CAPD doesn't work with rootless docker on the host

[makkes]

I just spun up a local dev environment and I'm using rootless Docker. When trying to bring up a CAPI cluster using the CAPD provider, the provider controller can't create the machines:

E0703 07:10:53.022722       1 controller.go:317] controller/dockercluster "msg"="Reconciler error" "error"="failed to create helper for managing the externalLoadBalancer: failed to list containers: failed to list containers: failed to list containers: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?" "name"="c2" "namespace"="c2" "reconciler group"="infrastructure.cluster.x-k8s.io" "reconciler kind"="DockerCluster"

This makes sense since with rootless docker the socket file is at a different location, /run/user/1001/docker.sock in my case.

One way to solve this is to mount the file pointed to by DOCKER_HOST into the kind cluster's container and fall back to /var/run/docker.sock if that env var is not set.

[makkes]

I guess this is nothing we can actually get to work without contributing changes upstream as I'm seeing errors like these in the control-plane containers, failing to spin up kubelet:

Jul 03 18:37:00 c2-control-plane-mqgjm kubelet[10495]: E0703 18:37:00.345259   10495 container_manager_linux.go:457] "Updating kernel flag failed (Hint: enable KubeletInUserNamespace feature flag to ignore the error)" err="open /proc/sys/vm/overcommit_memory: permission denied" flag="vm/overcommit_memory"

[LappleApple]

Is this issue still relevant?

[makkes]

I would suppose it still exists but I'm not able to verify that right now. I would further suppose that CAPD is rarely used with Weave GitOps and much less so with rootless Docker. It likely is a 1% case and I'm personally fine closing this as "won't fix".

[LappleApple]

Thanks Max.