Support buildah / imagebuilder

[pmorie]

I should be able to build a function without requiring the docker daemon, for example with buildah or podman.

[matejvasek]

@pmorie Unfortunately BuildPack doesn't work without docker. We tried podman, but without success.

[lance]

@matejvasek I've been reading up on this and I think there is a way... see: buildpacks/pack#564. I will try to summarize here after I have digested.

[matejvasek]

@lance If you think about DOCKER_HOST I tried that (and @dsimansk too) and it didn't work.

[lance]

Some notable comments from that issue.

It is possible add support for podman by running it as a service with podman system service and adding detection of podman socket containers/podman#4499 (comment) The socket is meant to be Docker-compatible. [https://github.com/buildpacks/pack/issues/564#issuecomment-609898677]

The pack CLI is intended to be a tool for running Cloud Native Buildpack builds on a local workstation that doesn't natively support containers (often Windows or macOS). While it seems reasonable to support other local container runtimes besides Docker, CI platforms that support running container images are probably better off running the lifecycle directly, without needed a nested container runtime. (This doesn't require any privileges or capabilities.) [https://github.com/buildpacks/pack/issues/564#issuecomment-609909824]

kpack is pivotal's buildpack lifecycle CLI and it does not require Docker because it uses the lifecycle directly.

the lifecycle is comparable to kaniko or other unprivileged image building tools. The pack CLI is glue code that makes it easy to use lifecycle with the Docker daemon. [link]

I think it's time we become a bit more familiar with the buildpack lifecycle spec.

[matejvasek]

kpack is for building in k8s cluster, isn't it?

[matejvasek]

podman system service -- this call to create the socket worked on older version, with newer I got:

podman system service                    
Error: unrecognized command `podman system service`
Try 'podman system --help' for more information.

[matejvasek]

@dsimansk do you recall what you have tried?

[dsimansk]

I've tried buildpacks on the following podman version. For me system service cmd works fine. However, I still got an error during image build in the neighbourhood of "NotAllowedMethod being used", I don't have the exact text handy right now.

podman version

Version:      2.1.1
API Version:  2.0.0
Go Version:   go1.14.9
Built:        Wed Sep 30 21:31:11 2020
OS/Arch:      linux/amd64

[matejvasek]

kpack is pivotal's buildpack lifecycle CLI and it does not require Docker because it uses the lifecycle directly.

the lifecycle is comparable to kaniko or other unprivileged image building tools. The pack CLI is glue code that makes it easy to use lifecycle with the Docker daemon. [link]

I think it's time we become a bit more familiar with the buildpack lifecycle spec.

OK. It should be possible, but it's not going to be as easy as alias docker=podman.

[lance]

OK. It should be possible, but it's not going to be as easy as alias docker=podman.

Agree with that for sure.

[matejvasek]

I did some digging into why podman doesn't work, since it should implement docker APIv2.

1. The APIv2 containers/(name or id)/archive endpoint is not yet implemented.
   That's why @dsimansk saw NotAllowedMethod being used.
   I am trying to address that Implement containers/{id or name}/archive api containers/podman#8126.

2. Even when the endpoint is implemented there were issue with another APIv2 endpoint,
   it wasn't returning some information. I fixed that fix: /image/{name or id}/json returns RootFS layers containers/podman#8109.

3. There was also some minor issue with some defaults value so it was't working with cgroups V1
   fix: neutral value for MemorySwappiness containers/podman#8069.

4. The pack CLI is not pushing entirely valid image tar. I believe this should be fixed in pack not in podman.
   Ephemeral builder tars are missing base image layers buildpacks/pack#925.

[lance]

@matejvasek great work!

[matejvasek]

@pmorie I made usage of podman (not buildah) possible using DOCKER_HOST envvar. Can I close this issues?

[lance]

I'm going to close this as resolved. If there are additional issues that come up with podman, we can open new issues for them.