Container workgroup: Difference between revisions
imported>Profpatsch m skopeo description |
No edit summary |
||
| (20 intermediate revisions by 8 users not shown) | |||
| Line 1: | Line 1: | ||
{{delete|reason=This workgroup may no longer be active; last page edit was before import.}} | |||
{{outdated|Other than site-wide fixes, this page has not seen recent updates.}} | |||
We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem. | We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem. | ||
| Line 4: | Line 6: | ||
* [[User:Profpatsch|Profpatsch]] | * [[User:Profpatsch|Profpatsch]] | ||
* [[User:nlewo|Lewo]] | |||
* [[User:moretea|MoreTea]] | |||
== Tooling == | == Tooling == | ||
* [https://www.opencontainers.org/ opencontainers.org] | * [https://www.opencontainers.org/ opencontainers.org] | ||
** [https://github.com/opencontainers/runc runc]: spawn and run OCI containers | ** [https://github.com/opencontainers/runc runc]: spawn and run OCI containers (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/runc/default.nix runc]) | ||
** [https://github.com/opencontainers/image-spec image-spec]: container image specification | ** [https://github.com/opencontainers/image-spec image-spec]: container image specification | ||
** [https://github.com/opencontainers/runtime-spec runtime-spec]: container runtime specification | ** [https://github.com/opencontainers/runtime-spec runtime-spec]: container runtime specification | ||
** [https://github.com/opencontainers/image-tools image-tools]: tools for working with the image-spec | |||
** [https://github.com/opencontainers/runtime-tools runtime-tools]: tools for working with the runtime-spec | |||
** [https://github.com/openSUSE/umoci umoci]: intends to be a complete manipulation tool for OCI images with a rootless mode | |||
* [https://www.projectatomic.io/ projectatomic.io] | * [https://www.projectatomic.io/ projectatomic.io] | ||
** [https://github.com/projectatomic/skopeo skopeo]: modify and inspect images on registries | ** [https://github.com/projectatomic/skopeo skopeo]: modify and inspect images on registries (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/skopeo/default.nix skopeo]) | ||
** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images | ** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/buildah/default.nix buildah]) | ||
* [https://github.com/containers containers Github project]: golang libraries for interacting with containers | |||
** [https://github.com/containers/image image]: library used by skopeo | |||
** [https://github.com/containers/oci-fetch oci-fetch]: CLI tool for fetching OCI containers over various transports | |||
* awakesecurity | |||
** [https://github.com/awakesecurity/hocker hocker]: fetch from docker (v2) registry and generate nix derivations | |||
== Nix images == | |||
There are a few images that contain Nix with various trade-offs: | |||
* [https://hub.docker.com/r/nixos/nix/ nixos/nix] ([https://github.com/NixOS/nix/blob/master/docker.nix source]) - 200 MB - Official images based on <code>pkgs.dockerTools</code>, updated automatically. | |||
* [https://hub.docker.com/u/nixpkgs u/nixpkgs] - ([https://github.com/nix-community/docker-nixpkgs source]) - [https://github.com/nix-community/docker-nixpkgs#list-of-images various] docker images from nixpkgs, updated daily. | |||
* [https://hub.docker.com/r/lnl7/nix/ lnl7/nix/] ([https://github.com/LnL7/nix-docker source]) - 57 MB - Images built out of a Nix derivation. | |||
== Interesting threads == | |||
* https://github.com/projectatomic/buildah/issues/386: about rootless support | |||
== Work In Progress == | |||
* Improve image storage in the Nix store | |||
https://github.com/projectatomic/skopeo/issues/481 | |||
== Projects == | == Projects == | ||
| Line 25: | Line 55: | ||
A basic (pretty messy) [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/2f3877e71ea7a9a2c3cf03d4fc88931b90cad6b7/containers/postgres.nix postgres] image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary. | A basic (pretty messy) [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/2f3877e71ea7a9a2c3cf03d4fc88931b90cad6b7/containers/postgres.nix postgres] image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary. | ||
Still to do: rabbitmq, frontend code, api, refactor, various others. | Still to do: [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/master/containers/rabbitmq.nix rabbitmq], frontend code, api, refactor, various others. | ||
— [[User:Profpatsch|Profpatsch]] ([[User talk:Profpatsch|talk]]) 02:47, 10 February 2018 (UTC) | — [[User:Profpatsch|Profpatsch]] ([[User talk:Profpatsch|talk]]) 02:47, 10 February 2018 (UTC) | ||
[[Category:Container]] | |||
Latest revision as of 17:58, 8 June 2025
✖︎︎
This article is a deletion candidate. This workgroup may no longer be active; last page edit was before import. Further information may be found on the related discussion page.
⏲︎︎
This article or section is outdated. Other than site-wide fixes, this page has not seen recent updates. Further information might be found in the corresponding discussion. Please remove this notice once the information has been updated.
We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem.
People
Tooling
- opencontainers.org
- runc: spawn and run OCI containers (nixpkgs: runc)
- image-spec: container image specification
- runtime-spec: container runtime specification
- image-tools: tools for working with the image-spec
- runtime-tools: tools for working with the runtime-spec
- umoci: intends to be a complete manipulation tool for OCI images with a rootless mode
- projectatomic.io
- containers Github project: golang libraries for interacting with containers
- awakesecurity
- hocker: fetch from docker (v2) registry and generate nix derivations
Nix images
There are a few images that contain Nix with various trade-offs:
- nixos/nix (source) - 200 MB - Official images based on
pkgs.dockerTools, updated automatically. - u/nixpkgs - (source) - various docker images from nixpkgs, updated daily.
- lnl7/nix/ (source) - 57 MB - Images built out of a Nix derivation.
Interesting threads
- https://github.com/projectatomic/buildah/issues/386: about rootless support
Work In Progress
- Improve image storage in the Nix store
https://github.com/projectatomic/skopeo/issues/481
Projects
Self-Hosted, Minimal Docker/OSI Images
For our platform at Techcultivation we want to generate docker images for all parts of our system. Those images should come in two flavors, development (to quickly spin up local test services, with mock data) and deployment (secure/production-ready). We chose to generate these images purely out of nixpkgs code, so no binary (base) images have to be included.
The current version of the deployment code can be found on our Gitlab.
A basic (pretty messy) postgres image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary.
Still to do: rabbitmq, frontend code, api, refactor, various others.
— Profpatsch (talk) 02:47, 10 February 2018 (UTC)