Return to site

Docker Installation On Windows

broken image


Estimated reading time: 7 minutes

Open up settings from the Docker Desktop menu and select Kubernetes. Make sure Enable Kubernetes is checked, and that Kubernetes is the default orchestrator for docker stack commands. If this is the first time you have enabled Kubernetes, it may take a little while to download and install.

Docker for Windows is a Docker Community Edition(CE) app. The Docker for Windowsinstall package includes everything you need to run Docker on a Windows system.This topic describes pre-install considerations, and how to download and installDocker for Windows.

Already have Docker for Windows?If you already have Docker forWindows installed, and are ready to get started, skip toGet started with Docker for Windows for a quick tour ofthe command line, settings, and tools.

Looking for Release Notes?Get release notes for allversions here.

Download Docker for Windows

  1. If you want to install Docker the manual way, head on over to the Docker Desktop downloads page and then click on ‘Download for Windows (Stable)' button to download the installer file. Then, go to your downloads folder and double click on ‘Docker Desktop Installer' setup file to initiate the installation process.
  2. Starting with WSL2, Docker can run in it's full flow in Windows and you can use images built for Linux. Below tutorial will help you install Docker on your WSL in windows. Before you install the Docker Desktop WSL 2 backend, you must complete the following steps: Install Windows 10, version 2004 or higher (Build 19041 or higher).

If you have not already done so, please install Docker for Windows. You candownload installers from the Stable or Edge channel.

Both Stable and Edge installers come with experimental features in Docker Engine enabled by default. Experimental mode can be toggled on and off in preferences.

We welcome yourfeedback to help us improve Docker for Windows.

For more about Stable and Edge channels, see theFAQs.

Stable channelEdge channel
Stable is the best channel to use if you want a reliable platform to work with. Stable releases track the Docker platform stable releases.
On this channel, you can select whether to send usage statistics and other data.
Stable releases happen once per quarter.
Use the Edge channel if you want to get experimental features faster, and can weather some instability and bugs. We collect usage data on Edge releases.
Edge builds are released once per month.
Checksum: Stable installer SHA256Checksum: Edge installer SHA256
  • Legacy (.msi) installers are available for Edge and Stable channels.

  • The Docker for Windows is designed to configure Docker development environments on Windows 10 and on Windows Server 2016. You can develop both Docker Linux containers and Docker Windows containers with Docker for Windows. To run Docker Windows containers in production, see instructions for installing Docker EE on Windows Server 2016. To run Docker Linux containers in production, see instructions for installing Docker on Linux.

  • Docker for Windows requires 64bit Windows 10 Pro with Hyper-V available. Please see What to know before you install for a full listof prerequisites.

  • You can switch between Edge and Stable versions, but you can only have one app installed at a time. Also, you will need to save images and export containers you want to keep before uninstalling the current version before installing another. For more about this, see the FAQs about Stable and Edge channels.

What to know before you install

If your system does not meet the requirements to run Docker for Windows, you can installDocker Toolbox, which uses Oracle Virtual Box instead ofHyper-V.

  • README FIRST for Docker Toolbox and Docker Machine users: Docker for Windows requires Microsoft Hyper-V to run. The Docker for Windows installer will enable Hyper-V for you, if needed, and restart your machine. After Hyper-V isenabled, VirtualBox will no longer work, but any VirtualBox VM images willremain. VirtualBox VMs created with docker-machine (including the defaultone typically created during Toolbox install) will no longer start. These VMscannot be used side-by-side with Docker for Windows. However, you can still usedocker-machine to manage remote VMs.
  • Virtualization must be enabled. Typically, virtualization is enabled by default. (Note that this is different from having Hyper-V enabled.) For moredetail see Virtualization must beenabled in Troubleshooting.
  • The current version of Docker for Windows runs on 64bit Windows 10 Pro, Enterprise and Education (1511 November update, Build 10586 or later). In the future we will support more versions of Windows 10.
  • Containers and images created with Docker for Windows are shared between all user accounts on machines where it is installed. This is because allWindows accounts will use the same VM to build and run containers. In thefuture, Docker for Windows will better isolate user content.
  • Nested virtualization scenarios, such as running Docker for Windowson a VMWare or Parallels instance, might work, but come with noguarantees (i.e., not officially supported). For more information, seeRunning Docker for Windows in nested virtualization scenarios
  • What the Docker for Windows install includes: The installation provides Docker Engine, Docker CLI client, Docker Compose, Docker Machine, and Kitematic.

About Windows containers and Windows Server 2016

Looking for information on using Windows containers?

