Why?
I'm trying to create a general purpose solution for running docker-compose on Heroku. I want to make a one click deployment solution through the use of Heroku Button deployment. This way, a user does not need any knowledge of git, Heroku cli and docker.
The problem.
Docker and the docker daemon are only available when I set the stack
to container
. There are buildpacks that give you docker and docker-compose CLI but without the docker daemon you cannot run the docker image. So buildpacks won't work.
With the stack
set to container
I can use the file heroku.yml
(article). In there I define my processes. (It replaces Procfile
. If I still add a Procfile
to my project it will do nothing.)
I can also define a Dockerfile
there to build my docker image.
When I however run the docker image the following error pops up:
2019-02-28T15:32:48.462101+00:00 app[worker.1]: Couldn't connect to Docker daemon at http+docker://localhost - is it running?
2019-02-28T15:32:48.462119+00:00 app[worker.1]:
2019-02-28T15:32:48.462122+00:00 app[worker.1]: If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
The problem is inside the Docker container the Docker daemon is not running. The solution to this is to mount it:docker run -v /var/run/docker.sock:/var/run/docker.sock ...
And since you cannot use Procfile
I cannot run that command. (See above heroku.yml
replaces Procfile
.) And if I was using a buildpack I could use Procfile
but the docker daemon wouldn't be running.....
I tried defining a VOLUME
within the Dockerfile
and the problem persists. Furthermore a heroku article says "Volume mounting is not supported. The filesystem of the dyno is ephemeral."
On Heroku it is possible to run a docker image. What I am struggling at is running a docker in docker image.
Running a docker in docker image works fine on my VPS by mounting /var/run/docker.sock
but this cannot(?) be done on Heroku.
Last words: I'm trying to make this work so that other people can easily deploy software solution even though they are not comfortable with git, heroku cli and docker.
I would recommend using Heroku with Docker to future-proof your web application so you don't have to perform the switch as I did.
Docker Compose is a tool for defining and running a multi-container Docker application. In this article you'll learn why Docker Compose is great for local development, how you can push your Docker images to Heroku for deployment, and Compose tips and tricks.
Heroku runs on dynos which they describe as “a lightweight container running a single super-specified command”. In essence, Heroku abstracts the container away from the user and puts a sandbox up around what it can do. Docker is an opensource container standard that can run just about anywhere.
Unfortunately the answer to your question is: not yet.
For securiy reasons Heroku does not provide to the users the ability to run priviledged containers because the container could access to host capabilities.
The documentation is pretty clear about your limitations, e.g: No --priviledged
container and no root
user either, no VOLUMES
and disk is ephemeral.
After playing with DinD images for your concern, I came to the conclusion that trying to run Docker inside a Heroku container is not the right choice and design. I am pretty sure what you are trying to achieve is close to what Heroku is offering to the users. Offering a platform or an application where non-developper can push and deploy applications with just a button can be very interesting in various ways. And it can be done with an application using their Platform API. In this situation a Web application (running on Heroku) may not (up to my knowledge) be able to do what you want. Instead you need to embed in a Desktop application: git, docker, and your app for parsing, verifying, building and pushing your applications/components to Heroku's container registry.
In the end, if you still think what you need a DinD solution, well, your primary solution to use a VPS is the only solution for the moment. But be aware that it may open security vulnerabilities to your system and you may arrive to offer something similar to Heroku's offer when trying to limit those security doors.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With