docker/buildkit 构建问题

docker ci buildkit

字数统计: 500阅读时长: 2 min

 2023/05/05 

环境背景： ack集群，gitlab-runner 运行在k8s中

早上一来同事告诉我好几个项目CI构建都在构建镜像阶段失败

查看日志如下：

$ buildctl-daemonless.sh  --debug  build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --output type=image,name=${IMAGE_TAG},push=true --opt    build-arg:BUILD_DIR=${BUILD_ARGS}
could not connect to unix:///run/user/1000/buildkit/buildkitd.sock after 10 trials
========== log ==========
time="2022-08-18T02:24:19Z" level=warning msg="/proc/sys/user/max_user_namespaces needs to be set to non-zero."
[rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: no space left on device
sh: can't kill pid 23: No such process

内心有点懵逼，我最近也没动过CI的流程，查看了一下docker的文档，发现此错误会出现在/proc/sys/user/max_user_namespaces太小时，想看可能是凌晨时候这个k8s集群增加了一台服务器，流水线的这个pod被调度到新的机器上，查看一下新机器的max_user_namespaces，比较偷懒，没有登陆服务器，直接在阿里云控制台远程执行，如下：

max_user_namespaces值果真是0，使用如下命令修改：

1 2	sudo echo "user.max_user_namespaces=28633" >> /etc/sysctl.conf sudo sysctl --system

再次构建命令发现如下报错：

$ buildctl-daemonless.sh  --debug  build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --output type=image,name=${IMAGE_TAG},push=true --opt    build-arg:BUILD_DIR=${BUILD_ARGS}
could not connect to unix:///run/user/1000/buildkit/buildkitd.sock after 10 trials
========== log ==========
time="2022-08-18T02:37:32Z" level=info msg="auto snapshotter: using fuse-overlayfs"
time="2022-08-18T02:37:32Z" level=warning msg="NoProcessSandbox is enabled. Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace. NoProcessSandbox should be enabled only when the BuildKit is running in a container as an unprivileged user."