How to build a multi architecture container using rootless nerdctl

nerdctl rootless buildkit

3 min read | by Jordi Prats

One of the great things about using nerdctl is that it does not try to include everything you might need. This means that if you try to build a container using nerdctl you'll realize you still need to install the buildkit (unless you have installed the "nerdctl-full" version)

Moreover it's something you don't actually need to have installed locally:

$ nerdctl build --help | grep buildkit Build an image from a Dockerfile. Needs buildkitd to be running.  --buildkit-host string BuildKit address [$BUILDKIT_HOST] (default "unix:///run/user/1000/buildkit/buildkitd.sock")

To install the buildkit we'll just need to go to the github releases to download the latest one. Once we have it we can install it to $HOME/.local for a rootless setup (notice I have skipped the bin directory, the tarball already includes this directory)

$ tar xzf buildkit-v0.9.3.linux-amd64.tar.gz -C $HOME/.local

Once we have the buildkit ready we just need to run the containerd-rootless-setuptool.sh install-buildkit script to properly setup the rootless buildkitd:

$ containerd-rootless-setuptool.sh install-buildkit [INFO] Creating "/home/jprats/.config/systemd/user/buildkit.service" [INFO] Starting systemd unit "buildkit.service" + systemctl --user start buildkit.service + sleep 3 + systemctl --user --no-pager --full status buildkit.service  buildkit.service - BuildKit (Rootless)  Loaded: loaded (/home/jprats/.config/systemd/user/buildkit.service; disabled; vendor preset: enabled)  Active: active (running) since Tue 2022-02-08 22:53:21 CET; 3s ago  Main PID: 226269 (buildkitd)  CGroup: /user.slice/user-1000.slice/user@1000.service/buildkit.service  └─226269 buildkitd feb 08 22:53:21 croscat.pet2cattle.com systemd[2314]: Started BuildKit (Rootless). feb 08 22:53:21 croscat.pet2cattle.com containerd-rootless-setuptool.sh[226269]: time="2022-02-08T22:53:21+01:00" level=info msg="auto snapshotter: using overlayfs" feb 08 22:53:21 croscat.pet2cattle.com containerd-rootless-setuptool.sh[226269]: time="2022-02-08T22:53:21+01:00" level=info msg="found worker \"5obttyihmgwff32lu0mafhkwp\", labels=map[org.mobyproject.buildkit.worker.executor:oci org.mobyproject.buildkit.worker.hostname:croscat.pet2cattle.com org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/386]" feb 08 22:53:21 croscat.pet2cattle.com containerd-rootless-setuptool.sh[226269]: time="2022-02-08T22:53:21+01:00" level=warning msg="rootless mode is not supported for containerd workers. disabling containerd worker." feb 08 22:53:21 croscat.pet2cattle.com containerd-rootless-setuptool.sh[226269]: time="2022-02-08T22:53:21+01:00" level=info msg="found 1 workers, default=\"5obttyihmgwff32lu0mafhkwp\"" feb 08 22:53:21 croscat.pet2cattle.com containerd-rootless-setuptool.sh[226269]: time="2022-02-08T22:53:21+01:00" level=warning msg="currently, only the default worker can be used." feb 08 22:53:21 croscat.pet2cattle.com containerd-rootless-setuptool.sh[226269]: time="2022-02-08T22:53:21+01:00" level=info msg="running server on /run/user/1000/buildkit/buildkitd.sock" + systemctl --user enable buildkit.service Created symlink /home/jprats/.config/systemd/user/default.target.wants/buildkit.service  /home/jprats/.config/systemd/user/buildkit.service. [INFO] Installed "buildkit.service" successfully. [INFO] To control "buildkit.service", run: `systemctl --user (start|stop|restart) buildkit.service`

And that's it! To build a a multi architecture container using nerdctl we just need to specify the platforms we want to use using the --platform flag as follows:

nerdctl build --platform linux/arm/v7,linux/arm64,linux/amd64 -t multiarchdemo .

We can also build a multi architecture using docker's buildx, but we must admit nerdctl has an edge on this, it's much easier to setup.

Posted on 09/02/2022

Categories