Skip to content

Commit

Permalink
Fix feedback for remote driver guide
Browse files Browse the repository at this point in the history
Signed-off-by: Justin Chadwell <[email protected]>
  • Loading branch information
jedevc committed May 10, 2022
1 parent e57a6b1 commit 61b72ba
Showing 1 changed file with 18 additions and 12 deletions.
30 changes: 18 additions & 12 deletions docs/guides/remote-builder.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,16 @@ Then launch an instance of buildkitd:
$ sudo ./buildkitd --group $(id -gn) --addr unix://$HOME/buildkitd.sock
```

This will setup a socket in your home directory that you have read-write
permissions to.
In this example, we run buildkitd as the root user, however, in the real world,
you should prefer [rootless mode](https://github.com/moby/buildkit/blob/master/docs/rootless.md)
where possible. You may also choose to configure [systemd to start and manage buildkit](https://github.com/moby/buildkit/tree/master/examples/systemd)
for you.

You should now have a unix socket accessible to your user, that is available to
connect to:

```console
$ ls -lh
$ ls -lh /home/user/buildkitd.sock
srw-rw---- 1 root user 0 May 5 11:04 /home/user/buildkitd.sock
```

Expand Down Expand Up @@ -73,11 +78,12 @@ driver, to load the build result into the docker daemon)
In this scenario, we'll create a similar setup to the `docker-container`
driver, by manually booting a buildkit docker container and connecting to it
using the buildx remote driver. In most cases you'd probably just use the
`docker-container` driver directly, but imagine that for some reason you want
to manually manage the container instead of having buildx manage it for you.
`docker-container` driver that connects to buildkit through the Docker daemon,
but in this case we manually create a container and access it via it's exposed
port.

First, we need to generate certificates for buildkit - you can use the
[create-certs.sh](https://github.com/moby/buildkit/blob/master/examples/kubernetes/create-certs.sh)
[create-certs.sh](https://github.com/moby/buildkit/v0.10.3/master/examples/kubernetes/create-certs.sh)
script as a starting point. Note, that while it is *possible* to expose
buildkit over TCP without using TLS, it is **not recommended**, since this will
allow arbitrary access to buildkit without credentials.
Expand All @@ -89,12 +95,12 @@ $ docker run -d --rm \
--name=remote-buildkitd \
--privileged \
-p 1234:1234 \
-v $PWD/.certs:/certs \
-v $PWD/.certs:/etc/buildkit/certs \
moby/buildkit:latest \
--addr tcp://0.0.0.0:1234 \
--tlscacert /certs/ca.pem \
--tlscert /certs/daemon-cert.pem \
--tlskey /certs/daemon-key.pem
--tlscacert /etc/buildkit/certs/ca.pem \
--tlscert /etc/buildkit/certs/daemon-cert.pem \
--tlskey /etc/buildkit/certs/daemon-key.pem
```

The above command starts a buildkit container and exposes the daemon's port
Expand All @@ -104,7 +110,7 @@ We can now connect to this running container using buildx:

```console
$ docker buildx create \
--name remote-kubernetes \
--name remote-container \
--driver remote \
--driver-opt cacert=.certs/ca.pem,cert=.certs/client-cert.pem,key=.certs/client-key.pem,servername=... \
tcp://buildkitd.default.svc:1234
Expand All @@ -122,7 +128,7 @@ between them.
Firstly, we can create a kubernetes deployment of buildkitd, as per the
instructions [here](https://github.com/moby/buildkit/tree/master/examples/kubernetes).
Following the guide, we setup certificates for the buildkit daemon and client
(as above using [create-certs.sh](https://github.com/moby/buildkit/blob/master/examples/kubernetes/create-certs.sh))
(as above using [create-certs.sh](https://github.com/moby/buildkit/blob/v0.10.3/examples/kubernetes/create-certs.sh))
and create a `Deployment` of buildkit pods with a service that connects to
them.

Expand Down

0 comments on commit 61b72ba

Please sign in to comment.