Run an amd64 docker-in-docker (dind) container on an arm64 host (Apple silicon machine)

Question

I am trying to run an amd64 docker-in-docker (dind) container on an arm64 host (Apple silicon), because some images to be run on this dind are amd64 only (e.g. MySQL-5.7).

Run this command on a Mac with Apple chip:

docker run --platform linux/amd64 --privileged --name dind docker:dind

The error message got:

......
time="2022-04-16T04:28:03.742307088Z" level=info msg="Loading containers: start."
time="2022-04-16T04:28:03.757473421Z" level=warning msg="Running iptables --wait -t nat -L -n failed with message: `iptables v1.8.7 (legacy): can't initialize iptables table `nat': iptables who? (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.`, error: exit status 3"
time="2022-04-16T04:28:03.973541463Z" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
time="2022-04-16T04:28:03.974672671Z" level=info msg="stopping healthcheck following graceful shutdown" module=libcontainerd
time="2022-04-16T04:28:03.975118338Z" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: 
error obtaining controller instance: failed to create NAT chain DOCKER: 
iptables failed: iptables -t nat -N DOCKER: iptables v1.8.7 (legacy):
can't initialize iptables table `nat': iptables who?
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)

Output of docker version

Server: Docker Desktop 4.7.0 (77141)
 Engine:
  Version:          20.10.14
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.15
  Git commit:       87a90dc
  Built:            Thu Mar 24 01:45:44 2022
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.5.11
  GitCommit:        3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc:
  Version:          1.0.3
  GitCommit:        v1.0.3-0-gf46b6ba
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Answer 1

Asked the same question in github, and got an answer https://github.com/docker/for-mac/issues/6284

Basically it has no direct solution:

This is not possible. The emulation layer does not support ip routing capabilities.

But you can do this:

on an ARM host, bring up a arm64 dind with

docker run --privileged --name dind docker:dind

And then run an mysql:5.7 container (which only has linux/amd64 architecture) with --platform linux/amd64

docker run --platform linux/amd64 --name some-mysql -e MYSQL_ROOT_PASSWORD=foopass -p3306:3306 -d mysql:5.7

Equivalently, you can docker pull --platform linux/amd64 mysql:5.7 at first, and then docker run without the --platform flag.