Rootless server deployment with no dependencies #18
Labels
enhancement
New feature or request
Comments
|
Now need to bundle Rootlesskit, Buildkit and the CNI plugins, plus any exe's that these happen to use, but hopefully they are reasonably self contained. |
|
Go very close to this with #35 Nix bundle almost works, but it creates a new user namespace (IIUC) and some capability needed by Rootlesskit gets dropped. However we maybe can patch the bundler to work around this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The server currently has three dependencies: Containerd, Buildkitd and Nerdctl. It also must run as root because Nerdctl fails to create a bridge device in rootless mode (possibly due to detach netns https://github.com/containerd/nerdctl/blob/main/docs/rootless.md#rootlesskit-network-design).
As default we want to run the server as a non-root user and not have to install or configure anything else. The user can then quickly try Ayup without messing around with these dependencies that have a lot of sharp edges or giving us root access.
The text was updated successfully, but these errors were encountered: