-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add buildah/podman for managing images #488
Comments
Any news? |
I'm very interested in this. Basically today k3s does not address the full flow of container development, namely building images. I think it may be companion project too. If I have some time I'll look into this. I would say that I wouldn't expect this soon because the effort is probably substantial. It would be significantly easier if podman, buildah was built on the same libraries as containerd, but they aren't. |
I'm interested on this because I would like to create k3s images which run e.g. full istio and knative inside a container. With dind (and kind) this is a bit cumbersome. You may ask why would I want to run istio with k3s in container? For easy and reproducible learning setup. Podman is great for many reasons, one is that you can pull during a creation of a image, e.g. in Dockerfile RUN podman pull nginx Same thing can't be done with dind because it requires dockerd to be running. |
For me this I see entirely about image management in the cluster itself. When setting up a test/dev cluster, I find myself wanting to create containers on the more often than not, because I just don’t have hat many machines (or the right kind of machines) lying around. |
@ibuildthecloud we are now very interested in this . Docker is pretty much not moving on cgroups v2 opencontainers/runc#654 in order to force this issue, Fedora has made cgroups v2 as default and mandatory in the new upcoming Fedora 31 causing docker to fail to run. docker/for-linux#665 Podman (and other docker equivalents) have supported cgroups v2 for years. Being tied to docker is probably not the best idea at this point. |
also related to #900 |
Rio already integrates image builder (buildkit) into k3s |
Anyway Kubernetes doesn't support cgroup2 yet |
@sandys "Docker is pretty much not moving on cgroups v2" is totally false. The |
Docker+crun+cgroup2 still doesn't work yet because shim doesn't support cgroup2. |
Hi Justin
My comment was not intended as a blame, but simply highlighting status quo.
With the next Fedora drop, there is a high likelihood that we will be
locked out of docker.
And in the context of os vs docker...OS wins (because of overall security,
etc etc etc).
Sorry if the words sounded unfriendly
…On Mon, 28 Oct, 2019, 17:15 Akihiro Suda, ***@***.***> wrote:
@justincormack <https://github.com/justincormack>
Docker+crun+cgroup2 still doesn't work yet because shim doesn't support
cgroup2.
PR: containerd/cgroups#102
<containerd/cgroups#102>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#488>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAASYUZQT6VTZ5S45AO2IKDQQ3GFRANCNFSM4HN3EC3A>
.
|
I’m just going to add a little note here that I’d be perfectly OK with something else but podman (in fact, in the months since I opened this issue, I’ve had a few issues with podman and would rather not rely on it). |
containerd and runc dont support cgroup2 yet, there are alternatives. I believe this issue is best for tracking containerd catching up. |
Both supports cgroup2 |
Well it seems to be a problem for me:
|
news solutions ? |
also interewsting in that |
Following thread. Per PR #2584:
|
FWIW we will probably be filling this gap by integrating https://github.com/rancher/k3c |
Well, as long as there is a simple option for having a private registry, possibly even an in-cluster one that can work without Internet access - possibly also without TLS, since it is a major pain for IoT and industrial environments without connectivity - I'm good. |
@dweomer assigning to you. Can you add or link to your design of k3c/k3b here? |
W.r.t. the original discussion about images, e.g. |
From our PoV k3c seems a distraction. This can be done as the last resort before flagging a not found error - that might be enough to preserve existing behavior? |
@bbros-dev, bit unrelated to this issue: Can I install podman next to k3s? Or will this break things? |
We aren't k3s-io devs.... but our understanding is that k3c duplicates the Podman/Buildah/Skopeo functionality, so you should be able to run them side by side. To be safe maybe try running Buildah along side k3s? Right now, as best we can tell (and from week old memory), you cannot access Podman managed images from k3s. |
So this is closed without a definitive answer? |
@rcarmo, from what I understand the answer is to use nerdctl for managing images and a separate stack of podman / buildah and so on for building images |
Is your feature request related to a problem? Please describe.
I require the ability to re-tag and manage images (including pushing to a private registry) inside the k3s environment (typically at the master or single node).
Describe the solution you'd like
I would like to have either
buildah
orpodman
baked in, similarly to howcrictl
is currently made available.Describe alternatives you've considered
Installing either separately.
Additional context
N/A
The text was updated successfully, but these errors were encountered: