skaffold Feature Request - Support for podman builder

It would be great to have podman in the builders list.

I have also tried using podman-docker to fake docker commands to use podman in vain (as expected).

❯ skaffold build 
Generating tags...
 - azure.azurecr.io/myimage -> azure.azurecr.io/myimage:20230211_1707_3829a31
Checking cache...
 - azure.azurecr.io/myimage: Not found. Building
Starting build...
Building [azure.azurecr.io/myimage]...
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/build?buildargs=%7B%7D&cachefrom=null&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=null&memory=0&memswap=0&networkmode=&rm=0&shmsize=0&t=azure.azurecr.io%2Fmyimage%3A20230211_1707_3829a31&target=&ulimits=null&version=": dial unix /var/run/docker.sock: connect: permission denied. Docker build ran into internal error. Please retry.
If this keeps happening, please open an issue..

Feb 11 '23 17:02 vikas027

@vikas027 Thank you for filing the request, agreed this is a nice to have. Mark this as p3 at the moment, we can bump this later if we see more people ask this feature.

Feb 13 '23 19:02 ericzzzzzzz

I have a working Podman setup on macOS, and pulling/pushing images works fine with the podman CLI (to GitLab image registry). But with Skaffold, it fails:

build [...] failed: could not push image "registry.gitlab.com/...:...": trying to reuse blob sha256:... at destination: Requesting bearer token: invalid status code from registry 403 (Forbidden)

Even with useDockerCLI: true (with a dummy docker binary that calls podman instead) doesn't help – it may be ignored?!

Mar 06 '23 20:03 AndiDog

I too would like to see this feature!

@AndiDog can you share your steps on how you got yours working?

Apr 20 '23 11:04 userbradley

I meant above that Podman doesn't work well for me with Skaffold. By now, I've dropped Podman on macOS in favor of colima due to all the problems and because it's hard to contribute to the open source podman project using a Mac...

If you meant how to set up Podman, then Podman Desktop works out of the box.

Apr 21 '23 12:04 AndiDog

I was referring to this section

Even with useDockerCLI: true (with a dummy docker binary that calls podman instead) doesn't help – it may be ignored?!

How have you created a dummy binary? I though symlink but docker uses a daemon (annoyingly) so that wouldnt work

I've just moved from docker to podman, and everything other than skaffold works!

Apr 24 '23 19:04 userbradley

I second the request for Podman support. Running everything from windows with a podman machine and k3s/containerd on another wsl instance is a really good workflow, and I only miss Skaffold to make it a complete solution.

May 05 '23 12:05 Larswa

That's something that would be really important to have!

May 13 '23 20:05 sumkincpp

So I'm not sure if this is a mixture of me missing something, or something starting to work, but I will post it here.

I seem to have gotten skaffold and podman to work together?

When you start a podman machine, it gives you a command saying (paraphrased) Use this for stuff that uses docker blah blah

I tried it, and it seems to now work

export DOCKER_HOST='unix:///Users/<username>/.local/share/containers/podman/machine/qemu/podman.sock'

Note, this is on a mac

Proof of no docker installed

Skaffold file

apiVersion: skaffold/v4beta5
kind: Config
metadata:
  name: gcs-web-server
build:
  artifacts:
    - image: ghcr.io/userbradley/gcs-web-server
      context: .
      docker:
        dockerfile: Dockerfile

I am more than happy to be proved wrong on this one, as this does feel a little too good to be true

Jun 28 '23 23:06 userbradley

https://github.com/GoogleContainerTools/skaffold/issues/7078#issuecomment-1180979589

Aug 15 '23 12:08 ericzzzzzzz

#7078 (comment)

That workaround stopped working a year ago. One of skaffold's releases made it so docker doesn't use the docker remote api and always uses the docker cli https://github.com/GoogleContainerTools/skaffold/issues/7883#issue-1383230343

Sep 29 '23 09:09 foxydevloper

hi @foxydevloper the workaround is supposed to work, https://github.com/GoogleContainerTools/skaffold/issues/8430#issuecomment-1612221929 talked about the same approach 3 month ago, changing the DOCKER_HOST env variable is also suggested here https://podman-desktop.io/docs/migrating-from-docker/using-the-docker_host-environment-variable

Sep 29 '23 13:09 ericzzzzzzz

Just to clarify, even the workaround works, we're still working on this feature.

Sep 29 '23 13:09 ericzzzzzzz

@ericzzzzzzz The workaround doesn't appear to work for me on windows, it says the docker executable is required. Setting the DOCKER_HOST in podman isn't necessary since it uses the default "docker_engine" named pipe on windows anyways. Also, I don't see the need for a seperate "podman" builder since it still supports docker engine's api anyways. It'd be nice for switching from docker to podman to be able to use existing skaffold configuration that uses docker. But skaffold doesn't appear to be using the docker engine api and instead using the docker executable.

Sep 29 '23 14:09 foxydevloper

Hi @foxydevloper , Skaffold does use golang docker rest client to talk to docker host by default, unless user explicitly sets Docker useCli to true or skaffold detects that user needs cross-platform build to make the run successful.
It is possible for you to share your skaffold project setup, so we can have a better understanding of what's happening.

Sep 29 '23 15:09 ericzzzzzzz

@ericzzzzzzz The configuration is as follows:

apiVersion: skaffold/v4beta6
kind: Config
metadata:
  name: dummyproj
build:
  local:
    useDockerCLI: false # default value so shouldn't matter
  artifacts:
    - image: hello
      docker:
        dockerfile: Dockerfile
manifests:
  rawYaml:
    - hello.yaml

As you can see, I explicitly have useDockerCLI set to false. However when I run skaffold run, I get this, saying exec: "docker": executable file not found in %PATH%. Docker build ran into internal error. Please retry.: I've also tried setting "useBuildkit" to false and get the same thing. My project is simply a dockerfile, a hello.py, and a simple deployment

Sep 29 '23 15:09 foxydevloper

I sent this issue earlier: https://github.com/GoogleContainerTools/skaffold/issues/7883, which appears to be the same issue, where it's using the docker CLI instead of docker's api. It recommends downgrading to a very old version of skaffold.

Sep 29 '23 15:09 foxydevloper

ahhh.. https://github.com/GoogleContainerTools/skaffold/blob/5943bd53c3bf4c1673d080ec8daacb839bc7dfed/cmd/skaffold/app/cmd/flags.go#L719-L729 for dev, run, debug "check-cluster-node-platforms" is set to true , that will lead skaffold to use cli for build..

Could you try to set this flag to false to see if it works? skaffold run --check-cluster-node-platforms=false

Sep 29 '23 16:09 ericzzzzzzz

@ericzzzzzzz Yes, that does indeed fix it and it works perfectly.

Sep 29 '23 16:09 foxydevloper

@ericzzzzzzz Is this something that will always require this flag to work properly? it's nice there's a workaround but the expectation is that skaffold would work with anything that supports docker's api out of the box without a flag. Skaffold should at least be more clear as to why it's looking for the docker executable and recommend using the flag to opt out. I'd love for this to be improved somewhat

Sep 29 '23 16:09 foxydevloper

@foxydevloper agreed! I think the reason skaffold is doing that is mainly for corss-platform builds, by default skaffold tries to figure out what platform a image should be build for, that's why it uses target k8s cluster arch as platform, and when platform is specified, the implementation will use docker cli, probably building cross-platform image through docker rest client was not an option during that time. It should be something doable now, thank you for bring this up. I'll create an issue for it.

