Docker CLI hides the details of using BuildKit
Control BuildKit usage from Docker CLI
export DOCKER_BUILDKIT=1
docker build .
The Docker daemon can use BuildKit by default
$ cat /etc/docker/daemon.json
{
"features": {
"buildkit": true
}
}
–
Docker-in-Docker requires a privileged container…
…which is a severe security concern
Run Docker-in-Docker with local port publishing:
docker run --name dockerd \
--detach \
--privileged \
--publish 127.0.0.1:2375:2375 \
docker:stable-dind \
dockerd \
--host tcp://0.0.0.0:2375
Run local Docker CLI against daemon container:
docker --host tcp://127.0.0.1:2375 build .
–
Docker-in-Docker requires a privileged container…
…which is a severe security concern
Run Docker-in-Docker with local port publishing:
docker run --name dockerd \
--detach \
--privileged \
--publish 127.0.0.1:2375:2375 \
docker:stable-dind \
dockerd \
--host tcp://0.0.0.0:2375
Run containerized Docker CLI against daemon container:
docker run --interactive --tty \
--network container:dockerd \
--volume $PWD:/src \
--workdir /src \
docker:stable \
docker --host tcp://127.0.0.1:2375 build .