Add Alpine examples with the container engines

[afbjorklund]

These are (1G) smaller than the usual Ubuntu or Fedora based

Uses the regular Alpine system packages, for the installation

---

Not sure if we want to add this to the core distribution, though.

It adds to the maintenance, and was rather straightforward?

254M	alpine-docker
1,5G	docker
197M	alpine-podman
1,3G	podman

I was just comparing it with the custom alpine-lima ISO images.

[jandubois]

I don't have strong opinions, but since we already build our own ISO, we could just create an edition that includes both docker and podman, and then use that in these templates.

I like the ISO to have everything. That way the VM starts faster. And you have the additional packages in your cache because you have the whole ISO in the cache. So deleting and recreating a machine is also faster.

Maybe we should call it the all edition? And include nerdctl etc too, given that the regular mechanism to add nerdctl with Lima doesn't work with Alpine.

[afbjorklund]

I like the ISO to have everything.

Right, that was one of the goals.

But it is not necessary for testing it out, so I put it up as a separate (alpine-lima) issue.
Most of it would be the same, just the image and the apk installation would change.

• Make editions that install the regular alpine packages alpine-lima#107

And include nerdctl etc too

The nerdctl doesn't really run without systemd, so didn't make an isolated example.
One is still available with the nerdctl daemon, but it doesn't use set-uid for nerdctl

https://github.com/afbjorklund/nerdctld/tree/main/lima

---

I think that adding everything would go against the purpose, but it could be done.
Just do something like the rd edition, and enable everything for an all build ?

The regular install won't work, both because the lack of systemd and the lack of glibc.
There are some things left to fix also in Lima, like setting up /etc/subuid etc.

• Some rootless base setup is needed even without systemd #312

lima-alpine:/home/anders$ sudo apk add nerdctl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/x86_64/APKINDEX.tar.gz
(1/6) Installing libseccomp (2.5.4-r2)
(2/6) Installing runc (1.1.7-r1)
(3/6) Installing containerd (1.7.2-r0)
(4/6) Installing containerd-openrc (1.7.2-r0)
(5/6) Installing cni-plugins (1.3.0-r0)
(6/6) Installing nerdctl (1.3.1-r1)
Executing busybox-1.36.0-r9.trigger
OK: 225 MiB in 92 packages
lima-alpine:/home/anders$ nerdctl version
WARN[0000] environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/ 
WARN[0000] environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/ 
WARN[0000] environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/ 
WARN[0000] environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/ 
FATA[0000] rootless containerd not running? (hint: use `containerd-rootless-setuptool.sh install` to start rootless containerd): environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/ 
lima-alpine:/home/anders$ containerd-rootless-setuptool.sh install
/bin/ash: containerd-rootless-setuptool.sh: not found

The podman installation works, though. The docker installation does not include the script.

podman

WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers 
ERRO[0000] cannot find UID/GID for user anders: no subuid ranges found for user "anders" in /etc/subuid - check rootless mode in man pages. 
WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user 

docker

/bin/ash: dockerd-rootless-setuptool.sh: not found

Seems like it would be possible, just that it needs some special wrapping without systemd.

[INFO] systemd not detected, dockerd-rootless.sh needs to be started manually:

PATH=/usr/local/bin:/sbin:/usr/sbin:$PATH dockerd-rootless.sh 

[INFO] Creating CLI context "rootless"
Successfully created context "rootless"
[INFO] Using CLI context "rootless"
Current context is now "rootless"

WARNING: Running in rootless-mode without cgroups. To enable cgroups in rootless-mode, you need to boot the system in cgroup v2 mode.

[afbjorklund]

Basically the Alpine packages just assume that you are running things with sudo.

While this was the standard with Docker, I'm not sure if it is "good enough" for Lima?

• Ability to choose container daemon in nerdctl.lima #311

But it seems to work, as long as you do the extra steps to set up rootless containers.

It is possible that support for doing so without systemd will go away in the future.

[afbjorklund]

Updated version, alpine-lima 0.2.32

172M	/home/anders/.lima/alpine
201M	/home/anders/.lima/alpine-podman
258M	/home/anders/.lima/alpine-docker
278M	/home/anders/.lima/alpine-nerdctl

Alpine Linux v3.18
podman version 4.5.1
Docker version 23.0.6, build ef23cbc4315ae76c744e02d687c09548ede461bd
nerdctl version 1.3.1  # containerd v1.7.2, buildkitd 0.11.6

Added help text to the nerdctl template.

• Ability to choose container daemon in nerdctl.lima #311

To run `nerdctl`, use `lima sudo nerdctl` (not `nerdctl.lima`):
------
export LIMA_INSTANCE=alpine-nerdctl
lima sudo nerdctl run ghcr.io/afbjorklund/hello-nerd
------

And "hello world" image: https://github.com/afbjorklund/hello-nerd

[afbjorklund]

Will leave these downstream, there are too many templates already.