https://rancher.com/ logo
Title
h

hundreds-crowd-93261

05/18/2022, 7:01 PM
so im trying to create a non-rootless docker setup because i think rootless is causing me some trouble when trying to use KIND w/ cilium. atm im just copying the docker.yaml template and tweaking it, and ive got it working, but the port-forward isn’t working, even after updating it to use
/var/run/docker.sock
.
b

best-city-49378

05/18/2022, 7:02 PM
Permissions ?
h

hundreds-crowd-93261

05/18/2022, 7:02 PM
the guest agent runs as root, so id think it has permissions to access the socket
but thats kinda what ive been wondering, if it’s some perms mismatch issue
b

best-city-49378

05/18/2022, 7:03 PM
Socket is ssh, no ?
h

hundreds-crowd-93261

05/18/2022, 7:03 PM
what do you mean?
b

best-city-49378

05/18/2022, 7:04 PM
As long as your Linux user is part of “docker” group
Socket forwarding is done with a
ssh -L
h

hundreds-crowd-93261

05/18/2022, 7:04 PM
ahhhh
ok, that might answer it
where can i find the available template variables for the lima config?
hmm im trying to add my user to the docker group as part of the provision scripts but not having luck, though manually running it works, i also have issues with it picking up the group (i think that lima sets up a persistent ssh connection, so that might be why)
hmmm well even if i break the SSH connection, the socket port-forward doesn’t seem to be restarted until i reboot the VM
@fast-garage-66093 your a genius, thanks for the tip in GH
g

great-rainbow-93322

05/18/2022, 8:23 PM
Hey! so does this chmod command avoid a VM restart?
I’ve a similar setup because docker rootless was also bringing other issues with the KinD network
h

hundreds-crowd-93261

05/18/2022, 8:30 PM
@great-rainbow-93322 yep! and yeah, KIND is why im trying to not use rootless
🙌 1
f

fast-garage-66093

05/18/2022, 8:31 PM
Any reason you prefer KIND over k3d?
h

hundreds-crowd-93261

05/18/2022, 8:32 PM
lots of my co-workers use KIND, and im trying to run on ubuntu which has a kernel with BTF compiled in
also multi-node support
now i just need to figure out how to make this docker setup support qemu binfmt
f

fast-garage-66093

05/18/2022, 8:32 PM
Yeah, but k3d does that too, no?
g

great-rainbow-93322

05/18/2022, 8:33 PM
same here, we are using KinD in our CI & E2E tests, so it’s best to stay close to this. Also, we don’t need an ingress controller (Traefik) but Gloo 🙂. EDIT: and yes, we need multi node too for our service mesh solution and other local testing purpose.
h

hundreds-crowd-93261

05/18/2022, 8:34 PM
k3d @fast-garage-66093 does what? multi-node? sure, but im less familiar with k3s/k3d
f

fast-garage-66093

05/18/2022, 8:37 PM
Yeah, I guess familiarity is the important point.
Yeah, I meant "k3d does multi-node as well"
h

hundreds-crowd-93261

05/18/2022, 8:41 PM
ah. yeah, i figure k3d is basically KIND but with k3s
👍 1
worst thing about KIND so far is having to load images, i miss sharing the shared docker image cache behavior of using RD w/ dockerd
b

best-city-49378

05/18/2022, 8:47 PM
Yeah, that was always a popular feature in minikube
h

hundreds-crowd-93261

05/18/2022, 8:47 PM
woot got binfmt stuff working, also seems hella sketch that the GHA for setup qemu binfmt is pulling an image that’s not in docker’s namespace 😐
b

best-city-49378

05/18/2022, 8:47 PM
Took quite some effort to get it working with cri-o (buildah) and containerd (buildkitd) as well as with docker
h

hundreds-crowd-93261

05/18/2022, 8:47 PM
is there a better way to do this? 😄
docker run --privileged --rm tonistiigi/binfmt --install all
b

best-city-49378

05/18/2022, 8:52 PM
Has similar scripts
f

fast-garage-66093

05/18/2022, 8:53 PM
I know Toni's version includes additional upstream patches, at least for Alpine, so it may be preferable to use his binaries
Not sure why you wouldn't want to run that image
h

hundreds-crowd-93261

05/18/2022, 8:55 PM
well i dislike running ‘untrusted/random’ images, but in this case, i guess he works at Docker
🤣 1
b

best-city-49378

05/18/2022, 8:56 PM
It’s like the definition of Docker
f

fast-garage-66093

05/18/2022, 8:56 PM
Indeed, he does, and I think this is the code that runs in Docker Desktop as well (but haven't actually verified, as I'm not supposed to look at it)
😭 1
Docker Desktop has anti-reverse-engineering and anti-benchmarking clauses in its license...
But it is ok if other people tell me what it does, or how it compares 😄
h

hundreds-crowd-93261

05/19/2022, 6:57 PM
😡 the chmod seems to not be working after a reboot. user-data runs everytime doesn’t it?
ah, i wait i see what’s up
command -v docker >/dev/null 2>&1 && exit 0
runs first 😄