Using a Remote Docker Service Without Adding the -H Parameter

In Kubernetes clusters, using the node's local Docker daemon can quickly fill disk space with abandoned images and expose the cluster to risky operations; therefore, separating Docker services by using a remote Docker daemon is recommended.

The article shows how to make Docker automatically connect to a remote daemon without requiring users to add the -H flag each time, by adjusting the Docker systemd unit.

First, edit /lib/systemd/system/docker.service and replace the ExecStart line with: ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock -H tcp://0.0.0.0:2375 Then reload the daemon and restart Docker: systemctl daemon-reload service docker restart

Next, build a base image (e.g., CentOS or Ubuntu) that already has Docker installed, or create one via a Dockerfile. Inside a container created from this image, add three helper files to /usr/bin :

/usr/bin/docker-client – a wrapper that appends -H 192.168.0.58 (the remote Docker IP) to every Docker command.

/usr/bin/docker-entrypoint.sh – a script that rewrites Docker sub‑commands so they are executed against the remote daemon transparently.

The original Docker client binary.

Example of the docker-client wrapper: /usr/bin/docker-client -H 192.168.0.58 $@

Example of docker-entrypoint.sh (truncated for brevity): #!/bin/sh set -e if [ "${1#-}" != "$1" ]; then set -- docker "$@" fi if docker help "$1" > /dev/null 2>&1; then set -- docker "$@" fi if [ -z "$DOCKER_HOST" -a "$DOCKER_PORT_2375_TCP" ]; then export DOCKER_HOST='tcp://docker:2375' fi exec "$@"

After placing these files, exit the container and commit it as a new image: docker commit -a "peishunwu" -m "add docker and tools" d5884406725a dockerubuntu

Verify the new image with docker images . When a container is launched from this image, any Docker command runs against the remote Docker server (e.g., 192.168.0.58) without the user noticing, thereby protecting the cluster’s security and stability while allowing independent configuration of the remote daemon.

In summary, this method provides a seamless, user‑transparent way to use a remote Docker service, improving isolation and manageability in container‑orchestrated environments.