Understanding the difference between "image=docker:stable + service=docker-dnd" and "image=docker:stable-dnd"

Good day Docker experts!

I’m relatively new to the game here, so please forgive me potentially silly question. I am currently working on building docker images inside of docker. using GitLab CI.

There are a myriad of example ways to accomplish this, and many recommendations include the necessity of running “docker-in-docker”.

(CAVEAT: due to this being my first post, I am limited to 2 links, so my usual external refs will be reduced, i’ll try to add a subsequent comment to my own topic w/ additional refs)

Now to my question, I’ve seen a few ways (and a few combinations of this).

  1. “image=docker:stable + service=docker-dnd”
  2. “image=docker:stable-dnd”
  3. “image=docker:stable-dnd + service=docker-dnd”

For the first, it looks roughly like this:

image: docker:stable
  - docker:dind

For the second, it looks roughly like this:

image: docker:stable-dind

Now there’s a third possibility of doing both:

image: docker:stable-dind
- docker:dind

These definitely are official docker images, https://github.com/docker-library/docker
, and there are some clear differentiation to be gleaned in the code.

As per https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#what-is-a-service, we claim that a service is:

The services keyword defines just another Docker image that is run during your job and is linked to the Docker image that the image keyword defines. This allows you to access the service image during build time.

Therefore I am inclined to believe that option #3 is non-sense (or at least redundant). But still I’m uncertain which is the preferred way for #1 vs. #2.

Any insight / comments are greatly appreciated! Thanks.

The first example comes from (as per the official example: https://gitlab.com/gitlab-examples/docker/blob/master/.gitlab-ci.yml)


I am seemingly not alone in this question, see: https://stackoverflow.com/questions/47280922/role-of-docker-in-docker-dind-service-in-gitlab-ci

Of relevance … its worth noting too that I need to figure out if DinD is actually needed for my user case.

this is touted as “usually all users need”
--docker-volumes /var/run/docker.sock:/var/run/docker.sock

Hi Matt,

Belated response …

I am not familiar with Gitlab-CI, but I recently wrote a blog describing Docker-in-Docker solutions (here), as well as Docker-in-Docker with Jenkins (here).

Hopefully those can give you some context that can help you resolve the questions you posted (if you haven’t already).

  • Cesar