I have a project that consists of dozens of dozens of containers per host. Until now, I have been using SSH/Ansible to spawn containers on my VMs on bootstrap, but now I would like a daemon to run on each host to start containers only when needed.
For better dependency management, I'd be glad if I could have my daemon run itself in a privileged container (security is not a problem), communicating with the host Docker daemon to run new containers (see the following schema). Is that possible in a non-hacky way, or does Docker completely forbid containers interacting with their underlying Docker daemon?
If this is not possible, can you tell me about your preferred way to programmatically launch docker containers? Thanks in advance :)
I haven't used privileged containers much, but I think what you are proposing would work. However, another popular solution is mounting the docker socket to the container. That will achieve what you are trying to do.
docker run -v /var/run/docker.sock:/var/run/docker.sock <image> <cmd>It's not recommended as you can see from the magnitude of recommendations against it in this simple google search. But since you don't worry about security you might be fine.