Skip to content

Instantly share code, notes, and snippets.

@itroyano

itroyano/tilt-podman-how-to.md

Forked from bentito/tilt-podman-how-to.md
Last active May 16, 2024 13:44
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save itroyano/bfa5a2bd4d8cb78f88764086c8a20410 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save itroyano/bfa5a2bd4d8cb78f88764086c8a20410 to your computer and use it in GitHub Desktop.
Download ZIP
Hack podman to work with tilt
Raw
tilt-podman-how-to.md

Following is for an M1 MacBook Pro (not sure how much that matters but)

Other specs (again, not sure how much they matter):

podman --version
podman version 5.0.1
tilt version
v0.33.12, built 2024-03-28

start Kind with a local registry. Just use the regular Kind with registry script

here's a modified script for podman -

#!/bin/sh
set -o errexit

# 1. Create registry container unless it already exists
reg_name='kind-registry'
reg_port='5001'
if [ "$(podman inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != 'true' ]; then
  podman run \
    -d --restart=always -p "127.0.0.1:${reg_port}:5000" --network bridge --name "${reg_name}" \
    registry:2
fi

# 2. Create kind cluster with containerd registry config dir enabled
# TODO: kind will eventually enable this by default and this patch will
# be unnecessary.
#
# See:
# https://github.com/kubernetes-sigs/kind/issues/2875
# https://github.com/containerd/containerd/blob/main/docs/cri/config.md#registry-configuration
# See: https://github.com/containerd/containerd/blob/main/docs/hosts.md
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
featureGates:
  "ValidatingAdmissionPolicy": true
runtimeConfig:
  "admissionregistration.k8s.io/v1beta1": true
containerdConfigPatches:
- |-
  [plugins."io.containerd.grpc.v1.cri".registry]
    config_path = "/etc/containerd/certs.d"
EOF

# 3. Add the registry config to the nodes
#
# This is necessary because localhost resolves to loopback addresses that are
# network-namespace local.
# In other words: localhost in the container is not localhost on the host.
#
# We want a consistent name that works from both ends, so we tell containerd to
# alias localhost:${reg_port} to the registry container when pulling images
REGISTRY_DIR="/etc/containerd/certs.d/localhost:${reg_port}"
for node in $(kind get nodes); do
  podman exec "${node}" mkdir -p "${REGISTRY_DIR}"
  cat <<EOF | podman exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
[host."http://${reg_name}:5000"]
EOF
done

# 4. Connect the registry to the cluster network if not already connected
# This allows kind to bootstrap the network but ensures they're on the same network
if [ "$(podman inspect -f='{{json .NetworkSettings.Networks.kind}}' "${reg_name}")" = 'null' ]; then
  podman network connect "kind" "${reg_name}"
fi

# 5. Document the local registry
# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: local-registry-hosting
  namespace: kube-public
data:
  localRegistryHosting.v1: |
    host: "localhost:${reg_port}"
    help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
EOF

You'll need to disable secure access on local kind registry:

podman inspect kind-registry --format '{{.NetworkSettings.Ports}}' With the port you find for 127.0.0.1 edit the config file:

podman machine ssh

sudo vi /etc/containers/registries.conf.d/100-kind.conf

Should look like:

[[registry]]
location = "localhost:5001"
insecure = true

Must export DOCKER_HOST

export DOCKER_HOST=unix:///var/run/docker.sock

Start tilt with:

DOCKER_BUILDKIT=0 tilt up

I did a few other things but I hope they're not relevant:

sudo podman-mac-helper install

podman machine stop/start

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment