Description
Background & motivation
One of the services we have needs to be able to spawn containers to perform some ephemeral work. It does that by having access to the docker engine.
The way we support this functionality in the CI, is by using dind + making it privileged, and the way we support this in the regular deployment (with docker compose) is by giving some capability (but not privileged) and mounting the docker socket.
Desired behaviour
It would be great if Kurtosis had a way to perform the above, namely allowing one of the services to interact with the docker daemon. It can be performed by different ways, such as:
- Allowing privileged access + using dind, either by also supporting mounting the docker socket or via the TCP method mentioned in the blog post
- Allowing to set CAP flags as in docker compose (so not privileged entirely) + mounting docker sock
Our current approach is to spawn that service via docker compose and then spin up the kurtosis package.
How important is this to you?
Painful; the lack of this feature makes using Kurtosis frictionful.
What area of the product does this pertain to?
CLI: the Command Line Interface