This enables us to configure Certificate Authority, Registries and Execution Permissions
https://docs.dagger.io/manuals/administrator/custom-registry
debug = true
insecure-entitlements = ["security.insecure"]
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
[registry."your.private.registry"]
mirrors = []
https://docs.dagger.io/manuals/administrator/custom-ca
The base certificates, which can be applied to the base dagger engine
FROM your.private.registry/private-certificates:latest AS pvt
FROM registry.dagger.io/engine:v0.12.2 AS engine
COPY --from=pvt /certificates /usr/local/share/ca-certificates
Build the custom base image
docker build -t your.private.registry/mageep/custom-dagger-engine:v0.12.2 -f engine.Dockerfile .
https://docs.dagger.io/manuals/administrator/custom-runner
Start the custom engine and mount the configuration with the new base image that has our custom CA certificates
docker run -d --rm --name custom-dagger-engine --privileged --volume $PWD/engine.toml:/etc/dagger/engine.toml your.private.registry/mageep/custom-dagger-engine:v0.12.2
Smoke test - You can run GraphQL Queries directly against the Dagger Engine, as that's how it how a dagger client actually communicates with the Dagger Engine. A Dagger SDK is an SDK for the GraphQL Dagger Engine API
It should be able to pull the image from Artifacts and also not complain about the certificate being an unknown CA, as we've already built and started a custom dagger engine ✊👊
Add environment variable to tell Dagger CLI what the new engine is called.
$env:_EXPERIMENTAL_DAGGER_RUNNER_HOST
docker-container://custom-dagger-engine
'{
container {
from(address: "your.private.registry/dotnet/sdk:8.0") {
withExec(args: ["dotnet", "-h"]) {
stdout
}
}
}
}' | dagger query --progress=plain