I would like to know more about how RD manages images - particularly on macOS in containerd mode. When I do

nerdctl build

in containerd mode, where and how does the image end up and what components process the command (e.g., how do nerdctl, containerd, and buildkit relate in such scenario, are there some other relevant components, etc.)? I assume that in Docker mode, the logic is handled by Docker daemon, socket, and registry, but that in containerd mode these are not available (correct me if I’m wrong). Btw, is the same buildkitd accessed in both Docker mode (when using buildx/buildkit) and containerd mode?

• The

nerdctl

binary on macOS calls the

nerdctl

binary inside the Linux VM • The

nerdctl

binary inside the Linux VM calls the

buildctl

binary • The

buildctl

binary connects to

buildkitd

and calls its gRPC API

Hmm, I see. I guess Docker’s buildkitd is bundled with Docker and thus separate? Or is there some other reason why buildkitd is not shared between the modes?

DOCKER_BUILDKIT=1

uses BuildKit as a library, but does not use buildkitd daemon

docker buildx

typically uses a BuildKit daemon running in a Docker container with the OCI worker mode

Ok, this explains things. Thanks. I’m trying to figure out how jib (ticket, ticket) could be made to work with RD. It can push to image registries without dependencies on Docker, but local build requires Docker daemon. Would it be possible for RD to expose the internal registry - I guess there’s some daemon running that provides standard registry interface? If this would be possible, I could just pass the registry’s localhost URL to jib and achieve what I want. Would this make sense and be possible?

@melodic-hamburger-23329 Hi did you try adding

--namespace <http://k8s.io|k8s.io>

https://docs.rancherdesktop.io/tutorials/working-with-images/

@bored-farmer-36655 What do you mean? I’m trying to build image using jib while RD is in containerd mode. In docker mode jib works as it can utilize docker socket, but in containerd mode there doesn’t seem to be such socket or registry endpoint that jib could use.

@melodic-hamburger-23329 ahh I was under the impression you were using nerdctl

@melodic-hamburger-23329 I'm confused by your reference to a "registry". There is no registry running by default; you just have the local filesystem that is used to store the images.

nerdctl

needs access to this filesystem for pulling images, or building them, which is why it has to run inside the VM, and the

nerdctl

command on macOS is just a wrapper that invokes the real command inside the VM shell. See also Support remote containerd management · Issue #473 · containerd/nerdctl