I am trying to run a multi-process container which has docker daemon and jupyter lab running as process inside it. For this, I am using s6-overlay to run jupyterlab as a service and specifying the dockerd-entrypoint.sh as the executable command. My dockerfile looks like this:
FROM docker:dind-rootless
RUN apk add --no-cache python3-dev py3-pip coreutils
ARG CONDA_VERSION="py39_4.12.0"
ARG CONDA_SHA256="78f39f9bae971ec1ae7969f0516017f2413f17796670f7040725dd83fcff5689"
ARG CONDA_DIR="/opt/conda"
ENV PATH="$CONDA_DIR/bin:$PATH"
ENV PYTHONDONTWRITEBYTECODE=1
# Install conda
RUN echo "**** install dev packages ****" && \
apk add --no-cache --virtual .build-dependencies bash ca-certificates wget && \
\
echo "**** get Miniconda ****" && \
mkdir -p "$CONDA_DIR" && \
wget "http://repo.continuum.io/miniconda/Miniconda3-${CONDA_VERSION}-Linux-x86_64.sh" -O miniconda.sh && \
echo "$CONDA_SHA256 miniconda.sh" | sha256sum -c && \
\
echo "**** install Miniconda ****" && \
bash miniconda.sh -f -b -p "$CONDA_DIR" && \
echo "export PATH=$CONDA_DIR/bin:\$PATH" > /etc/profile.d/conda.sh && \
\
echo "**** setup Miniconda ****" && \
conda update --all --yes && \
conda config --set auto_update_conda False && \
\
echo "**** cleanup ****" && \
apk del --purge .build-dependencies && \
rm -f miniconda.sh && \
conda clean --all --force-pkgs-dirs --yes && \
find "$CONDA_DIR" -follow -type f \( -iname '*.a' -o -iname '*.pyc' -o -iname '*.js.map' \) -delete && \
\
echo "**** finalize ****" && \
mkdir -p "$CONDA_DIR/locks" && \
chmod 777 "$CONDA_DIR/locks"
RUN conda install -c conda-forge jupyterlab -y
ARG S6_OVERLAY_VERSION=3.1.4.1
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
RUN mkdir -p /etc/services.d/jupyter
COPY jupyter.sh /etc/services.d/jupyter/run
ENTRYPOINT ["/init"]
CMD /usr/local/bin/dockerd-entrypoint.sh
I also added entries in the subuid ad subgid files following the advice from this page
However, when I try to run the container with a UID, I get the following error:
Device "ip_tables" does not exist.
modprobe: can't change directory to '/lib/modules': No such file or directory
/usr/local/bin/dockerd-entrypoint.sh: line 169: HOME: parameter not set
Can someone please point out what I did wrong?
UPDATE:
I am also unable to run the dind-rootless image with a user id.
I tried running
docker run --privileged --name dind -u <UID>:<GID> docker:dind-rootless
and I got the following error:
Device "ip_tables" does not exist.
modprobe: can't change directory to '/lib/modules': No such file or directory
error: attempting to run rootless dockerd but missing necessary entries in /etc/subuid and/or /etc/subgid for 1019
I then added entries to the subuid and subgid files following instructions here Again tried to run as a user and got the following error:
docker run --privileged --name dind -u 1019:1015
Device "ip_tables" does not exist.
modprobe: can't change directory to '/lib/modules': No such file or directory
[rootlesskit:parent] error: failed to setup UID/GID map: newuidmap 66 [0 1019 1 1 66781184 65536 65537 66781184 65536] failed: newuidmap: Target process 66 is owned by a different user: uid:1019 pw_uid:1019 st_uid:1019, gid:1015 pw_gid:1019 st_gid:1015
