DinD as service in docker compose without TLS not working

Question

I have created this simple docker-compose.yml where there are two services. One is the main service (ubuntu) which I want to execute docker commands isolated from docker host. The other one is the docker dind service without TLS, which should act as docker daemon for the Ubuntu container.

docker-compose.yml

version: '3.9'
services:
  dind:
    image: docker:dind
    container_name: dind
    privileged: true
    restart: unless-stopped

  ubuntu:
    build: .
    container_name: ubuntu
    privileged: true
    stdin_open: true
    tty: true
    environment:
      DOCKER_HOST: tcp://dind:2375
    depends_on:
      - dind

This is also the Dockerfile needed to build ubuntu service:

Dockerfile

FROM ubuntu:focal

ARG DEBIAN_FRONTEND=noninteractive

# Configure APT
RUN apt-get update \
    && apt-get -y install \
    apt-utils \
    dialog \
    fakeroot \
    software-properties-common

RUN apt-get update && apt-get -y install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release \
    && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
    &&  echo \
    "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
    $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
    && apt-get update && apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin

I'm trying to use docker-compose up and the exec docker ps into the container. But it cannot connect to the docker daemon running on dind service:

eduardo@pc:~$ docker-compose up -d
dind is up-to-date
ubuntu is up-to-date
eduardo@pc:~$ docker exec -it ubuntu docker ps
Cannot connect to the Docker daemon at tcp://dind:2375. Is the docker daemon running?

What I don't understand is why it doesn't detect the daemon running in dind from the Ubuntu container.

Is there any solution to this problem? If there is no request without TLS, it can also be done with TLS, I don't care.

Edit: I checked if DinD container is running at the time I execute docker ps in ubuntu container and yes is running.

eduardo@pc:~$ docker ps
CONTAINER ID   IMAGE                           COMMAND                  CREATED              STATUS              PORTS           NAMES
fdc141223f33   docker:dind                     "dockerd-entrypoint.…"   About a minute ago   Up About a minute   2375-2376/tcp   dind
bb68d3298522   docker-compose-example_ubuntu   "bash"                   3 minutes ago        Up 3 minutes                        ubuntu

Answer 1

Here is a working example with more recent versions (it does use TLS):

version: '3'
services:

  docker:
    image: docker:20.10.17-dind-alpine3.16
    privileged: yes
    volumes:
      - certs:/certs

  docker-client:
    image: docker:20.10.17-cli
    command: sh -c 'while [ 1 ]; do sleep 1; done'
    environment:
      DOCKER_HOST: tcp://docker:2376
      DOCKER_TLS_VERIFY: 1
      DOCKER_CERT_PATH: /certs/client
    volumes:
      - certs:/certs

volumes:
  certs:

Answer 2

It seems that using docker:18.09-dind as base image instead of docker:dind works:

version: '3.9'
services:
  dind:
    image: docker:18.09-dind
    container_name: dind
    privileged: true
    restart: unless-stopped

  ubuntu:
    build: .
    container_name: ubuntu
    privileged: true
    stdin_open: true
    tty: true
    environment:
      DOCKER_HOST: tcp://dind:2375
    depends_on:
      - dind

Output:

eduardo@pc:~$ docker-compose up -d
dind is up-to-date
ubuntu is up-to-date
eduardo@pc:~$ docker exec -it ubuntu docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES