Remote Docker daemons

The docker command line is the Docker client. The Docker daemon, responsible for building images and running the containers, may be on the same server or may be remote.

Rationale

Use cases for a remote docker daemon running your containers include:

  • Offloading heavy work onto other servers.
  • Leveraging resources available on another machine (like GPUs).

Furthermore, the Docker daemon runs with high privileges, and on some setups it may be moved to another server rather than kept locally.

Setup

See details about Setting up (Docker).

With a registry

You do not need a specific setup if all of the following conditions are met:

  • You are using an image registry.
  • On the DSS server, you have a local Docker daemon that can push to that registry.
  • The remote Docker daemon can pull from that registry.

Then the local Docker daemon can build the images, and the remote daemon can use those images to run the containers.

../_images/remote-daemon-with-registry.svg

Without a registry

Otherwise, the remote Docker daemon has to build the images.

../_images/remote-daemon-without-registry.svg

You still need the local docker command (Docker client) to be fully functional and usable by the user running DSS. You then need to specify the Docker daemon host before building the base image:

export DOCKER_HOST=host_of_my_remote_daemon

If you are using TLS to securely connect to the remote daemon, then you will also need the corresponding environment variables:

export DOCKER_TLS_VERIFY=1
export DOCKER_CERT_PATH=/path/to/docker/cert/directory/

DOCKER_CERT_PATH is the path to a folder that contains the client certificates: ca.pem, cert.pem, and key.pem. It can be omitted if it is the default ~/.docker/. For more information about Docker and TLS, refer to the Docker documentation.

You can now build the base image as described in Setting up (Docker).

Thereafter, you need to specify the same settings in the containerized execution configurations:

  • The Docker host
  • If using TLS authentication, check “Enable TLS”, and provide the path to the directory with the certificates.

If necessary, rebuild images for code environments. For details, see Using code envs with containerized execution.

Usage

By selecting the corresponding containerized execution configuration, you are now ready to deploy your workload on remote Docker containers.

Note

If you have several remote Docker daemons, you would have to create multiple containerized execution configurations, and to manually dispatch execution among those configurations. DSS does not automatically dispatch among multiple configurations.