Difference between revisions of "Workgroup:Container"
Profpatsch (talk | contribs) (github containers tooling) |
Profpatsch (talk | contribs) (buildah file link) |
||
| Line 16: | Line 16: | ||
* [https://www.projectatomic.io/ projectatomic.io] | * [https://www.projectatomic.io/ projectatomic.io] | ||
** [https://github.com/projectatomic/skopeo skopeo]: modify and inspect images on registries (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/skopeo/default.nix skopeo]) | ** [https://github.com/projectatomic/skopeo skopeo]: modify and inspect images on registries (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/skopeo/default.nix skopeo]) | ||
| − | ** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images (nixpkgs | + | ** [https://github.com/projectatomic/buildah buildah]: build/generate OCI images (nixpkgs: [https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/buildah/default.nix buildah]) |
* [https://github.com/containers containers Github project]: golang libraries for interacting with containers | * [https://github.com/containers containers Github project]: golang libraries for interacting with containers | ||
** [https://github.com/containers/image image]: library used by skopeo | ** [https://github.com/containers/image image]: library used by skopeo | ||
Revision as of 22:06, 13 February 2018
We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem.
People
Tooling
- opencontainers.org
- runc: spawn and run OCI containers (nixpkgs: runc)
- image-spec: container image specification
- runtime-spec: container runtime specification
- image-tools: tools for working with the image-spec
- runtime-tools: tools for working with the runtime-spec
- projectatomic.io
- containers Github project: golang libraries for interacting with containers
Work In Progress
- Add legacy Docker image support in Skopeo
nixpkgs.dockerTools.pullImage boots a VM to pull the image by using the Docker daemon. Skopeo could do this but it produces images that are not compatible with the Docker legacy format. The consequence is some NixOS tests are failing and it breaks some NixOS user scripts skopeo PR.
- Use DigestID instead of image tag to pull images (tag is mutable)
Will be implemented when Skopeo is used to pull images
Projects
Self-Hosted, Minimal Docker/OSI Images
For our platform at Techcultivation we want to generate docker images for all parts of our system. Those images should come in two flavors, development (to quickly spin up local test services, with mock data) and deployment (secure/production-ready). We chose to generate these images purely out of nixpkgs code, so no binary (base) images have to be included.
The current version of the deployment code can be found on our Gitlab.
A basic (pretty messy) postgres image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary.
Still to do: rabbitmq, frontend code, api, refactor, various others.
— Profpatsch (talk) 02:47, 10 February 2018 (UTC)