[Question] How to build an image inside kubernix?

[PanAeon]

Hi,
first of all thank you for your excellent work! This is really amazing that now we can bring up a whole kubernetes cluster in a sandbox with a single command!
I've got a newbie question though, how do you actually build an image inside of the kubernix cluster? I've tried to install podman, but I'm not sure how to configure it so it is aware of the crio service used by the kubernix.
Maybe we can add section in the Readme with steps describing how to build images?

[saschagrunert]

Hey, thank you for the nice feedback, I really appreciate it! 🙏

Yeah adding it to the docs might be a good starting point. Generally when building container images inside containers we have to choose the vfs storage driver (configured in /etc/containers/storage.conf or via the CLI flag). The rest is a matter of available capabilities which may be blocked by seccomp or AppArmor profiles. It is also a matter of configured Pod Security Policies (none in Kubernix), so we probably could sum that up.

When I build container images in Kubernetes I usually choose buildah and set the --isolation=chroot (works with podman build too), which removes the necessity to have SYS_ADMIN capability to be able to use the mount(2) syscall.