earthly/buildkitd
. This guide is intended to help you identify if you might benefit from this configuration, and to help you set it up correctly.docker
/dockerd
is missing, or you lack sufficient privileges, or it is simply not powerful enough)8371-8373
to communicate, so these should be open and available.earthly/buildkitd
daemon as a remotely available daemon, you will need to start the container yourself. See our configuration docs for more details on all the options available; but here are the ones you need to know:EARTHLY_TMP_DIR
EARTHLY_TMP_DIR
. If you do not, buildkitd
can consume excessive disk space, operate very slowly, or it might not function correctly.EARTHLY_TMP_DIR
as a Docker volume results in the following error:emptyDir
worked.EARTHLY_TMP_DIR
and whether WITH DOCKER
worked well for you.BUILDKIT_TCP_TRANSPORT_ENABLED
buildkitd
to listen on port 8372
. If you would like it to be externally available on a different port, you will need to handle that at the port mapping level. TCP is required for remotely sharing a daemon.BUILDKIT_TLS_ENABLED
true
for all daemons that will handle production workloads. This daemon by design is an arbitrary code execution machine, and running it without any kind of mTLS configuration is not recommended./etc/*.pem
).earthly/buildkitd
daemon. However, when relying on a remote earthly/buildkitd
instance, Earthly will not attempt to manage this daemon. Here are the configuration options needed to use a remote instance:buildkit_host
tcp://my-cool-remote-daemon:8372
. If the hostname is considered to be a "local" one, Earthly will fall back to the Local-Remote behaviors described below. For reference; all IPv6 Loopback addresses, 127.0.0.1
, and [localhost](http://localhost)
are considered to be "local". The machine's hostname is not considered "local".tlsca
/ tlscert
/ tlskey
~/.earthly/config.yaml
, unless absolute paths are specified.tls_enabled
true
when using TLS is desired.tls_enabled
).tcp://127.0.0.1:8372
. This is a great way to test some of the remote capabilities without having to generate certificates or manage a separate machine.