Channels
extensions
rancher-extensions
supermicro-sixsq
ozt
os
one-point-x
rio
onlinemeetup
v16-v21-migration
events
onlinetraining
training-1220
training-0110
training-0124
k3s-contributor
submariner
storage
k3os
windows
ci-cd
theranchcast
rfed_ara
nederlands
ukranian
danish
training-0131
masterclass
training-0207
training-0214
terraform-controller
epinio
phillydotnet
swarm
rancher-wrangler
deutsch
russian
chinese
mesos
français
japanese
arm
longhorn-dev
terraform-provider-rke
service-mesh
azure
gcp
academy
random
elemental
espanol
lima
harvester-dev
portugues
kubernetes
kim
hypper
kubewarden
opni
logging
neuvector-security
rancher-setup
developer
office-hours
mexico
cabpr
rke
vsphere
longhorn-storage
k3s
k3d
terraform-provider-rancher2
fleet
amazon
harvester
rke2
s3gw
hobbyfarm
rancher-desktop
general
Title
h
hundreds-crowd-93261
05/18/2022, 7:01 PMso im trying to create a non-rootless docker setup because i think rootless is causing me some trouble when trying to use KIND w/ cilium. atm im just copying the docker.yaml template and tweaking it, and ive got it working, but the port-forward isn’t working, even after updating it to use
/var/run/docker.sockb
best-city-49378
05/18/2022, 7:02 PMPermissions ?
h
hundreds-crowd-93261
05/18/2022, 7:02 PMthe guest agent runs as root, so id think it has permissions to access the socket
but thats kinda what ive been wondering, if it’s some perms mismatch issue
b
best-city-49378
05/18/2022, 7:03 PMSocket is ssh, no ?
h
hundreds-crowd-93261
05/18/2022, 7:03 PMwhat do you mean?
b
best-city-49378
05/18/2022, 7:04 PMAs long as your Linux user is part of “docker” group
Socket forwarding is done with a
ssh -Lh
hundreds-crowd-93261
05/18/2022, 7:04 PMahhhh
ok, that might answer it
where can i find the available template variables for the lima config?
nvm just looked in the source https://github.com/lima-vm/lima/blob/b40d4c312eac90c7aeadde4706882049471b0554/pkg/cidata/template.go#L45-L65
hmm im trying to add my user to the docker group as part of the provision scripts but not having luck, though manually running it works, i also have issues with it picking up the group (i think that lima sets up a persistent ssh connection, so that might be why)
hmmm well even if i break the SSH connection, the socket port-forward doesn’t seem to be restarted until i reboot the VM
@fast-garage-66093 your a genius, thanks for the tip in GH
g
great-rainbow-93322
05/18/2022, 8:23 PMHey! so does this chmod command avoid a VM restart?
I’ve a similar setup because docker rootless was also bringing other issues with the KinD network
h
hundreds-crowd-93261
05/18/2022, 8:30 PM@great-rainbow-93322 yep! and yeah, KIND is why im trying to not use rootless
🙌 1
f
fast-garage-66093
05/18/2022, 8:31 PMAny reason you prefer KIND over k3d?
h
hundreds-crowd-93261
05/18/2022, 8:32 PMlots of my co-workers use KIND, and im trying to run on ubuntu which has a kernel with BTF compiled in
also multi-node support
now i just need to figure out how to make this docker setup support qemu binfmt
f
fast-garage-66093
05/18/2022, 8:32 PMYeah, but k3d does that too, no?
g
great-rainbow-93322
05/18/2022, 8:33 PMsame here, we are using KinD in our CI & E2E tests, so it’s best to stay close to this. Also, we don’t need an ingress controller (Traefik) but Gloo 🙂. EDIT: and yes, we need multi node too for our service mesh solution and other local testing purpose.
h
hundreds-crowd-93261
05/18/2022, 8:34 PMk3d @fast-garage-66093 does what? multi-node? sure, but im less familiar with k3s/k3d
f
fast-garage-66093
05/18/2022, 8:37 PMYeah, I guess familiarity is the important point.
Yeah, I meant "k3d does multi-node as well"
h
hundreds-crowd-93261
05/18/2022, 8:41 PMah. yeah, i figure k3d is basically KIND but with k3s
👍 1
worst thing about KIND so far is having to load images, i miss sharing the shared docker image cache behavior of using RD w/ dockerd
b
best-city-49378
05/18/2022, 8:47 PMYeah, that was always a popular feature in minikube
h
hundreds-crowd-93261
05/18/2022, 8:47 PMwoot got binfmt stuff working, also seems hella sketch that the GHA for setup qemu binfmt is pulling an image that’s not in docker’s namespace 😐
b
best-city-49378
05/18/2022, 8:47 PMTook quite some effort to get it working with cri-o (buildah) and containerd (buildkitd) as well as with docker
h
hundreds-crowd-93261
05/18/2022, 8:47 PMis there a better way to do this? 😄
docker run --privileged --rm tonistiigi/binfmt --install allb
best-city-49378
05/18/2022, 8:52 PMHas similar scripts
f
fast-garage-66093
05/18/2022, 8:53 PMI know Toni's version includes additional upstream patches, at least for Alpine, so it may be preferable to use his binaries
Not sure why you wouldn't want to run that image
h
hundreds-crowd-93261
05/18/2022, 8:55 PMwell i dislike running ‘untrusted/random’ images, but in this case, i guess he works at Docker
🤣 1
b
best-city-49378
05/18/2022, 8:56 PMIt’s like the definition of Docker
f
fast-garage-66093
05/18/2022, 8:56 PMIndeed, he does, and I think this is the code that runs in Docker Desktop as well (but haven't actually verified, as I'm not supposed to look at it)
😭 1
Docker Desktop has anti-reverse-engineering and anti-benchmarking clauses in its license...
But it is ok if other people tell me what it does, or how it compares 😄
h
hundreds-crowd-93261
05/19/2022, 6:57 PM😡 the chmod seems to not be working after a reboot. user-data runs everytime doesn’t it?
ah, i wait i see what’s up
command -v docker >/dev/null 2>&1 && exit 0