Container workgroup: Difference between revisions
imported>Profpatsch m skopeo description |
No edit summary |
||
| (20 intermediate revisions by 8 users not shown) | |||
| Line 1: | Line 1: | ||
{{delete|reason=This workgroup may no longer be active; last page edit was before import.}} | |||
{{outdated|Other than site-wide fixes, this page has not seen recent updates.}} | |||
We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem. | We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem. | ||
| Line 4: | Line 6: | ||
* [[User:Profpatsch|Profpatsch]] | * [[User:Profpatsch|Profpatsch]] | ||
* [[User:nlewo|Lewo]] | |||
* [[User:moretea|MoreTea]] | |||
== Tooling == | == Tooling == | ||
* [https://www.opencontainers.org/ opencontainers.org] | * [https://www.opencontainers.org/ opencontainers.org] | ||
** [https://github.com/opencontainers/runc runc]: spawn and run OCI containers | ** [https://github.com/opencontainers/runc runc]: spawn and run OCI containers (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/runc/default.nix runc]) | ||
** [https://github.com/opencontainers/image-spec image-spec]: container image specification | ** [https://github.com/opencontainers/image-spec image-spec]: container image specification | ||
** [https://github.com/opencontainers/runtime-spec runtime-spec]: container runtime specification | ** [https://github.com/opencontainers/runtime-spec runtime-spec]: container runtime specification | ||
** [https://github.com/opencontainers/image-tools image-tools]: tools for working with the image-spec | |||
** [https://github.com/opencontainers/runtime-tools runtime-tools]: tools for working with the runtime-spec | |||
** [https://github.com/openSUSE/umoci umoci]: intends to be a complete manipulation tool for OCI images with a rootless mode | |||
* [https://www.projectatomic.io/ projectatomic.io] | * [https://www.projectatomic.io/ projectatomic.io] | ||
** [https://github.com/projectatomic/skopeo skopeo]: modify and inspect images on registries | ** [https://github.com/projectatomic/skopeo skopeo]: modify and inspect images on registries (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/skopeo/default.nix skopeo]) | ||
** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images | ** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/buildah/default.nix buildah]) | ||
* [https://github.com/containers containers Github project]: golang libraries for interacting with containers | |||
** [https://github.com/containers/image image]: library used by skopeo | |||
** [https://github.com/containers/oci-fetch oci-fetch]: CLI tool for fetching OCI containers over various transports | |||
* awakesecurity | |||
** [https://github.com/awakesecurity/hocker hocker]: fetch from docker (v2) registry and generate nix derivations | |||
== Nix images == | |||
There are a few images that contain Nix with various trade-offs: | |||
* [https://hub.docker.com/r/nixos/nix/ nixos/nix] ([https://github.com/NixOS/nix/blob/master/docker.nix source]) - 200 MB - Official images based on <code>pkgs.dockerTools</code>, updated automatically. | |||
* [https://hub.docker.com/u/nixpkgs u/nixpkgs] - ([https://github.com/nix-community/docker-nixpkgs source]) - [https://github.com/nix-community/docker-nixpkgs#list-of-images various] docker images from nixpkgs, updated daily. | |||
* [https://hub.docker.com/r/lnl7/nix/ lnl7/nix/] ([https://github.com/LnL7/nix-docker source]) - 57 MB - Images built out of a Nix derivation. | |||
== Interesting threads == | |||
* https://github.com/projectatomic/buildah/issues/386: about rootless support | |||
== Work In Progress == | |||
* Improve image storage in the Nix store | |||
https://github.com/projectatomic/skopeo/issues/481 | |||
== Projects == | == Projects == | ||
| Line 25: | Line 55: | ||
A basic (pretty messy) [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/2f3877e71ea7a9a2c3cf03d4fc88931b90cad6b7/containers/postgres.nix postgres] image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary. | A basic (pretty messy) [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/2f3877e71ea7a9a2c3cf03d4fc88931b90cad6b7/containers/postgres.nix postgres] image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary. | ||
Still to do: rabbitmq, frontend code, api, refactor, various others. | Still to do: [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/master/containers/rabbitmq.nix rabbitmq], frontend code, api, refactor, various others. | ||
— [[User:Profpatsch|Profpatsch]] ([[User talk:Profpatsch|talk]]) 02:47, 10 February 2018 (UTC) | — [[User:Profpatsch|Profpatsch]] ([[User talk:Profpatsch|talk]]) 02:47, 10 February 2018 (UTC) | ||
[[Category:Container]] | |||