Skip to content

Support docker-env with cri-o runtime#22547

Open
afbjorklund wants to merge 1 commit intokubernetes:masterfrom
afbjorklund:docker-env-podman-crio
Open

Support docker-env with cri-o runtime#22547
afbjorklund wants to merge 1 commit intokubernetes:masterfrom
afbjorklund:docker-env-podman-crio

Conversation

@afbjorklund
Copy link
Copy Markdown
Collaborator

@afbjorklund afbjorklund commented Jan 25, 2026
edited
Loading

It is very similar to containerd, but with podman for cri-o instead of nerdctl for containerd. Both using ssh sockets.

There are plenty of refactoring opportunities (this is just copy/paste), for merging the nerdctl and podman support.

This will use BuildKit in a podman container, by default:

WARNING: No output specified with docker-container driver. Build result will only remain in the build cache. To push result image into registry use --push or to load image into docker use --load
...
 => => pulling image moby/buildkit:buildx-stable-1
 => => creating container buildx_buildkit_default

To switch to the legacy buildah, use DOCKER_BUILDKIT=0:

DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            BuildKit is currently disabled; enable it by removing the DOCKER_BUILDKIT=0
            environment-variable.
....

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Jan 25, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: afbjorklund
Once this PR has been reviewed and has the lgtm label, please assign prezha for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jan 25, 2026
@afbjorklund

This comment was marked as duplicate.

Sign in to view
@medyagh medyagh added the ok-to-extra-test test extra environments label Jan 25, 2026
This was referenced Jan 25, 2026
Open
Open
Open
medyagh
medyagh reviewed Jan 25, 2026
View reviewed changes
Comment thread cmd/minikube/cmd/docker-env.go
@medyagh medyagh requested a review from Copilot January 25, 2026 21:42
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for using docker-env command with the cri-o runtime, mirroring the existing experimental support for containerd. The implementation uses podman (via podman.socket) for cri-o, similar to how nerdctl is used for containerd, both utilizing SSH sockets for communication.

Changes:

  • Added startPodmand function to enable podman.socket and configure DOCKER_HOST for cri-o runtime
  • Extended docker-env command to support cri-o runtime with experimental warning
  • Removed overly restrictive runtime validation that prevented non-docker/containerd runtimes

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.

File Description
cmd/minikube/cmd/start.go Added startPodmand function to start podman.socket and configure environment for cri-o runtime support
cmd/minikube/cmd/docker-env.go Extended runtime support to include cri-o, added conditional logic to call startPodmand for cri-o, and removed restrictive validation
Comments suppressed due to low confidence (1)

cmd/minikube/cmd/docker-env.go:685

  • The removal of runtime validation for docker and containerd needs to be replaced with appropriate validation. While the function now checks for containerd with Docker driver compatibility at line 682-683, there's no equivalent driver validation for CRIO runtime. According to the PR description and the similar containerd implementation, CRIO should also only be supported with the Docker driver. Consider adding a similar check for CRIO.
func dockerEnvSupported(containerRuntime, driverName string) error {
	// we only support containerd-env on the Docker driver
	if containerRuntime == constants.Containerd && driverName != driver.Docker {
		return fmt.Errorf("the docker-env command only supports the containerd runtime with the docker driver")
	}
	return nil

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread cmd/minikube/cmd/start.go Outdated
Comment thread cmd/minikube/cmd/docker-env.go Outdated
Comment thread cmd/minikube/cmd/start.go
Comment thread cmd/minikube/cmd/docker-env.go Outdated
Comment thread cmd/minikube/cmd/start.go Outdated
Comment thread cmd/minikube/cmd/start.go Outdated
@afbjorklund afbjorklund force-pushed the docker-env-podman-crio branch 2 times, most recently from 124dcfd to cebcabb Compare January 26, 2026 16:45
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jan 26, 2026
@afbjorklund afbjorklund requested a review from medyagh January 26, 2026 16:45
@afbjorklund afbjorklund force-pushed the docker-env-podman-crio branch from cebcabb to 84f0cc1 Compare January 26, 2026 17:29
@afbjorklund
Copy link
Copy Markdown
Collaborator Author

afbjorklund commented Jan 26, 2026
edited
Loading

The test is failing, because the old host key has been stored in the image unfortunately.

image

TestDockerEnvCrio

error during connect: Get "http://docker.example.com/v1.51/version": command [ssh -l docker -p 32773 -o ConnectTimeout=30 -T -- 127.0.0.1 docker system dial-stdio] has exited with exit status 255, make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=Host key verification failed.

