#Gitlab runners on GKE: BuildKit errors

GKE uses containerd for executing docker image. Using this guide (https://docs.dagger.io/ci/integrations/gitlab/), I've successfully exposed containerd's socket for my Gitlab runner in k8s configuration.

Within my CI, the alpine container is privileged. I declare the following pipeline that installs nerdctl & dagger for debugging:

.dagger:
  variables:
    DAGGER_CLOUD_TOKEN: $DAGGER_CLOUD_TOKEN
  before_script:
    - |
      export PATH=/tmp:$PATH
      export _EXPERIMENTAL_DAGGER_RUNNER_HOST=unix:///var/run/containerd/containerd.sock
      export DOCKER_HOST=unix:///var/run/containerd/containerd.sock
      apk add curl nerdctl
      ln -s /usr/bin/nerdctl /usr/bin/docker
      export PATH=/tmp:$PATH
      curl -fsSL https://dl.dagger.io/dagger/install.sh | BIN_DIR=/tmp sh

check:
  extends: [.dagger]
  script:
    - |
      ls -la /var/run/containerd
      whoami
      dagger core version

The results states that I'm running as root within this container and that it can access to /var/run/containerd/containerd.sock :

...
3   : ┆ connecting to engine
4   : ┆ ┆ moby.buildkit.v1.Control/Info
4   : ┆ ┆ moby.buildkit.v1.Control/Info ERROR [0.0s]
4   : ┆ ┆ ! unknown service moby.buildkit.v1.Control
...
3   : ┆ connecting to engine ERROR [0.0s]
3   : ┆ ! new client: failed to call info: Unimplemented: unknown service moby.buildkit.v1.Control
1   : connect ERROR [0.0s]
1   : ! start engine: new client: failed to call info: Unimplemented: unknown service moby.buildkit.v1.Control
Error: start engine: new client: failed to call info: Unimplemented: unknown service moby.buildkit.v1.Control

Unfortunately, dagger is having issue with nerdctl which seems not properly configured for using the exposed containerd's socket.

Does somebody has a success to share using dagger on Gitlab runner within GKE?

👀

@cerulean ether seems to me that dagger is not being able to access the engine spawned by nerdctl / containerd

is there any chance you could ssh into the gitlab pipeline and troubleshoot something there?

@warm lantern I was trying to re-use GKE's containerd to lighten requirements and mount it so that it's available into Gitlab runner's pods. Sounds like a good idea at start but complicate to achieve. I will try a different approach and deploy a full dagger engine using your helm chat.

yeah, I imagined. It "should work" in theory, but for some reason seems like dagger doesn't seem to be able to start the engine. Having said that, if you're already running k8s, I'd still recommend going with the helm chart since it should make all the engine management part way easier than to having the dagger engine running directly in containerd