhost:2375
|
|
docker info
|
|
```
|
|
|
|
### Use in CI/CD
|
|
|
|
Example GitLab CI configuration:
|
|
|
|
```yaml
|
|
services:
|
|
- name: your-registry/debian-dind:latest
|
|
alias: docker
|
|
|
|
variables:
|
|
DOCKER_HOST: tcp://docker:2375
|
|
```
|
|
|
|
## Build Arguments
|
|
|
|
When building the image manually:
|
|
|
|
- `DEBIAN_VERSION`: Debian base version (default: `13.2`)
|
|
- `INSTALL_NVIDIA_TOOLKIT`: Install NVIDIA toolkit (default: `false`)
|
|
|
|
Example:
|
|
|
|
```bash
|
|
docker build --build-arg DEBIAN_VERSION=13.2 --build-arg INSTALL_NVIDIA_TOOLKIT=true -t debian-dind-gpu .
|
|
```
|
|
|
|
## License
|
|
|
|
This configuration is provided as-is for use with the Compose Anything project.
|