  • Switch between Windows and Linux containers describes the Linux / Windows containers toggle in Docker for Windows and points you to the tutorial mentioned above.
  • Getting Started with Windows Containers (Lab)provides a tutorial on how to set up and run Windows containers on Windows 10 orwith Windows Server 2016. It shows you how to use a MusicStore application withWindows containers.
  • Setup - Windows Server 2016 (Lab) specifically describes environment setup.
  • Docker Container Platform for Windows Server 2016 articles and blog posts on the Docker website

Install Docker for Windows

  1. Double-click Docker for Windows Installer.exe to run the installer.

    If you haven't already downloaded the installer (Docker for Windows Installer.exe), you can get it from download.docker.com. It typically downloads to your Downloads folder, or you can run it from the recent downloads bar at the bottom of your web browser.

  2. Follow the install wizard to accept the license, authorize the installer, and proceed with the install.

    You will be asked to authorize Docker.app with your system password during the install process. Privileged access is needed to install networking components, links to the Docker apps, and manage the Hyper-V VMs.

  3. Click Finish on the setup complete dialog to launch Docker.

Docker Installation On Windows 10 Home

Start Docker for Windows

Docker will not start automatically. To start it, search for Docker, select theapp in the search results, and click it (or hit Return).

When the whale in the status bar stays steady, Docker is up-and-running, andaccessible from any terminal window.

If the whale is hidden in the Notifications area, click the up arrow on thetaskbar to show it. To learn more, see Docker Settings.

If you just installed the app, you also get a popup success message withsuggested next steps, and a link to this documentation.

When initialization is complete, select About Docker from the notificationarea icon to verify that you have the latest version.

Congratulations! You are up and running with Docker for Windows.

Where to go next

  • Getting started provides an overview of Docker for Windows,basic Docker command examples, how to get help or give feedback, andlinks to all topics in the Docker for Windows guide.

  • Get started with Docker teaches you how to define and deployapplications with Docker.

  • Troubleshooting describes common problems,workarounds, how to run and submit diagnostics, and submit issues.

  • FAQs provides answers to frequently asked questions.

  • Release Notes lists component updates, new features, and improvements associated with Stable and Edge releases.

windows, beta, edge, alpha, install, download

Last Updated on November 4, 2020

If you need to run Docker within a container, or in other words Docker in Docker, this can sometimes be confusing, especially in Windows where it's not obvious how Docker is setup. In this article, we'll be lifting the covers on Docker for Windows and exploring how to run Docker commands in containers. Note that we'll be covering only Linux based containers in this article.

How Docker works on Windows

When using Docker for Windows, also known as Docker desktop, a virtual machine running the Docker daemon is installed using the Windows Hyper-V virtualisation framework.

Commands that are run from the Docker CLI on a Windows command prompt are passed through to the Docker daemon running in a VM:

If we run docker version we can clearly see the distinction here between client and server. The Docker Engine comprises the client and server, the client being the Docker CLI and the server the Docker daemon. See below that the Docker daemon is running in Linux:

Docker Installation On Windows 10 Step By Step

For the most part, when building and running containers we don't need to know about these details. Unless, of course, we want to run Docker inside Docker.

In this case, we need a way to:

  1. Install the Docker CLI in a container
  2. Get the Docker CLI to communicate with the Docker daemon running on the host
  3. Provide the container with the correct permissions to use that communication channel

All about /var/run/docker.sock

A Unix socket is a way for processes running on the same host to communicate with each other. It doesn't involve the network, so is more lightweight than other protocols such as TCP/IP sockets. They are addressed using a filename, ending in a .sock extension.

Docker installation on windows 10 home

The Docker daemon listens to a socket at /var/run/docker.sock, responding to calls to the Docker API. If we want to be able to issue Docker commands from a container, we'll need to communicate with this socket.

Thankfully, since the Docker socket is described as a file, we can expose that file to the container as a volume when we run it, using the Docker run command's -v option:

-v, –volume=[host-src:]container-dest[:]: Bind mount a volume.

So if we want a container to have access to /var/run/docker.sock we'll pass the argument -v '/var/run/docker.sock:/var/run/docker.sock' to expose the socket at the same location in the container.

Portainer: a Docker in Docker example

An example of exposing /var/run/docker.sock as a volume inside Docker is when using the Docker management UI, Portainer. You can start it like this:

docker run -d -p 9000:9000 --name portainer -v '/var/run/docker.sock:/var/run/docker.sock' portainer/portainer

Windows Docker commands
All of the commands in this article have been tested with the Windows command prompt.

When you access the UI at http://localhost:9000 it will ask you what Docker environment you want to manage. One of the options is to manage the local environment via the /var/run/docker.sock file:

With this configuration, Portainer then has access to the Windows Docker daemon, and can issue whatever commands it needs to. For example, below we can see a list of the running containers:

Running Docker in Docker as a root user

If you're running a Docker image that runs as the root user, then all that is required is to mount /var/run/docker.sock as a volume, as in the case with Portainer above.

