< rhythmic glass 66959> < curved manchester 66006> hey folks Pants #development

<@U03PHS2TJLV>, <@U0JCDG9LY>: hey folks! do you ha...

witty-crayon-22786

03/29/2023, 5:47 PM

@rhythmic-glass-66959, @curved-manchester-66006: hey folks! do you have some time to talk about https://github.com/pantsbuild/pants/issues/14395 ?

witty-crayon-22786

03/29/2023, 5:47 PM

i’d like to get a better understanding of the motivations / use cases, since there are lots of potential paths for that one.

witty-crayon-22786

03/29/2023, 5:53 PM

is the primary motivation just avoiding docker-in-docker? what environments are you (interested in) running in?

curved-manchester-66006

03/29/2023, 7:16 PM

I'm using GitLab with both public SaaS and internal (currently on k8s ) "runners" in GitLab parlance https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker I think "avoiding docker-in-docker" is a fair summary. I was surprised to realize from the tone of the GitLab docs that dind worked at all for the public runners (the internal lore for why we used kaniko was that dind "didn't work"), and that the internal runners have

--docker-privileged

is I suspect not something the ops team wold find ideal. We also have a bunch of variants of --tls=false for talking to the daemon set and no one is quite sure why they are needed. So today it sort of works, but feels like a house of cards. My impression -- which could be wrong! -- is that avoiding docker-in-docker is the Right Thing To Do and would sweep all those problems away. But perhaps it is just a different set of problems.

2 Views

Open in Slack

Previous Next