where does RD links the `containerd sock` file on the macOS rancher-users #rancher-desktop

Title

polite-engineer-55788

06/07/2022, 7:17 AM

where does RD links the

containerd.sock

file on the macOS host ?

fast-garage-66093

06/07/2022, 7:19 AM

It doesn't; it only links

docker.sock

polite-engineer-55788

06/07/2022, 7:19 AM

does this make sense

nerdctl run --privileged -it -v /Users/kameshs/.rd/docker.sock=:/run/containerd/containerd.sock <http://quay.io/kameshsampath/nerdctl|quay.io/kameshsampath/nerdctl> bash

fast-garage-66093

06/07/2022, 7:20 AM

nerdctl

runs inside the VM because it needs access to the file system; you cannot do

nerdctl build -n <http://k8s.io|k8s.io>

just over the socket

You cannot mount sockets from the host into the container; you can only mount sockets from inside the VM

polite-engineer-55788

06/07/2022, 7:21 AM

I want to start a container from another

is there anyway to do it ?

fast-garage-66093

06/07/2022, 7:23 AM

What do you want to mount, the

docker.sock

, or

containerd.sock

polite-engineer-55788

06/07/2022, 7:23 AM

containerd.sock should be helpful

fast-garage-66093

06/07/2022, 7:24 AM

Use

/run/k3s/containerd/containerd.sock

Just mount this into your container and you should be able to connect to it from inside

polite-engineer-55788

06/07/2022, 7:25 AM

nerdctl run -it --privileged -v /run/k3s/containerd/containerd.sock:/run/containerd/containerd.sock <http://quay.io/kameshsampath/nerdctl|quay.io/kameshsampath/nerdctl> bash

when I tried that and do

nerdctl images

in container I dont see the images I already pulled into

default

namespace

same happens to

nerdctl images --namespace=<http://k8s.io|k8s.io>

thought I have a running k3s cluster in RD

fast-garage-66093

06/07/2022, 7:28 AM

idk, I would have expected it to work; I cannot pull your image, so I cannot try it myself

polite-engineer-55788

06/07/2022, 7:30 AM

pushing my image to my registry 2 mins

you can now pull

docker pull quay.io/kameshsampath/nerdctl

fast-garage-66093

06/07/2022, 7:33 AM

Used a random

nerdctl

image from dockerhub and it works:

lima-rancher-desktop:/Users/jan$ nerdctl run -it --privileged -v /run/k3s/containerd/containerd.sock:/run/containerd/containerd.sock bensonyanger/nerdctl im
ages
REPOSITORY              TAG       IMAGE ID        CREATED          PLATFORM       SIZE
bensonyanger/nerdctl    latest    acb38a408354    7 seconds ago    linux/amd64    32.5 MiB
busybox                 latest    de56395ae078    3 minutes ago    linux/amd64    1.3 MiB

polite-engineer-55788

06/07/2022, 7:33 AM

ah 🤔

fast-garage-66093

06/07/2022, 7:35 AM

It doesn't work with your image, but the issue is with your image and not the way the socket is mounted, as you can see in my example above

polite-engineer-55788

06/07/2022, 7:35 AM

yeah I think so the issue with my image

fast-garage-66093

06/07/2022, 7:36 AM

BTW, container doesn't need to be privileged:

lima-rancher-desktop:/Users/jan$ nerdctl run -v /run/k3s/containerd/containerd.sock:/run/containerd/containerd.sock bensonyanger/nerdctl images
REPOSITORY                       TAG       IMAGE ID        CREATED          PLATFORM       SIZE
bensonyanger/nerdctl             latest    acb38a408354    3 minutes ago    linux/amd64    32.5 MiB
busybox                          latest    de56395ae078    6 minutes ago    linux/amd64    1.3 MiB
<http://quay.io/kameshsampath/nerdctl|quay.io/kameshsampath/nerdctl>    latest    86ba57890bb2    2 minutes ago    linux/arm64    588.8 MiB

polite-engineer-55788

06/07/2022, 7:36 AM

I just did as said in

nerdctl

repo to build image .. will investigate

fast-garage-66093

06/07/2022, 7:36 AM

Yeah, I have to sleep now, but this should get you onto the right path...

polite-engineer-55788

06/07/2022, 7:36 AM

no worries, have good night. ttyl

thanks for pointers

fast-garage-66093

06/07/2022, 7:37 AM

Oh, I see you are using an

arm64

image; I'm on an

amd64

machine; that's maybe partially the problem for me

polite-engineer-55788

06/07/2022, 7:38 AM

yeah I am on arm64 and also I need --privileged to mount the fs otherwise I cant

fast-garage-66093

06/07/2022, 7:39 AM

ok, not sure why that is true, but I have to leave now...

👍🏽 1

polite-engineer-55788

06/07/2022, 7:52 AM

it seem to be an issue with my earlier image build

did one with just the client and used the same command as above, it works like a charm 🙂

https://gist.github.com/kameshsampath/c61493e9a7946ab99a745fb075a9ae62

I also did not use

--privileged

@best-city-49378 this helped to solve the other dicsussion

best-city-49378

06/07/2022, 9:17 AM

What discussion ? Since nerdctl/containerd/buildkitd doesn't have a remote protocol, you're left to bind-mounting

As far as I know you need to mount both the sockets and the storage, but we are just running

nerdctl

over ssh instead.

polite-engineer-55788

06/07/2022, 10:47 AM

https://rancher-users.slack.com/archives/C0200L1N1MM/p1654486936950519

As far as I know you need to mount both the sockets and the storage, but we are just running nerdctl over ssh instead.

why so ?

best-accountant-68201

06/08/2022, 7:54 AM

why

https://github.com/containerd/nerdctl/issues/473#issuecomment-953548961

best-city-49378

06/08/2022, 8:09 AM

Using podman had the same issues, before they reimplemented a docker socket (main difference was they added a ssh:// protocol by default, rather than letting the user do the ssh tunneling)

5 Views

#rancher-desktop Join Slack