Container workgroup: Difference between revisions

(14 intermediate revisions by 8 users not shown)

Line 1:

{{delete|reason=This workgroup may no longer be active; last page edit was before import.}}

{{outdated|Other than site-wide fixes, this page has not seen recent updates.}}

We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem.

Line 5:

Line 7:

* [[User:Profpatsch|Profpatsch]]

* [[User:nlewo|Lewo]]

* [[User:moretea|MoreTea]]

== Tooling ==

Line 14:

Line 17:

** [https://github.com/opencontainers/image-tools image-tools]: tools for working with the image-spec

** [https://github.com/opencontainers/runtime-tools runtime-tools]: tools for working with the runtime-spec

** [https://github.com/openSUSE/umoci umoci]: intends to be a complete manipulation tool for OCI images with a rootless mode

* [https://www.projectatomic.io/ projectatomic.io]

** [https://github.com/projectatomic/skopeo skopeo]: modify and inspect images on registries (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/skopeo/default.nix skopeo])

** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images (nixpkgs PR [https://github.com/NixOS/nixpkgs/~~pull~~/~~34887~~ buildah])

** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/buildah/default.nix buildah])

* [https://github.com/containers containers Github project]: golang libraries for interacting with containers

** [https://github.com/containers/image image]: library used by skopeo

** [https://github.com/containers/oci-fetch oci-fetch]: CLI tool for fetching OCI containers over various transports

* awakesecurity

** [https://github.com/awakesecurity/hocker hocker]: fetch from docker (v2) registry and generate nix derivations

== ~~Work In Progress~~ ==

== Nix images ==

There are a few images that contain Nix with various trade-offs:

* [https://hub.docker.com/r/nixos/nix/ nixos/nix] ([https://github.com/NixOS/nix/blob/master/docker.nix source]) - 200 MB - Official images based on <code>pkgs.dockerTools</code>, updated automatically.

* [https://hub.docker.com/u/nixpkgs u/nixpkgs] - ([https://github.com/nix-community/docker-nixpkgs source]) - [https://github.com/nix-community/docker-nixpkgs#list-of-images various] docker images from nixpkgs, updated daily.

* [https://hub.docker.com/r/lnl7/nix/ lnl7/nix/] ([https://github.com/LnL7/nix-docker source]) - 57 MB - Images built out of a Nix derivation.

== Interesting threads ==

* ~~Add legacy Docker image~~ support ~~in Skopeo~~

* https://github.com/projectatomic/buildah/issues/386: about rootless support

nixpkgs.dockerTools.pullImage boots a VM to pull the image by using the Docker daemon. Skopeo could do this but it produces images that are not compatible with the Docker legacy format. The consequence is some NixOS tests are failing and it breaks some NixOS user scripts [https://github.com/containers/image/pull/370 skopeo PR].

== Work In Progress ==

* ~~Use DigestID instead of~~ image ~~tag to pull images (tag is mutable)~~

* Improve image storage in the Nix store

https://github.com/projectatomic/skopeo/issues/481

~~Will be implemented when Skopeo is used to pull images~~

== Projects ==

Line 41:

Line 55:

A basic (pretty messy) [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/2f3877e71ea7a9a2c3cf03d4fc88931b90cad6b7/containers/postgres.nix postgres] image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary.

Still to do: rabbitmq, frontend code, api, refactor, various others.

Still to do: [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/master/containers/rabbitmq.nix rabbitmq], frontend code, api, refactor, various others.

— [[User:Profpatsch|Profpatsch]] ([[User talk:Profpatsch|talk]]) 02:47, 10 February 2018 (UTC)

[[Category:Container]]

@@ Line 1: / Line 1: @@
+{{delete|reason=This workgroup may no longer be active; last page edit was before import.}}
+{{outdated|Other than site-wide fixes, this page has not seen recent updates.}}
 We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem.
@@ Line 5: / Line 7: @@
 * [[User:Profpatsch|Profpatsch]]
 * [[User:nlewo|Lewo]]
+* [[User:moretea|MoreTea]]
 == Tooling ==
@@ Line 14: / Line 17: @@
 ** [https://github.com/opencontainers/image-tools image-tools]: tools for working with the image-spec
 ** [https://github.com/opencontainers/runtime-tools runtime-tools]: tools for working with the runtime-spec
+** [https://github.com/openSUSE/umoci umoci]: intends to be a complete manipulation tool for OCI images with a rootless mode
 * [https://www.projectatomic.io/ projectatomic.io]
 ** [https://github.com/projectatomic/skopeo skopeo]: modify and inspect images on registries (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/skopeo/default.nix skopeo])
-** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images (nixpkgs PR [https://github.com/NixOS/nixpkgs/pull/34887 buildah])
+** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/buildah/default.nix buildah])
 * [https://github.com/containers containers Github project]: golang libraries for interacting with containers
 ** [https://github.com/containers/image image]: library used by skopeo
 ** [https://github.com/containers/oci-fetch oci-fetch]: CLI tool for fetching OCI containers over various transports
+* awakesecurity
+** [https://github.com/awakesecurity/hocker hocker]: fetch from docker (v2) registry and generate nix derivations
-== Work In Progress ==
+== Nix images ==
+There are a few images that contain Nix with various trade-offs:
+* [https://hub.docker.com/r/nixos/nix/ nixos/nix] ([https://github.com/NixOS/nix/blob/master/docker.nix source]) - 200 MB - Official images based on <code>pkgs.dockerTools</code>, updated automatically.
+* [https://hub.docker.com/u/nixpkgs u/nixpkgs] - ([https://github.com/nix-community/docker-nixpkgs source]) - [https://github.com/nix-community/docker-nixpkgs#list-of-images various] docker images from nixpkgs, updated daily.
+* [https://hub.docker.com/r/lnl7/nix/ lnl7/nix/] ([https://github.com/LnL7/nix-docker source]) - 57 MB - Images built out of a Nix derivation.
+== Interesting threads ==
-* Add legacy Docker image support in Skopeo
+* https://github.com/projectatomic/buildah/issues/386: about rootless support
-nixpkgs.dockerTools.pullImage boots a VM to pull the image by using the Docker daemon. Skopeo could do this but it produces images that are not compatible with the Docker legacy format. The consequence is some NixOS tests are failing and it breaks some NixOS user scripts [https://github.com/containers/image/pull/370 skopeo PR].
+== Work In Progress ==
-* Use DigestID instead of image tag to pull images (tag is mutable)
+* Improve image storage in the Nix store
+https://github.com/projectatomic/skopeo/issues/481
-Will be implemented when Skopeo is used to pull images
 == Projects ==
@@ Line 41: / Line 55: @@
 A basic (pretty messy) [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/2f3877e71ea7a9a2c3cf03d4fc88931b90cad6b7/containers/postgres.nix postgres] image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary.
-Still to do: rabbitmq, frontend code, api, refactor, various others.
+Still to do: [https://gitlab.techcultivation.org/sangha/sangha-deployment/blob/master/containers/rabbitmq.nix rabbitmq], frontend code, api, refactor, various others.
 — [[User:Profpatsch|Profpatsch]] ([[User talk:Profpatsch|talk]]) 02:47, 10 February 2018 (UTC)
+[[Category:Container]]