#Using _EXPERIMENTAL_DAGGER_RUNNER_HOST=kube-pod://<address> from a container

Hello, I'm trying understand the expectations for using this method of connecting to engine pods from a client running in a container. I have the CLI installed in an image along with a valid kubeconfig. However when I run commands I either get an indefinitely hanging

connect: starting engine

Or in the case of my CI system (Codefresh) I get this weird panic (see attached). There is nothing in the docs (https://docs.dagger.io/194031/kubernetes/) that specifies a socket must be mounted, but it also doesn't specify that kubectl is a dependency to use this method. All of the docs and examples I can find require mounting the socket from the host volume where engines are running. Any advice?

When kube-pod:// is used, the assumption is that kubectl is available in the context where the Dagger CLI is running. kubectl must be able to connect to the K8s cluster where Dagger Engine is running.

Here is an discussion from November 2023 which talks about a self-contained script that demos the integration: #1176841586089398292 message

If you have:

1. kubectl available locally & connected to a K8s cluster
2. dagger v0.9.3 available locally

Then the attached script - dok.sh - should work exactly like the attached screenshot (re-posted from the linked discussion).

when I run this image and mount a kubeconfig, kubectl works and I can correctly set the env var. however when I try to call anything the commands just hang in the connecting phase

what RBAC permissions are required when using this feature? the kubeconfig I am mounting in this example is very limited in scope...

yes, this appears to be a problem. there are some permissions missing from the serice account used in the mounted kubeconfig

Great to know that you are making progeress with this! Let us know when you have it figured out. I would very much like us to improve the K8s guide with your findings. cc @quaint nebula

Yup, sounds good!

according to https://github.com/moby/buildkit/tree/master/examples/kubernetes#pod all you need is pods/exec. This is fairly self-evident, I had just used the wrong RBAC template.

for setups like mine, where caching is not so much of an issue, it would be helpful to document that it is possible to just setup a standard headless service and connect to one of the daemonset pods.

I could open an issue in the main repo with some suggestions if that would be helpful

That would be very appreciated. Thank you!

Agreed. Thank you!