It is a little difficult to use the kubernetes driver in CI. Well, maybe in our CI it is. The short version is that we are using drone running in kubernetes. Drone does not have a clean way for us to get the permissions required to run docker buildx inspect —boostrap. We managed to get it working, but it would be more secure if the jobs didn’t have to have permissions to create the buildkit deployment. Scoping the run to only needing deployment list, pod list and pod/exec permissions would be an improvement. Is there a way to have buildx use an externally managed set of buildkit pods?
It is a little difficult to use the kubernetes driver in CI. Well, maybe in our CI it is. The short version is that we are using drone running in kubernetes. Drone does not have a clean way for us to get the permissions required to run
docker buildx inspect —boostrap. We managed to get it working, but it would be more secure if the jobs didn’t have to have permissions to create the buildkit deployment. Scoping the run to only needing deployment list, pod list and pod/exec permissions would be an improvement. Is there a way to have buildx use an externally managed set of buildkit pods?