FYI, a nix-cri-imageservice has been implemented as part of nix-snapshotter: https://discourse.nixos.org/t/nix-snapshotter-native-understanding-of-nix-packages-for-containerd
Though the image reference looks a bit weird due to what’s considered a valid reference:
nix:0/nix/store/w05rymszja2nnrlh5xr3yxksrwz467cn-nix-image-redis.tar
Essentially Kubernetes configured with nix-snapshotter can resolve store paths pointing to OCI image archives. Nix-snapshotter then configures the container rootfs from the host Nix store (creating gcroots & thereby substituting from a Nix binary cache if necessary).
Check out what’s possible, now you can define a pod spec without any external dependency (without a Docker Registry):
redis = pkgs.nix-snapshotter.buildImage {
name = "redis";
resolvedByNix = true; # passthru.image is set to `nix:0/nix/store/...`
config = {
entrypoint = [ "${pkgs.redis}/bin/redis-server" ];
};
};
redisPod = {
apiVersion = "v1";
kind = "Pod";
metadata = {
name = "redis";
labels.name = "redis";
};
spec.containers = [{
inherit (redis) name image;
args = ["--protected-mode" "no"];
ports = [{
name = "client";
containerPort = 6379;
}];
}];
};
You can then define a flake app to do something like nix run .#deploy-k8s which essentially wraps kubectl apply -f ${pkgs.writeText "pod.json" (builtins.toJSON redisPod)}.