Installing Docker

install
Figure 38 : install

Objectives

At the end of this lesson, you will know:

  • How to install Docker.

  • When to use sudo when running Docker commands.

Note: if you were provided with a training VM for a hands-on tutorial, you can skip this chapter, since that VM already has Docker installed, and Docker has already been setup to run without sudo.

Installing Docker

There are many ways to install Docker.

We can arbitrarily distinguish:

  • Installing Docker on an existing Linux machine (physical or VM)

  • Installing Docker on macOS or Windows

  • Installing Docker on a fleet of cloud VMs

Installing Docker on Linux

Docker Inc. packages vs distribution packages

  • Docker Inc. releases new versions monthly (edge) and quarterly (stable)

  • Releases are immediately available on Docker Inc.'s package repositories

  • Linux distros don't always update to the latest Docker version

    (Sometimes, updating would break their guidelines for major/minor upgrades)

  • Sometimes, some distros have carried packages with custom patches

  • Sometimes, these patches added critical security bugs ☹

  • Installing through Docker Inc.'s repositories is a bit of extra work …

    … but it is generally worth it!

Installing Docker on macOS and Windows

Docker for Mac and Docker for Windows

  • Special Docker Editions that integrate well with their respective host OS

  • Provide user-friendly GUI to edit Docker configuration and settings

  • Leverage the host OS virtualization subsystem (e.g. the Hypervisor API on macOS)

  • Installed like normal user applications on the host

  • Under the hood, they both run a tiny VM (transparent to our daily use)

  • Access network resources like normal applications
    (and therefore, play better with enterprise VPNs and firewalls)

  • Support filesystem sharing through volumes (we'll talk about this later)

  • They only support running one Docker VM at a time ...
    ... but we can use docker-machine, the Docker Toolbox, VirtualBox, etc. to get a cluster.

Running Docker on macOS and Windows

When you execute docker version from the terminal:

  • the CLI connects to the Docker Engine over a standard socket,
  • the Docker Engine is, in fact, running in a VM,
  • ... but the CLI doesn't know or care about that,
  • the CLI sends a request using the REST API,
  • the Docker Engine in the VM processes the request,
  • the CLI gets the response and displays it to you.

All communication with the Docker Engine happens over the API.

This will also allow to use remote Engines exactly as if they were local.

Important PSA about security

  • If you have access to the Docker control socket, you can take over the machine

    (Because you can run containers that will access the machine's resources)

  • Therefore, on Linux machines, the docker user is equivalent to root

  • You should restrict access to it like you would protect root

  • By default, the Docker control socket belongs to the docker group

  • You can add trusted users to the docker group

  • Otherwise, you will have to prefix every docker command with sudo, e.g.:

    sudo docker version

Ubuntu Installation

#!/bin/bash
echo "Please install sudo in root session"
echo "and add the user in the sudo group"
echo "apt -y install sudo ; gpasswd -a userlab sudo"
sudo apt-get update
sudo apt-get -y install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
sudo apt-get update
sudo apt-get -y install \
    docker-ce \
    docker-ce-cli \
    containerd.io
sudo usermod -aG docker $USER