https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# lima
a
This message was deleted.
b
Permissions ?
h
the guest agent runs as root, so id think it has permissions to access the socket
but thats kinda what ive been wondering, if it’s some perms mismatch issue
b
Socket is ssh, no ?
h
what do you mean?
b
As long as your Linux user is part of “docker” group
Socket forwarding is done with a 
ssh -L
h
ahhhh
ok, that might answer it
where can i find the available template variables for the lima config?
hmm im trying to add my user to the docker group as part of the provision scripts but not having luck, though manually running it works, i also have issues with it picking up the group (i think that lima sets up a persistent ssh connection, so that might be why)
hmmm well even if i break the SSH connection, the socket port-forward doesn’t seem to be restarted until i reboot the VM
@fast-garage-66093 your a genius, thanks for the tip in GH
g
Hey! so does this chmod command avoid a VM restart?
I’ve a similar setup because docker rootless was also bringing other issues with the KinD network
h
@great-rainbow-93322 yep! and yeah, KIND is why im trying to not use rootless
🙌 1
f
Any reason you prefer KIND over k3d?
h
lots of my co-workers use KIND, and im trying to run on ubuntu which has a kernel with BTF compiled in
also multi-node support
now i just need to figure out how to make this docker setup support qemu binfmt
f
Yeah, but k3d does that too, no?
g
same here, we are using KinD in our CI & E2E tests, so it’s best to stay close to this. Also, we don’t need an ingress controller (Traefik) but Gloo 🙂. EDIT: and yes, we need multi node too for our service mesh solution and other local testing purpose.
h
k3d @fast-garage-66093 does what? multi-node? sure, but im less familiar with k3s/k3d
f
Yeah, I guess familiarity is the important point.
Yeah, I meant "k3d does multi-node as well"
Untitled.txt
h
ah. yeah, i figure k3d is basically KIND but with k3s
👍 1
worst thing about KIND so far is having to load images, i miss sharing the shared docker image cache behavior of using RD w/ dockerd
b
Yeah, that was always a popular feature in minikube
h
woot got binfmt stuff working, also seems hella sketch that the GHA for setup qemu binfmt is pulling an image that’s not in docker’s namespace 😐
b
Took quite some effort to get it working with cri-o (buildah) and containerd (buildkitd) as well as with docker
h
is there a better way to do this? 😄
Copy code
docker run --privileged --rm tonistiigi/binfmt --install all
b
Has similar scripts
f
I know Toni's version includes additional upstream patches, at least for Alpine, so it may be preferable to use his binaries
Not sure why you wouldn't want to run that image
h
well i dislike running ‘untrusted/random’ images, but in this case, i guess he works at Docker
🤣 1
b
It’s like the definition of Docker
f
Indeed, he does, and I think this is the code that runs in Docker Desktop as well (but haven't actually verified, as I'm not supposed to look at it)
😭 1
Docker Desktop has anti-reverse-engineering and anti-benchmarking clauses in its license...
But it is ok if other people tell me what it does, or how it compares 😄
h
😡 the chmod seems to not be working after a reboot. user-data runs everytime doesn’t it?
ah, i wait i see what’s up
Copy code
command -v docker >/dev/null 2>&1 && exit 0
runs first 😄
52 Views
Open in Slack
PreviousNext
Powered by