Docker build in Docker build, possible?

General
,
1

Hi, I’m trying to do a PoC for running a gradle build in docker, which itself does a container build (using Paketo, but for simplicity my PoC uses docker)

So far I can start a DinD and connect to it from another container. In that container I can create a Dockerfile and run a docker build, without specifying any extra args/etc. When I try to do that with a Dockerfile running a “RUN docker build” it can’t resolve the “docker” host.

Here are some commands that might make more sense.

Start a DinD :

docker network create --driver bridge t-network
docker run --privileged --rm -d \
--network-alias docker --network t-network \
-e DOCKER_TLS_CERTDIR=/certs \
-v some-docker-certs-ca:/certs/ca \
-v some-docker-certs-client:/certs/client \
docker:dind

And I can connect to it with this :

docker run --rm  --network t-network \
-e DOCKER_HOST=tcp://docker:2376 \
-e DOCKER_TLS_VERIFY=1 \
-e DOCKER_CERT_PATH=/root/certs/client \
-v some-docker-certs-client:/root/certs/client:ro \
-it --entrypoint /bin/sh \
docker:latest

Then create a simple “FROM alpine” Dockerfile and “docker build .” and it works.

If I want to create that alpine image with a build I create a Dockerfile :

FROM docker
ARG DOCKER_HOST
ARG DOCKER_TLS_VERIFY
ARG DOCKER_CERT_PATH
WORKDIR /data
COPY certs /certs
COPY Dockerfile.nested Dockerfile
RUN docker build  -t "nested" .

And Dockerfile.nested :

FROM alpine

Then use this command :

docker run --rm  --network t-network \
-e DOCKER_HOST=tcp://docker:2376 \
-e DOCKER_TLS_VERIFY=1 \
-e DOCKER_CERT_PATH=/data/certs/client \
-v some-docker-certs-client:/data/certs/client:ro \
-v `pwd`:/data \
docker:latest build -t parent  --network t-network --build-arg DOCKER_HOST=tcp://docker:2376 \
--build-arg DOCKER_TLS_VERIFY=1 \
--build-arg DOCKER_CERT_PATH=/certs/client /data

And the nested build throws an error :

Step 8/8 : RUN docker build  -t "nested" .
 ---> Running in 68c03f2a7bdc
error during connect: Post "https://docker:2376/v1.24/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&shmsize=0&t=nested&target=&ulimits=null&version=1": dial tcp: lookup docker on 8.8.8.8:53: no such host

If I add the “–network t-network” near the end of the command so the build uses the t-network, I get an error the network isn’t found. Which is create, in the context of the container it doesn’t. As you can tell because you can run /bin/sh in the container and do a “docker build” without needing to specify the network.

I can even run it with entryppoint /bin/sh and then run "/usr/local/bin/docker-entrypoint.sh build . " and it works.
So, WHY doesn’t it build when run from a build?