-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a prototype of direct image build on containerd and cri-o #15389
Comments
@afbjorklund knows a POC in his mind that could work, please share so someone could pick it up |
/assign |
For accessing the
So the first step, would be to make sure that using SSH for
https://docs.docker.com/engine/security/protect-access/#use-ssh-to-protect-the-docker-daemon-socket Then all the other runtimes need to do, is to provide a |
Typical output of
Typical output of
docker@minikube:~$ DOCKER_HOST=unix:///var/run/docker.sock docker version
Client: Docker Engine - Community
Version: 20.10.20
API version: 1.41
Go version: go1.18.7
Git commit: 9fdeb9c
Built: Tue Oct 18 18:20:23 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.20
API version: 1.41 (minimum version 1.12)
Go version: go1.18.7
Git commit: 03df974
Built: Tue Oct 18 18:18:12 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.9
GitCommit: 1c90a442489720eec95342e1789ee8a5e1b9536f
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
|
The docker@minikube:~$ DOCKER_HOST=unix:///var/run/nerdctl.sock docker version
Client: Docker Engine - Community
Version: 20.10.20
API version: 1.40
Go version: go1.18.7
Git commit: 9fdeb9c
Built: Tue Oct 18 18:20:23 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
nerdctl:
Version: 1.0.0
buildctl:
Version: 0.10.6
GitCommit: 0c9b5aeb269c740650786ba77d882b0259415ec7
containerd:
Version: 1.6.9
GitCommit: 1c90a442489720eec95342e1789ee8a5e1b9536f
runc:
Version: 1.1.4
Engine:
Version: 1.0.0
API version: 1.40 (minimum version 1.24)
Go version: go1.19.2
Git commit: c00780a1f5b905b09812722459c54936c9e070e6
Built:
OS/Arch: linux/amd64
Experimental: true Note that the unit CONTAINERD_NAMESPACE need to be changed to use "k8s.io" The docker@minikube:~$ DOCKER_HOST=unix:///run/podman/podman.sock docker version
Client: Docker Engine - Community
Version: 20.10.20
API version: 1.40
Go version: go1.18.7
Git commit: 9fdeb9c
Built: Tue Oct 18 18:20:23 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: linux/amd64/ubuntu-20.04
Podman Engine:
Version: 3.4.2
APIVersion: 3.4.2
Arch: amd64
BuildTime: 1970-01-01T00:00:00Z
Experimental: false
GitCommit:
GoVersion: go1.15.2
KernelVersion: 5.4.0-131-generic
MinAPIVersion: 3.1.0
Os: linux
Conmon:
Version: conmon version 2.1.2, commit:
Package: conmon: /usr/libexec/podman/conmon
OCI Runtime (crun):
Version: crun version UNKNOWN
commit: ea1fe3938eefa14eb707f1d22adff4db670645d6
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
Package: crun: /usr/bin/crun
Engine:
Version: 3.4.2
API version: 1.40 (minimum version 1.24)
Go version: go1.15.2
Git commit:
Built: Thu Jan 1 00:00:00 1970
OS/Arch: linux/amd64
Experimental: false
|
The default option in minikube should be to use the https://minikube.sigs.k8s.io/docs/commands/image/ The "docker-env" command is mostly for backwards compatibility, and the "podman-env" should be fully deprecated. It is also possible to do everything yourself with the The main use for "docker-env", is when using minikube as a replacement for Docker Toolbox and Docker Machine... That is, as an OS alternative to Docker Desktop. Not when running a Kubernetes cluster, which doesn't need Docker.
So the If you need to run containerd in a VM, there are other projects. |
As per the docker instructions, one should make sure to configure $DOCKER_HOST on the remote side
So that when one connects via ssh, the environment variable points to the correct unix socket location. Using the path parameter in the URL is not supported:
A workaround is to create a symlink from the default location ( The same goes for setting up a tunneled local unix socket, just to avoid adding the identity and host keys. So the best is to use a global configuration in /etc, to properly set the socket location for the selected runtime ?
Normally the variable contains the URL (with a * requires the "cri" containerd plugin to be enabled The node also needs to have a "docker" program installed. The program doesn't have to do anything but be able to run the hardcoded If not having the real Note that |
See this issue, for the "nerdctl" installation: It only needs the client, not the "nerdctl-full" install. For building images, a "buildkit" installation is needed. This is the full "containerd" runtime installation: sbin/runc bin/ctr bin/buildctl bin/nerdctl The CRI plugin is included and enabled by default: https://kubernetes.io/blog/2018/05/24/kubernetes-containerd-integration-goes-ga/ (it is disabled in the docker packaging, but not in the upstream default configuration) The buildkitd and nerdctld are socket-activated, so only started when actually used. |
This is the full "cri-o" runtime installation: bin/crun bin/conmon bin/crio bin/podman The "podman" binary is both client and server. |
Note: for Docker 23.0.x, you need to use DOCKER_BUILDKIT=0 when using It is somewhat ironic, since it will always use BuildKit - but it is not managed by Docker. |
What Happened?
we need to create a similar feature to docker-env that is only for docker-runtime.
The text was updated successfully, but these errors were encountered: