envdenvd Contexts
This guide shows how contexts make it easy for a single envd CLI to manage multiple builder instances. You can also use envd to build the images in CI/CD systems with the help of envd contexts.
A single envd CLI can have multiple contexts. Each context contains the endpoint and security information required to manage different builder instances. A builder instance is responsible for building images and storing the building cache. A builder instance runs a separate buildkit daemon.
The docker context command makes it easy to configure these contexts and switch between them.
The anatomy of a context
There are the properties of a context:
name: name of the contextbuilder: type of the builder instance (docker-container,kube-pod,tcp)builder-addr: builder instance endpointrunner: type of the runner instance (docker,envd-server)runner-addr: runner instance endpoint
Viewing the default context is the easiest way to see what a context looks like.
$ envd context ls
CONTEXT BUILDER BUILDER ADDR
default (current) docker-container docker-container://envd_buildkitdThis shows the default context. envd bootstraps a builder container instance envd_buildkitd in Docker, and uses it to execute all envd commands.
The builder is used to build envd images. And the runner is to run envd environments. There are two types of runner: docker and envd-server. envd-server is an experimental runner to run envd environments on Kubernetes.
Create a new context
A new context can be created with the envd context create command.
$ envd context create --name demo \
--builder-address buildkitd-demo --use --builder docker-container \
--runner docker
INFO[2022-08-15T15:33:24+08:00] Context demo is created
INFO[2022-08-15T15:33:24+08:00] Current context is now "demo"The argument --use switches to the newly created context. Then all the commands issued by envd will run in the new context.
Or you can use envd context use command to switch between the existing contexts.
Remove a context
A context can be removed with the envd context rm command.
$ envd context rm --name demoRemote build (Advanced)
The builder instance buildktid can be run on a remote machine. There are some benefits:
- No need to install Docker: You don't need to install Docker on CI/CD machines or the remote builder machines.
- Faster build: The cache can be shared in different builds, Thus it will be faster to get the envd images.
- Safer deployment: The secret keys and tokens are stored in the builder machine. Programs in CI/CD builds cannot access them.
Start remote buildkitd on builder machine
Before you run envd remote build, please start the buildkitd and expose it as a TCP service on the remote machine. You can have a look at the buildkitd docs for more details.
$ buildkitd \
--addr tcp://0.0.0.0:8888
...The process should be long-running on the machine. All builds use this service.
TIP
By default, buildkitd will set the cache limit size to 10% of your disk space. It will trigger the garbage collection after exceeding this limit. You can customize this by modifying the worker.oci.gckeepstorage or worker.containerd.gckeepstorage in the buildkitd.toml file. For more information, check the buildkit config.
Create envd context in build job
Then, let's create the corresponding envd context in the build job.
$ envd context create --name remote-context \
--builder tcp \
--builder-address <remote-machine-ip>:8888 \
--useBuild and push the image in build job
Then you can build and push the image in the build job.
$ envd build --output type=image,name=docker.io/<username>/<image>,push=trueRootless Mode
BuildKitd requires running as root by default. If you are concerned about security, or privileged containers are forbidden in your environment, you may consider running BuildKitd in rootless mode.
- run BuildKitd on the host: you need to use the rootlesskit
rootlesskit buildkitd- run BuildKitd in the container
docker run \
--name buildkitd \
-d \
--security-opt seccomp=unconfined \
--security-opt apparmor=unconfined \
--device /dev/fuse \
moby/buildkit:rootless --oci-worker-no-process-sandbox- run BuildKitd in the Kubernetes cluster: please refer to the Kubernetes manifests for BuildKit Document