Sep 29 '23 17:09 ericzzzzzzz

I have a working Podman setup on macOS, and pulling/pushing images works fine with the podman CLI (to GitLab image registry). But with Skaffold, it fails:
build [...] failed: could not push image "registry.gitlab.com/...:...": trying to reuse blob sha256:... at destination: Requesting bearer token: invalid status code from registry 403 (Forbidden)

Ran into this as well on Windows, had to install the docker cli, then do docker login, which is seperate from podman's login, and skaffold push started to work. docker login says that it stored the login credentials in ~/.docker\config.json., which podman doesn't save to when logging in. Podman's equivalent directory seems to be ~/.config/containers/auth.json. It has the exact same format, so it would be nice if skaffold also used that path, instead of us having to use the docker cli to login as well.

Oct 03 '23 23:10 foxydevloper

Fedora 38, podman 4.7.2, skaffold 2.9.0 Build correctly, but deploy helm error becouse; WARN[0010] unable to extract values for IMAGE_REPO, IMAGE_TAG and IMAGE_DIGEST from image due to error:

Anyone know workaround for this?

Dec 04 '23 23:12 AlexGluck

Hi @AlexGluck , could you provide minimal reproducible project for us to get a better understanding of the problem you encountered, also you may use this https://github.com/GoogleContainerTools/skaffold/tree/639694dcfead2a825450cc9f3b4696f39d8cf961/examples/helm-deployment helm example project to verifiy if podman works on your end.

Dec 05 '23 15:12 ericzzzzzzz

@ericzzzzzzz helm version: version.BuildInfo{Version:"v3.8.2", GitCommit:"6e3701edea09e5d55a8ca2aae03a68917630e91b", GitTreeState:"clean", GoVersion:"go1.17.5"}

Example of my skaffold file:

---
apiVersion: skaffold/v3
kind: Config
metadata:
  name: local
build:
  tagPolicy:
    sha256: {}
  local:
    useBuildkit: true
  artifacts:
  - image: skaffold-helm
    docker:
      dockerfile: ./Dockerfile
deploy:
  helm:
    releases:
    - name: skaffold-helm
      chartPath: charts
      namespace: rooster
      createNamespace: true
      setValueTemplates:
        image: "{{.IMAGE_REPO_skaffold_helm}}:{{.IMAGE_TAG_skaffold_helm}}@{{.IMAGE_DIGEST_skaffold_helm}}"
...

Dec 05 '23 15:12 AlexGluck

Hi, @AlexGluck I cannot reproduce this on my Mac machine and I commented out useBuildkit as I don't have docker-cli installed, using that will direct it to use docker-cli but I don't think that is the issue. Everything works fine when I use this config with skaffold example project, is it possible for you to share a complete reproducible project or could you use -vdebug flag to get some debug log and paste it here?

Dec 05 '23 17:12 ericzzzzzzz

Full log here

 1048  git clone https://github.com/GoogleContainerTools/skaffold.git
 1049  cd skaffold/
 1050  git checkout 639694dcfead2a825450cc9f3b4696f39d8cf961
 1051  cd examples/helm-deployment
 1052  cat <<EOF > skaffold.yaml
---
apiVersion: skaffold/v3
kind: Config
metadata:
  name: local
build:
  tagPolicy:
    sha256: {}
  local:
    useBuildkit: true
  artifacts:
  - image: skaffold-helm
    docker:
      dockerfile: ./Dockerfile
deploy:
  helm:
    releases:
    - name: skaffold-helm
      chartPath: charts
      namespace: rooster
      createNamespace: true
      setValueTemplates:
        image: "{{.IMAGE_REPO_skaffold_helm}}:{{.IMAGE_TAG_skaffold_helm}}@{{.IMAGE_DIGEST_skaffold_helm}}"
...
EOF
 1053  skaffold dev -v DEBUG

Dec 05 '23 18:12 AlexGluck

I would like this feature to be made available as soon as possible.

Jan 11 '24 11:01 VINAYJAGANNATH

skaffold skaffold copied to clipboard

Feature Request - Support for podman builder

skaffold
skaffold copied to clipboard