Workgroup:Container: Difference between revisions

From NixOS Wiki
imported>Profpatsch
m skopeo description
old source is 404, new source is different, not a Dockerfile
 
(18 intermediate revisions by 7 users not shown)
Line 1: Line 1:
{{outdated|Other than site-wide fixes, this page has not seen recent updates.}}
We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem.
We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem.


Line 4: Line 5:


* [[User:Profpatsch|Profpatsch]]
* [[User:Profpatsch|Profpatsch]]
* [[User:nlewo|Lewo]]
* [[User:moretea|MoreTea]]


== Tooling ==
== Tooling ==


* [https://www.opencontainers.org/ opencontainers.org]
* [https://www.opencontainers.org/ opencontainers.org]
** [https://github.com/opencontainers/runc runc]: spawn and run OCI containers
** [https://github.com/opencontainers/runc runc]: spawn and run OCI containers (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/runc/default.nix runc])
** [https://github.com/opencontainers/image-spec image-spec]: container image specification
** [https://github.com/opencontainers/image-spec image-spec]: container image specification
** [https://github.com/opencontainers/runtime-spec runtime-spec]: container runtime specification
** [https://github.com/opencontainers/runtime-spec runtime-spec]: container runtime specification
** [https://github.com/opencontainers/image-tools image-tools]: tools for working with the image-spec
** [https://github.com/opencontainers/runtime-tools runtime-tools]: tools for working with the runtime-spec
** [https://github.com/openSUSE/umoci umoci]: intends to be a complete manipulation tool for OCI images with a rootless mode
* [https://www.projectatomic.io/ projectatomic.io]
* [https://www.projectatomic.io/ projectatomic.io]
** [https://github.com/projectatomic/skopeo skopeo]: modify and inspect images on registries
** [https://github.com/projectatomic/skopeo skopeo]: modify and inspect images on registries (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/skopeo/default.nix skopeo])
** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images
** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/buildah/default.nix buildah])
* [https://github.com/containers containers Github project]: golang libraries for interacting with containers
** [https://github.com/containers/image image]: library used by skopeo
** [https://github.com/containers/oci-fetch oci-fetch]: CLI tool for fetching OCI containers over various transports
* awakesecurity
** [https://github.com/awakesecurity/hocker hocker]: fetch from docker (v2) registry and generate nix derivations
 
== Nix images ==
 
There are a few images that contain Nix with various trade-offs:
 
* [https://hub.docker.com/r/nixos/nix/ nixos/nix] ([https://github.com/NixOS/nix/blob/master/docker.nix source]) - 200 MB - Official images based on <code>pkgs.dockerTools</code>, updated automatically.
* [https://hub.docker.com/u/nixpkgs u/nixpkgs] - ([https://github.com/nix-community/docker-nixpkgs source]) - [https://github.com/nix-community/docker-nixpkgs#list-of-images various] docker images from nixpkgs, updated daily.
* [https://hub.docker.com/r/lnl7/nix/ lnl7/nix/] ([https://github.com/LnL7/nix-docker source]) - 57 MB - Images built out of a Nix derivation.
 
== Interesting threads ==
 
* https://github.com/projectatomic/buildah/issues/386: about rootless support
 
== Work In Progress ==
 
* Improve image storage in the Nix store
https://github.com/projectatomic/skopeo/issues/481
 


== Projects ==
== Projects ==
Line 25: Line 54:
A basic (pretty messy) [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/2f3877e71ea7a9a2c3cf03d4fc88931b90cad6b7/containers/postgres.nix postgres] image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary.
A basic (pretty messy) [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/2f3877e71ea7a9a2c3cf03d4fc88931b90cad6b7/containers/postgres.nix postgres] image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary.


Still to do: rabbitmq, frontend code, api, refactor, various others.
Still to do: [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/master/containers/rabbitmq.nix rabbitmq], frontend code, api, refactor, various others.


— [[User:Profpatsch|Profpatsch]] ([[User talk:Profpatsch|talk]]) 02:47, 10 February 2018 (UTC)
— [[User:Profpatsch|Profpatsch]] ([[User talk:Profpatsch|talk]]) 02:47, 10 February 2018 (UTC)
[[Category:Container]]

Latest revision as of 19:19, 14 September 2024

We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem.

People

Tooling

Nix images

There are a few images that contain Nix with various trade-offs:

Interesting threads

Work In Progress

  • Improve image storage in the Nix store

https://github.com/projectatomic/skopeo/issues/481


Projects

Self-Hosted, Minimal Docker/OSI Images

For our platform at Techcultivation we want to generate docker images for all parts of our system. Those images should come in two flavors, development (to quickly spin up local test services, with mock data) and deployment (secure/production-ready). We chose to generate these images purely out of nixpkgs code, so no binary (base) images have to be included.

The current version of the deployment code can be found on our Gitlab.

A basic (pretty messy) postgres image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary.

Still to do: rabbitmq, frontend code, api, refactor, various others.

Profpatsch (talk) 02:47, 10 February 2018 (UTC)