Estimated reading time: 10 minutes
FEATURE STATE: Kubernetes v1.4 beta AppArmor is a Linux kernel security module that supplements the standard Linux user and group based permissions to confine programs to a limited set of resources. AppArmor can be configured for any application to reduce its potential attack surface and provide greater in-depth defense. It is configured through profiles tuned to allow the access needed by a. FEATURE STATE: Kubernetes v1.11 stable crictl is a command-line interface for CRI-compatible container runtimes. You can use it to inspect and debug container runtimes and applications on a Kubernetes node. Crictl and its source are hosted in the cri-tools repository.
To get started with Docker Engine on Ubuntu, make sure youmeet the prerequisites, theninstall Docker.
Prerequisites
OS requirements
To install Docker Engine, you need the 64-bit version of one of these Ubuntuversions:
- Ubuntu Groovy 20.10
- Ubuntu Focal 20.04 (LTS)
- Ubuntu Bionic 18.04 (LTS)
- Ubuntu Xenial 16.04 (LTS)
Docker Engine is supported on x86_64
(or amd64
), armhf
, and arm64
architectures.
Uninstall old versions
Older versions of Docker were called docker
, docker.io
, or docker-engine
.If these are installed, uninstall them:
It’s OK if apt-get
reports that none of these packages are installed.
The contents of /var/lib/docker/
, including images, containers, volumes, andnetworks, are preserved. If you do not need to save your existing data, and want tostart with a clean installation, refer to the uninstall Docker Enginesection at the bottom of this page.
Supported storage drivers
Docker Engine on Ubuntu supports overlay2
, aufs
and btrfs
storage drivers.
Docker Engine uses the overlay2
storage driver by default. If you need to useaufs
instead, you need to configure it manually.See use the AUFS storage driver
Installation methods
You can install Docker Engine in different ways, depending on your needs:
Most usersset up Docker’s repositories and installfrom them, for ease of installation and upgrade tasks. This is therecommended approach.
Some users download the DEB package andinstall it manually and manageupgrades completely manually. This is useful in situations such as installingDocker on air-gapped systems with no access to the internet.
In testing and development environments, some users choose to use automatedconvenience scripts to install Docker.
Install using the repository
Before you install Docker Engine for the first time on a new host machine, you needto set up the Docker repository. Afterward, you can install and update Dockerfrom the repository.
Set up the repository
Update the
apt
package index and install packages to allowapt
to use arepository over HTTPS:Add Docker’s official GPG key:
Use the following command to set up the stable repository. To add thenightly or test repository, add the word
nightly
ortest
(or both)after the wordstable
in the commands below. Learn about nightly and test channels.Note: The
lsb_release -cs
sub-command below returns the name of yourUbuntu distribution, such asxenial
. Sometimes, in a distributionlike Linux Mint, you might need to change$(lsb_release -cs)
to your parent Ubuntu distribution. For example, if you are usingLinux Mint Tessa
, you could usebionic
. Docker does not offer any guarantees on untestedand unsupported Ubuntu distributions.
Install Docker Engine
Update the
apt
package index, and install the latest version of DockerEngine and containerd, or go to the next step to install a specific version:Got multiple Docker repositories?
If you have multiple Docker repositories enabled, installingor updating without specifying a version in the
apt-get install
orapt-get update
command always installs the highest possible version,which may not be appropriate for your stability needs.To install a specific version of Docker Engine, list the available versionsin the repo, then select and install:
a. List the versions available in your repo:
b. Install a specific version using the version string from the second column, for example,
5:18.09.1~3-0~ubuntu-xenial
.Verify that Docker Engine is installed correctly by running the
hello-world
image.This command downloads a test image and runs it in a container. When thecontainer runs, it prints an informational message and exits.
Docker Engine is installed and running. The docker
group is created but no usersare added to it. You need to use sudo
to run Docker commands.Continue to Linux postinstall to allow non-privilegedusers to run Docker commands and for other optional configuration steps.
