Skip to content

Container registry generating container image tarfiles on the fly

License

Notifications You must be signed in to change notification settings

elohmeier/flakeforge

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

flakeforge

Generate container images using Nix and serve them via an Docker Registry HTTP API V2 compatible HTTP API.

Container image tarballs are generated on the fly and cached by flakeforge (but not stored in the Nix store to save disk space).

How to use

Create a flake.nix (example repo) file to specify the container image (sample below for x86_64-linux, tested successfully with aarch64-linux as well):

{
  description = "flakeforge example";

  inputs = {
    flakeforge.url = "github:elohmeier/flakeforge";
    flakeforge.inputs.nixpkgs.follows = "nixpkgs";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
  };

  outputs = { self, flakeforge, nixpkgs }: {

    packages.x86_64-linux.my-bash-image = flakeforge.packages.x86_64-linux.flakeforgeTools.streamLayeredImageConf {
      name = "bash-stream-layered";
      contents = [ nixpkgs.legacyPackages.x86_64-linux.bashInteractive ];
    };

  };
}

Run flakenix using nix run github:elohmeier/flakeforge -- $(pwd) or nix run github:elohmeier/flakeforge -- github:myuser/myrepo (flakeforge is running nix build ${flakeroot}#${image} internally).

Use docker pull localhost:5000/my-bash-image (package name specified above) to pull the image using Docker.

Use docker run -it localhost:5000/my-bash-image bash to start a container with bash.

How does it work

streamLayeredImageConf generates a config file specifying the layers and docker configuration (essentially the same code as in dockerTools.streamLayeredImage). That file is picked up by flakeforge (using a nix build call) and exposed via a Starlette-based webserver.

Limitations

Currently this is in a proof of concept state. I'm using it in a Kubernetes cluster to provide container images to the nodes.

  • no HTTPS support
  • minimal registry API implementation (manifest & digest endpoints only)
  • no compression (only tar images)

Acknowledgements

  • Inspired by Nixery, which provides more generic approach.
  • Using code from Nixpkgs/dockerTools to provide the on the fly container image tarfile generation.

About

Container registry generating container image tarfiles on the fly

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published