search

containerd / stargz-snapshotter

Fast container image distribution plugin with lazy pulling
https://github.com/containerd/containerd/issues/3731
Apache License 2.0
1.1k stars 110 forks source link

What is the best way to build Dockerfiles in the GitLab Pipeline? #1719

Closed gciria closed 1 month ago

gciria commented 1 month ago

I started using eStargz in my custom EKS AMIs. At the moment, images that need conversion to eStargz, unfortunately, I'm doing manually and pushing to the registry.

To better contextualize, all my projects are on GitLab with a Dockerfile. There is a build with Kaniko (custom image) and a deploy to EKS.

I'm having difficulty replacing my Kaniko Debugger image with some client that can transform my images into the eStargz format and push them to my registries.

Honestly, I can add Nerdctl to the Dockerfile, generate the image, and replace Kaniko. However, it requires adding "privilege" to my GitLab Runner. And that flag is out of the question.

My question is: How do you currently do it and what are the best practices? Am I missing something?

ktock commented 1 month ago

nerdctl image convert command should work without additional privileges.

e.g.

CONVERT_COMMANDS="\
nerdctl pull --unpack=false ghcr.io/stargz-containers/ubuntu:22.04-org && \
nerdctl image convert --estargz --oci ghcr.io/stargz-containers/ubuntu:22.04-org ubuntu:esgz && \
nerdctl save ubuntu:esgz > /out/image.tar" ; docker run -v /tmp/testimg/:/out/ --rm --entrypoint=/bin/sh -t nerdctl -c "containerd & sleep 1 && ${CONVERT_COMMANDS}"
gciria commented 1 month ago

oh this is exactly what I'm looking for. Thanks @ktock , it worked!