Closed gciria closed 1 month ago
nerdctl image convert command should work without additional privileges.
e.g.
CONVERT_COMMANDS="\
nerdctl pull --unpack=false ghcr.io/stargz-containers/ubuntu:22.04-org && \
nerdctl image convert --estargz --oci ghcr.io/stargz-containers/ubuntu:22.04-org ubuntu:esgz && \
nerdctl save ubuntu:esgz > /out/image.tar" ; docker run -v /tmp/testimg/:/out/ --rm --entrypoint=/bin/sh -t nerdctl -c "containerd & sleep 1 && ${CONVERT_COMMANDS}"
oh this is exactly what I'm looking for. Thanks @ktock , it worked!
I started using eStargz in my custom EKS AMIs. At the moment, images that need conversion to eStargz, unfortunately, I'm doing manually and pushing to the registry.
To better contextualize, all my projects are on GitLab with a Dockerfile. There is a build with Kaniko (custom image) and a deploy to EKS.
I'm having difficulty replacing my Kaniko Debugger image with some client that can transform my images into the eStargz format and push them to my registries.
Honestly, I can add Nerdctl to the Dockerfile, generate the image, and replace Kaniko. However, it requires adding "
privilege
" to my GitLab Runner. And that flag is out of the question.My question is: How do you currently do it and what are the best practices? Am I missing something?