Using Docker in a Kasm Desktop¶
Developers may wish to run Docker inside a Kasm Desktop, allowing them to use the disposable container to run and develop Docker containers from their browser.
Choosing Rootless or Root Docker Images¶
There are two options for running Docker in Kasm.
Rootless¶
The recommended, more secure method is to use rootless Docker image: https://hub.docker.com/r/kasmweb/ubuntu-focal-dind-rootless or https://hub.docker.com/r/kasmweb/ubuntu-bionic-dind-rootless.
The Docker Daemon does not run as root, which mitigates the impact of using --privileged
.
However, the rootless container prevents users from exposing ports with a number lower than 1024 and is also limited to the vfs storage driver regardless of what the underlying host supports leading to some IO overhead and lower performance vs Root.
Root¶
Running the daemon as root in the Kasm image is insecure, and is only recommended for development deployments. However it removes some of the limitations of the rootless image. It can be found on dockerhub: https://hub.docker.com/r/kasmweb/ubuntu-focal-dind or https://hub.docker.com/r/kasmweb/ubuntu-bionic-dind
Important
Use of Docker inside of a Kasm Desktop requires the Desktop to be launched with “Privileged” permissions, running the daemon as root makes it trivial for a user to run commands as root on the host machine.
Image Configuration¶
Log into your Kasm Workspaces deployment as an administrator and navigate to Images and click “Add Image”
Configure the Image with the following settings:
Field |
Value |
---|---|
Docker Image |
|
Description |
Docker in a Kasm Desktop |
Friendly Name |
Docker |
Cores |
1 |
Memory |
1768 |
Enabled |
True |
Docker Registry |
|
Docker Run Config |
|
Once the image is created you can launch it by clicking on the “Docker” image in the workspaces page.