Upgrade Docker Engine
To upgrade Docker Engine, first run sudo apt-get update
, then follow theinstallation instructions, choosing the newversion you want to install.
Install from a package
If you cannot use Docker’s repository to install Docker Engine, you can download the.deb
file for your release and install it manually. You need to downloada new file each time you want to upgrade Docker.
Go to
https://download.docker.com/linux/ubuntu/dists/
,choose your Ubuntu version, then browse topool/stable/
, chooseamd64
,armhf
, orarm64
, and download the.deb
file for the Docker Engineversion you want to install.Note: To install a nightly or test (pre-release) package,change the word
stable
in the above URL tonightly
ortest
.Learn about nightly and test channels.Install Docker Engine, changing the path below to the path where you downloadedthe Docker package.
The Docker daemon starts automatically.
Verify that Docker Engine is installed correctly by running the
hello-world
image.This command downloads a test image and runs it in a container. When thecontainer runs, it prints an informational message and exits.
Docker Engine is installed and running. The docker
group is created but no usersare added to it. You need to use sudo
to run Docker commands.Continue to Post-installation steps for Linux to allownon-privileged users to run Docker commands and for other optional configurationsteps.
Upgrade Docker Engine
To upgrade Docker Engine, download the newer package file and repeat theinstallation procedure, pointing to the new file.
Install using the convenience script
Docker provides convenience scripts at get.docker.comand test.docker.com for installing edge andtesting versions of Docker Engine - Community into development environments quickly andnon-interactively. The source code for the scripts is in thedocker-install
repository.Using these scripts is not recommended for productionenvironments, and you should understand the potential risks before you usethem:
- The scripts require
root
orsudo
privileges to run. Therefore,you should carefully examine and audit the scripts before running them. - The scripts attempt to detect your Linux distribution and version andconfigure your package management system for you. In addition, the scripts donot allow you to customize any installation parameters. This may lead to anunsupported configuration, either from Docker’s point of view or from your ownorganization’s guidelines and standards.
- The scripts install all dependencies and recommendations of the packagemanager without asking for confirmation. This may install a large number ofpackages, depending on the current configuration of your host machine.
- The script does not provide options to specify which version of Docker to install,and installs the latest version that is released in the “edge” channel.
- Do not use the convenience script if Docker has already been installed on thehost machine using another mechanism.
This example uses the script at get.docker.com toinstall the latest release of Docker Engine - Community on Linux. To install the latesttesting version, use test.docker.com instead. Ineach of the commands below, replace each occurrence of get
with test
.
Warning:
Always examine scripts downloaded from the internet beforerunning them locally.
If you would like to use Docker as a non-root user, you should now consideradding your user to the “docker” group with something like:
Remember to log out and back in for this to take effect!
Container Tutorial Aws
Warning:
Adding a user to the “docker” group grants them the ability to run containerswhich can be used to obtain root privileges on the Docker host. Refer toDocker Daemon Attack Surfacefor more information.
Docker Engine - Community is installed. It starts automatically on DEB
-based distributions. OnRPM
-based distributions, you need to start it manually using the appropriatesystemctl
or service
command. As the message indicates, non-root users can’trun Docker commands by default.
C++ Containers Tutorial
Note:
To install Docker without root privileges, seeRun the Docker daemon as a non-root user (Rootless mode).
Upgrade Docker after using the convenience script
If you installed Docker using the convenience script, you should upgrade Dockerusing your package manager directly. There is no advantage to re-running theconvenience script, and it can cause issues if it attempts to re-addrepositories which have already been added to the host machine.
Uninstall Docker Engine
Uninstall the Docker Engine, CLI, and Containerd packages:
Images, containers, volumes, or customized configuration files on your hostare not automatically removed. To delete all images, containers, andvolumes:
Containers Tutorial
You must delete any edited configuration files manually.
Next steps
- Continue to Post-installation steps for Linux.
- Review the topics in Develop with Docker to learn how to build new applications using Docker.