Docker Community Forums

Share and learn in the Docker community.

How can I launch a container that can control docker - from Windows

I am looking for information on how to launch a Docker container than can then turn around and call Docker to build other containers or launch other containers. This in and of itself is not new, recipes exist to do this from within a Linux system that hosts docker … like this …

docker run -it --name builder1 --privileged=true -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker alpine ash (or something like this)

The problem is when you are not running a linux system, how can you then achieve the same thing from Windows?

If its not possible from windows, can I achieve this by connecting directly to docker on windows by the hyper-v kernel, and then launching the container from there? If so, how does this affect the file system? Will space for launched child containers be allocated on the Windows file system or on the native alpine file system?

Any comments or suggestions are much appreciated!

Yeah, there’s a couple of steps though and it’s not very elegant nor secure:

  1. Change the Windows Daemon config to listen on a public interface
    • net stop docker
    • dockerd.exe --unregister-service
    • dockerd.exe -H npipe:////./pipe/docker_engine -H --register-service
    • net start docker
  2. Now when starting containers, the Docker API will be available on the default gateway ip (you can find it with ipconfig) of the container, on port 2375.

This is something that we’d like to improve.

Will this play nicely with Docker On Windows (ie: Docker running Windows Containers?). I dont know enough about that would work and am waiting for it to mature some before playing with it. Would the above interfere, or - will a Windows machine run both or is it one or the other?

  • And - thank you very much for the info so far!

  • BTW - I will be changing my daemon to listen on an interface which will be assigned to an internal only switch on HyperV. If I can get it to work this will mitigate the security some.