-
Notifications
You must be signed in to change notification settings - Fork 6.3k
Connect coder in docker to local docker sock #6587
-
I've searched and I'm coming up empty. I am running Ubuntu with a fully functioning docker instance locally aka not in docker. Bare metal server. I spun up coder with a bland docker compose, just the basics, and I cannot get it to connect to the local docker sock. Tried adding the sock in as a volume, made sure user permissions were correct aka 1000. Docker is set up for permissions with the docker group.
Any ideas? My end goal is to be able to use coder to connect to my local server's docker to dev and also check on currently running containers.
Thanks!
services:
code-server:
stdin_open: true
tty: true
container_name: code-server
networks:
- utilities
ports:
- 127.0.0.1:8080:8080
volumes:
- $HOME/.local:/home/coder/.local
- $HOME/.config:/home/coder/.config
- $PWD:/home/coder/project
user: 1000:1000
environment:
- DOCKER_USER=$USER
image: codercom/code-server:latest
networks:
utilities:
external: true
Beta Was this translation helpful? Give feedback.
All reactions
code-server:
image: lscr.io/linuxserver/code-server:latest
restart: unless-stopped
container_name: code-server
networks:
- utilities
environment:
PUID: "1000"
PGID: "1000"
TZ: "America/Chicago"
SUDO_PASSWORD: "password"
DEFAULT_WORKSPACE: "/config/workspace"
DOCKER_MODS: "linuxserver/mods:universal-docker"
volumes:
- /filepath/Coder/:/config
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 8080:8080
labels:
- "traefik.enable=true"
- 'traefik.http.routers.code.rule=Host(`yourdoman.com`)'
- "traefik.http.routers.code.entrypoints=websecure"
- "traefik.http.routers.cod...Replies: 4 comments 5 replies
-
If I understand correctly, you want code-server inside the Docker container to be able to manage containers on the host?
I think you would need to mount the Docker socket into the container. Maybe something like /var/run/docker.sock:/var/run/docker.sock? I have not tried it though.
Beta Was this translation helpful? Give feedback.
All reactions
-
Ah actually I missed the part where you said you already tried mounting the socket. Could you post the compose file you were using to do that? I could run it and see if I get the same problem.
Beta Was this translation helpful? Give feedback.
All reactions
-
I figured it out, in order for it to know what to do with the sock, you still have to install docker-cli in code-server. Now the only tricky part left is figuring out how to map the volumes. What I am doing is setting up my local baremetal server as a virtual coding environment. Now I can see my local docker sock, start, stop, rebuild, edit yaml, etc and I didn't have to use SSH or any other dumb crutch.
Code-Server > Traefik > external biometric authentication > chrome browser
Beta Was this translation helpful? Give feedback.
All reactions
-
Ahh that makes sense! Glad you figured that out.
Beta Was this translation helpful? Give feedback.
All reactions
-
code-server:
image: lscr.io/linuxserver/code-server:latest
restart: unless-stopped
container_name: code-server
networks:
- utilities
environment:
PUID: "1000"
PGID: "1000"
TZ: "America/Chicago"
SUDO_PASSWORD: "password"
DEFAULT_WORKSPACE: "/config/workspace"
DOCKER_MODS: "linuxserver/mods:universal-docker"
volumes:
- /filepath/Coder/:/config
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 8080:8080
labels:
- "traefik.enable=true"
- 'traefik.http.routers.code.rule=Host(`yourdoman.com`)'
- "traefik.http.routers.code.entrypoints=websecure"
- "traefik.http.routers.code.tls.certresolver=letsencrypt"
You could also install the version here directly, and then install the docker-cli as well, same end result as the docker mod at linuxserver is literally just installing docker in the dockerfile. The important part is adding the docker.sock as a volume and installing docker-cli inside code-server.
Beta Was this translation helpful? Give feedback.
All reactions
-
❤️ 1
-
just to add to this question, how would I connect to docker on another server as well as where code-server is running?
I already have docker-socket-proxy running on this other server.
Beta Was this translation helpful? Give feedback.
All reactions
-
I am still running this setup and it works very well, set up a completely different test server as well. Basically if you want it to work on coder you MUST set the volumes as binded direct volumes, so /mnt/Docker : /mnt/Docker for example. I would expect you could do the same thing with another docker socket, you just need to expose it inside the container as if coder is not in a container if that makes sense lol
Just because I like to keep everything completely separate though, what I did was create another coder instance mapped to my test server, both are up using traefik so I have my regular coder and my test coder both running and active at the same time, code.blah.com and test code.blah.com for example
Beta Was this translation helpful? Give feedback.
All reactions
-
👍 1
-
I'd like to add a related question. I want to implement DinD (Docker in Docker) functionality similar to GitHub Codespaces:
- Each GitHub account can have multiple Codespaces
- Inside each Codespace's container, Docker can still be run
- Containers between different Codespaces under the same account are isolated from each other
- Codespaces from different accounts remain isolated from each other
- Administrators can see all Docker containers, and can manage them regardless of their hierarchy or depth
like the art:
┌──────────────────────────────────────────────────────────────────────────┐
│ ┌────────────────────┐ │
│ │ │ Bare metal server │
│ │ Grafana Docker │ │
│ │ │ │
│ └────────────────────┘ ┌────────────────────┐ ┌────────────────────┐ │
│ │ Coder Docker │ │ │ │
│ ┌────────────────────┐ │ ◄─┼──┼► real docker.sock │ │
│ │ │ │ docker.sock │ │ │ │
│ │ Redis Docker │ │ │ └────────────────────┘ │
│ │ │ │ ▲さんかく │ │
│ └────────────────────┘ └───────────┼────────┘ │
│ │ │
│ ┌─────────────────────────────────────┼────────────────────────────────┐ │
│ │ │ │ │
│ │ ┌───────────────────────────────────┼───────┐ │ │
│ │ │ admin/test1 workspace │ │ │ │
│ │ │ ▼ │ │ │
│ │ │ Docker Container │ │ │
│ │ │ │ │ │
│ │ │ │ ┌───────────────┐ │ │
│ │ │ I want to run a docker-compose.yml ────┼──────┼► pgsql Docker │ │ │
│ │ │ │ └───────────────┘ │ │
│ │ └───────────────────────────────────────────┘ │ │
│ │ │ │
│ │ │ │
│ │ We need isolation here. │ │
│ │ │ │
│ │ The host container cannot be seen and manipulated. │ │
│ └──────────────────────────────────────────────────────────────────────┘ │
│ │
└──────────────────────────────────────────────────────────────────────────┘
Beta Was this translation helpful? Give feedback.
All reactions
-
Based on the chart, it looks like you might be running Coder? You may want to post this over at https://github.com/coder/coder.
But, I believe this is the related documentation: https://coder.com/docs/admin/templates/extending-templates/docker-in-workspaces. We do it with sysbox-runc in our own deployment.
I am not sure about your last bullet though, where admins can see list and manage even the nested Docker containers.
Beta Was this translation helpful? Give feedback.
All reactions
-
👍 1