https://vo.rs/tags/ci-cd/Ci-Cd - Tag - vo.rsHugo -- gohugo.ioenThis work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.Mon, 07 Jul 2025 11:00:00 +0000https://vo.rs/story/dagger-ci-cd-pipelines-as-code-that-run-anywhere/<p>The single most demoralising thing about CI is the feedback loop. You edit a YAML file, push, wait three minutes for a runner to spin up, watch it fail on a typo, fix the typo, push again. Repeat until either the pipeline goes green or you go home. The pipeline only exists inside the CI provider, so the <em>only</em> way to run it is to use the CI provider. Dagger&rsquo;s whole pitch is that this is daft, and they&rsquo;re right.</p>Mon, 07 Jul 2025 11:00:00 +0000https://vo.rs/story/kaniko-building-container-images-inside-kubernetes/<p>There is an awkward chicken-and-egg problem at the heart of running CI inside Kubernetes: you want to build container images, but the traditional way to build a container image is to run <code>docker build</code>, and <code>docker build</code> needs a Docker daemon, and a Docker daemon needs root and a bunch of kernel features that you really, really should not be handing to a CI pod. The old hack — mounting the host&rsquo;s Docker socket into the build pod — is the security equivalent of leaving your front door open because the lock is fiddly. Anything that can talk to that socket effectively owns the node.</p>Thu, 21 Nov 2024 14:00:00 +0000