VIPER and the (potentially to-be-removed) Executor feature require being able to start containers. If we encapsulate EDGAR itself in a container, this is not anymore possible.
Possible solutions:
- Use Podman (need to test whether it can spawn nested containers).
Downside: VIPER uses bollard for managing containers, which might not support Podman without using a socket.
- Pass the Docker socket into the EDGAR container and put EDGAR into the
docker group to allow access.
Downside: Not great for isolation.
Docker-in-Docker
→ Will not work, because VIPER allows for container volumes to be configured, which are not supported with Docker-in-Docker.
VIPER and the (potentially to-be-removed) Executor feature require being able to start containers. If we encapsulate EDGAR itself in a container, this is not anymore possible.
Possible solutions:
Downside: VIPER uses
bollardfor managing containers, which might not support Podman without using a socket.dockergroup to allow access.Downside: Not great for isolation.
Docker-in-Docker→ Will not work, because VIPER allows for container volumes to be configured, which are not supported with Docker-in-Docker.