EDIT: No idea why it didn't fail for containerd already? Looks the test is missing, for docker-containerd

TestDockerEnvContainerd

@afbjorklund
Copy link
Copy Markdown
Collaborator Author

afbjorklund commented Jan 26, 2026

Aargh, yet another runtime-specific hack:

                        // TODO: refactor to work with docker, temp fix to resolve regression
                        if cr == constants.Containerd {
                                // eventually, run something similar to ssh --append-known
                                appendKnownHelper(nodeName, true)
                        }

@afbjorklund afbjorklund force-pushed the docker-env-podman-crio branch from 84f0cc1 to 0248b15 Compare January 26, 2026 21:15
@afbjorklund
Support docker-env with cri-o runtime
c3edc50 
It is very similar to containerd, but with podman for cri-o
instead of nerdctl for containerd. Both using ssh sockets.
@afbjorklund afbjorklund force-pushed the docker-env-podman-crio branch from 0248b15 to c3edc50 Compare January 26, 2026 21:39
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Jan 26, 2026
edited
Loading

@afbjorklund: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
integration-none-containerd-linux-x86 124dcfd link false /test integration-none-containerd-linux-x86
integration-none-docker-linux-x86 124dcfd link true /test integration-none-docker-linux-x86
integration-docker-containerd-linux-x86 124dcfd link true /test integration-docker-containerd-linux-x86
integration-docker-containerd-linux-arm 124dcfd link false /test integration-docker-containerd-linux-arm
integration-docker-docker-linux-x86 124dcfd link true /test integration-docker-docker-linux-x86
integration-docker-docker-linux-arm 124dcfd link true /test integration-docker-docker-linux-arm
integration-docker-crio-linux-x86 124dcfd link false /test integration-docker-crio-linux-x86
integration-kvm-crio-linux-x86 124dcfd link false /test integration-kvm-crio-linux-x86
integration-kvm-docker-linux-x86 124dcfd link true /test integration-kvm-docker-linux-x86
integration-kvm-containerd-linux-x86 124dcfd link true /test integration-kvm-containerd-linux-x86
pull-minikube-docker-containerd-linux-arm c3edc50 link false /test pull-minikube-docker-containerd-linux-arm
pull-minikube-docker-docker-linux-arm c3edc50 link true /test pull-minikube-docker-docker-linux-arm
pull-minikube-docker-containerd-linux-x86 c3edc50 link true /test pull-minikube-docker-containerd-linux-x86
pull-minikube-docker-docker-linux-x86 c3edc50 link true /test pull-minikube-docker-docker-linux-x86
pull-minikube-docker-crio-linux-x86 c3edc50 link false /test pull-minikube-docker-crio-linux-x86
pull-minikube-kvm-docker-linux-x86 c3edc50 link true /test pull-minikube-kvm-docker-linux-x86

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

bhavyaBeliever
bhavyaBeliever reviewed Jan 29, 2026
View reviewed changes
Comment thread cmd/minikube/cmd/start.go

// set up environment variable on remote machine. docker client uses 'non-login & non-interactive shell' therefore the only way is to modify .bashrc file of user 'docker'
// insert this at 4th line
envSetupCommand := exec.Command("/bin/bash", "-c", "sed -i '4i export DOCKER_HOST=unix:///run/podman/podman.sock' .bashrc")
Copy link
Copy Markdown

@bhavyaBeliever bhavyaBeliever Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@afbjorklund This line always adds export DOCKER_HOST=unix:///run/podman/podman.sock in the .bashrc file everytime when minikube docker-env gets executed. Can we check by first by echo $DOCKER_HOST

Copy link
Copy Markdown

@bhavyaBeliever bhavyaBeliever Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in the PR #22577 for the function startNerdctld we have implemented the above suggestion.
Link for the implementation: link

Copy link
Copy Markdown
Collaborator Author

@afbjorklund afbjorklund Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah. as I mentioned it was just copied. Probably would be a good thing to refactor these helpers

@bhavyaBeliever bhavyaBeliever mentioned this pull request Feb 20, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ComradeProgrammer ComradeProgrammer Awaiting requested review from ComradeProgrammer

@medyagh medyagh Awaiting requested review from medyagh

+1 more reviewer

@bhavyaBeliever bhavyaBeliever bhavyaBeliever left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-extra-test test extra environments size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@afbjorklund @k8s-ci-robot @medyagh @bhavyaBeliever