To illustrate this more concisely, let's create a Docker image that extends the popular lightweight Alpine base image:

This Dockerfile simply installs the Docker CLI, which will later communicate with the Docker daemon running in our Docker for Windows setup. The Alpine base image by default uses the root user.

Build the image using docker build --tag docker-in-docker .:

This builds a Docker image called docker-in-docker. Now we can try running a Docker command in a container started from this image, with docker run --rm -v '/var/run/docker.sock:/var/run/docker.sock' docker-in-docker /bin/sh -c 'docker ps':

This output is showing all the containers that I have running in my installation of Docker for Windows. Everything's working as expected! ✅

Running Docker in Docker as a non-root user

We don't always want to run our container as root. There are many Docker images that setup an additional user, following the best practice of starting the container as a user that only has minimal permissions. An example of this is the Jenkins Docker image, which has the jenkins user.

Permission denied problems

To illustrate the problems that using a non-root user can cause when we want to run Docker in Docker, here's another Dockerfile example:

  • we're installing Docker on top of the Alpine Linux base image, as before
  • we're adding a user called tom with no password (the -D option)
  • the USER instruction means that when the image is run any commands should be run as tom

Let's build the image with docker build --tag docker-in-docker-non-root . similarly to the previous example.

Now run it with docker run --rm -v '/var/run/docker.sock:/var/run/docker.sock' docker-in-docker-non-root /bin/sh -c 'docker ps'

Unfortunately this time we get a permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock error:

It seems like we don't have permission to access /var/run/docker.sock. 🔒

Using --group-add to provide access to /var/run/docker.sock

The problem we have can be highlighted by running the same docker run command as before, but this time we'll run ls -l on /var/run/docker.sock:

Docker Installation On Windows 10 Home

We can see here that the file is owned by the root user and also the root group. It's no wonder then that we can't access it.

To fix this, we can use the --group-addDocker argument that allows us to run a Docker image with additional groups for the user.

–group-add: Add additional groups to run as

The root group has id 0, so to illustrate this working, let's use the --group-add 0 argument then run the groups command in the container to see which groups we belong to:

We can clearly see here that tom is now a member of both the tom and root groups.

Now let's try to run Docker in Docker with docker run --rm --group-add 0 -v '/var/run/docker.sock:/var/run/docker.sock' docker-in-docker-non-root /bin/sh -c 'docker ps'

Awesome! So we've got a way to run Docker in Docker as a non-root user too. ✅

Group id using WSL 2 – if you're running Docker Desktop with the WSL 2 engine enabled, the group id will be different to the one specified above. Generate the group id with this command docker run --rm -v /var/run/docker.sock:/var/run/docker.sock alpine stat -c %g /var/run/docker.sock

Running Docker in Docker with Jenkins

When building images using a continuous integration server, such as Jenkins, we'll need to run Docker in Docker in order to use the Docker daemon of the host. A Jenkins Docker container starts with the jenkins user, so let's try the techniques learnt in this article by:

  • installing the Docker CLI in Jenkins
  • mounting a volume to allow access to the Docker socket
  • adding the root group to the Jenkins user

To install the Docker CLI we'll use this Dockerfile:

  • we have to temporarily switch to the root user to install Docker
  • we run a Docker install script
  • we switch back to the Jenkins user

Build this image with docker build --tag docker-in-docker-jenkins ..

Start Jenkins with docker run --rm --group-add 0 -v '/var/run/docker.sock:/var/run/docker.sock' -p 8080:8080 --name jenkins docker-in-docker-jenkins:

Now let's issue a Docker command to Jenkins using docker exec jenkins docker ps:

All good. So now we can create Jenkins jobs to build or run Docker images!

Security considerations

How secure is using --group-add 0?

Short answer, not very. Essentially we're adding the user to the root group which means that any files owned by the root group may be read/write/executable by the user. It's not as bad as running the container as the root user, but it's probably not far off.

Unfortunately, when running containers such as Jenkins there's no better alternative that I've found so far in Docker for Windows. Fortunately, most people running Docker containers in Windows are doing so for for development, rather than production purposes.

Also bear in mind that any risk of container breakout, where the container gets full access to the host machine, is mitigated by the fact that the Docker daemon in Docker for Windows is running inside a virtual machine.

Final thoughts

Since this article was published, the Windows Subsystem for Linux (WSL) 2 has been released, which enables Linux containers to be run natively without emulation. Docker Desktop has an option to use the WSL 2 based engine, which can be turned on through this setting:

Once this option has gained mainstream use this article will be fully updated to reflect it. For now, please see the section above about generating the group id when using Docker Desktop with WSL 2.

Resources

DOCKER
Read the official docs about Docker Desktop for WSL 2
For more info on Dockerfile instructions, check out these docs

VIDEO
If you prefer to learn in video format then check out the accompanying video below. It's part of the Tom Gregory Tech YouTube channel.

Running Docker in Docker on Windows (Linux containers)

Related Posts





broken image