Question/clarification about codercom/enterprise-base image
I'm trying to build my own base image for Coder, and I've been researching various Ubuntu base images, but since I need docker-in-docker, my main reference is the following Dockerfiles from Sysbox:
https://github.com/nestybox/dockerfiles/blob/master/ubuntu-jammy-systemd/Dockerfile
https://github.com/nestybox/dockerfiles/blob/master/ubuntu-jammy-docker/Dockerfile
compared with this
https://github.com/coder/enterprise-images/blob/main/images/base/Dockerfile.ubuntu
1. Is there a specific reason why
containerd-io is downgraded, when compared to sysbox image, which installs it from apt-get?
2. Why does sysbox install libsystemd0, dbus, iptables, iproute2, kmod, udev, but it's missing from Coder?
3. In sysbox image, some services are disabled, but not in Coder? (might be related to #2)
4. Sysbox makes use of STOPSIGNAL and ENTRYPOINT for systemd, but Coder doesn't?
Maybe I'm missing some inside-image processing details (like Coders init.sh script?)
Unrelated, but - about Homebrew, if I understand correctly, it's a package manager with broad OS support which can run without user privileges. Assuming a user runs a workspace instance with /home attached as a volume, would brew installed packages persist container destructions? Because that could solve user personalization problems a lot of people are having 😁
I apologize for these wildly technical questions, but I'd love to learn the process of Coder and better understand it 😅
Thank you!2 Replies
1. there was a bug with sysbox where newer versions of containerd couldn't run inside of sysbox. we pinned it to the last working version
2. since we're not running systemd in normal containers, they're unnecessary
3. same as above
4. our image is a bit more versatile in the sense it can run in or out of sysbox, so we don't use systemd as the entrypoint, since that only works in sysbox
as for the homebrew q, for docker based dev envs you normally want to include everything you need in the Dockerfile, rather than installing it once inside the container
Thanks Colin, it's clearer now