Lukas Hoehl

Currently the installation of docker is done via package manager and run via systemd. If we refactor, we must provide a distro-unspecific way of installing and starting the runtime. The...

Ah copied out the first part 🙄 I wanted to state, that currently the only supported OS is ubuntu/debian because colima installs runtimes via APT package manager. That's why there's...

During my development on this PR, I ran more and more into duplications with established isolation tools like runc and crun. Is it maybe worth considering investing into using those...

> > During my development on this PR, I ran more and more into duplications with established isolation tools like runc and crun. Is it maybe worth considering investing into...

Glad you asked, since this is a draft PR I'm not 100% settled on the final implementation, but the current idea is the following: 1. Unpack Rootfs of image into...

This is an issue that's not tight to the kaniko image itself. Because kaniko uses the /kaniko directory as the directory to build the container image, nothing inside /kaniko will...

Kaniko currently relies on being run as root. Rootless execution is currently not implemented since it would need executing inside user namespace and map uids/gids.

I don't think that running as non-root is currently on the roadmap. If you really need rootless execution for builds of dockerfiles, I would use [buildah](https://buildah.io/).

Sounds alot like this issue: https://github.com/containers/buildah/issues/4049

Is your service account that runs the image updater pod configured with an IAM role in AWS? Image Updater needs to have a valid web session token (via IRSA) which...