I would like to know more about how RD manages images partic rancher-users #rancher-desktop

Title

melodic-hamburger-23329

06/08/2022, 3:58 AM

I would like to know more about how RD manages images - particularly on macOS in containerd mode. When I do

nerdctl build

in containerd mode, where and how does the image end up and what components process the command (e.g., how do nerdctl, containerd, and buildkit relate in such scenario, are there some other relevant components, etc.)? I assume that in Docker mode, the logic is handled by Docker daemon, socket, and registry, but that in containerd mode these are not available (correct me if I’m wrong). Btw, is the same buildkitd accessed in both Docker mode (when using buildx/buildkit) and containerd mode?

best-accountant-68201

06/08/2022, 7:45 AM

• The

nerdctl

binary on macOS calls the

nerdctl

binary inside the Linux VM • The

nerdctl

binary inside the Linux VM calls the

buildctl

binary • The

buildctl

binary connects to

buildkitd

and calls its gRPC API

✅ 1

The buildkitd instance is different from Docker’s buildkitd instance

melodic-hamburger-23329

06/08/2022, 8:07 AM

Hmm, I see. I guess Docker’s buildkitd is bundled with Docker and thus separate? Or is there some other reason why buildkitd is not shared between the modes?

best-accountant-68201

06/08/2022, 8:08 AM

DOCKER_BUILDKIT=1

uses BuildKit as a library, but does not use buildkitd daemon

docker buildx

uses buildkitd. The implementation is same as nerdctl’s buildkitd, but instances are different

docker buildx

typically uses a BuildKit daemon running in a Docker container with the OCI worker mode

nerdctl typically uses a BuildKit daemon running on the container host (Linux VM) with the containerd worker mode

(

docker buildx

does not use the container worker mode because Docker still does not utilize containerd for image management)

melodic-hamburger-23329

06/08/2022, 8:58 AM

docker buildx
typically uses a BuildKit daemon running in a Docker container with the OCI worker mode

Ok, this explains things. Thanks. I’m trying to figure out how jib (ticket, ticket) could be made to work with RD. It can push to image registries without dependencies on Docker, but local build requires Docker daemon. Would it be possible for RD to expose the internal registry - I guess there’s some daemon running that provides standard registry interface? If this would be possible, I could just pass the registry’s localhost URL to jib and achieve what I want. Would this make sense and be possible?

bored-farmer-36655

06/08/2022, 3:03 PM

@melodic-hamburger-23329 Hi did you try adding

--namespace <http://k8s.io|k8s.io>

https://docs.rancherdesktop.io/tutorials/working-with-images/

melodic-hamburger-23329

06/08/2022, 3:32 PM

@bored-farmer-36655 What do you mean? I’m trying to build image using jib while RD is in containerd mode. In docker mode jib works as it can utilize docker socket, but in containerd mode there doesn’t seem to be such socket or registry endpoint that jib could use.

bored-farmer-36655

06/08/2022, 3:39 PM

@melodic-hamburger-23329 ahh I was under the impression you were using nerdctl

fast-garage-66093

06/08/2022, 4:47 PM

@melodic-hamburger-23329 I'm confused by your reference to a "registry". There is no registry running by default; you just have the local filesystem that is used to store the images.

nerdctl

needs access to this filesystem for pulling images, or building them, which is why it has to run inside the VM, and the

nerdctl

command on macOS is just a wrapper that invokes the real command inside the VM shell. See also Support remote containerd management · Issue #473 · containerd/nerdctl

60 Views