Vision for container hosting & handling

Hi I’m still very unsatisfied with the overall container landscape and so I’m always exploring new possibilities.

My current vision is to run OCI containers on the kata-runtime using the firecracker hypervisor.
Possibly managed with Kubernetes, but I’m not sure about that - still searching for simpler solutions (podman for example).

My question now is if there is anybody else here interested in integrating kata and firecracker into NixOS?

I’ve already found your container working group - where I’m in the hope a tooling to easily create OCI containers will be the come out.

1 Like

Yes. I’m very interested. I have some stuff actually working for Kata (non-firecracker) with containerd on NixOS. I was in the middle of disentangling it into a separate repository when I got distracted with some other projects.

Is this something you plan to actively work on? We have #nixos-kubernetes and I’m always more likely to work on one of my projects if I know someone, anyone will use it or benefit from it.

(That having been said, I’m not sure why the world needs yet another OCI image creation tool. There are already tools in nixpkgs that will create a Docker image, presumably it could be chained to spit out an OCI image, or could at least be used as a template for creating OCI images directly.)

(Side note: I’m also interested in seeing how Nix can hold up against ksonnet/kustomize, I think it has some potential… YAML just can’t be the best we can come up with for distributed microsevices)

I didn’t try but I think we can currently create a OCI container by using our Docker tooling plus skopeo to convert the generated Docker image to an OCI one.

@colemickens Regarding ksonnet, maybe you should try kubenix!

I’m personally interested in finding a way to accelerate Docker image testing: I currently need to run the container in a NixOS test VM; this is not really convenient and efficient.

1 Like

I’m exploring Kata right now. Can’t say for sure jet if I’ll take the time to actively work on it. But I think it has the potential. It looks promising to be my primary container runtime.

To the OCI building side. I’m not in the search of another image creation tool.
But I see the potential for nixpkgs to be one of the best way to build an image in an declarative way.
The same as the pkgs.dockerTools do right now - but with OCI as it’s first class citizen.

The container landscape is getting vast - so we should first concentrate to support the underling new standard.

1 Like

Things get together:
https://superuser.openstack.org/articles/firecracker-kata-containers-open-collaboration/

On the Open Infrastructure keynote stage in Denver, Samuel Ortiz, architecture committee, Kata Containers and Andreea Florescu, maintainer, Firecracker project, talked about how the projects are working together.

The pair introduced a new collaborative project: rust-vmm. Firecracker allows Kata Containers to support a large number of container workloads, but not all of them. OSF, Amazon, Intel, Google and others are now collaborating to build a custom container hypervisor. Enter rust-vmm, a project featuring shared virtualization components to build specialized VMMs.

2 Likes

It is more then a year since this topic was started, is anyone right now working on trying to incorporate Kata container runtime into nixpkgs?

On my side not.
I went one step back using now again more classical ways to deploy my software.

Development direction in the container landscape don’t anymore solves problems
I have as a little single developer…

There is:

https://github.com/NixOS/nixpkgs/pull/93526

1 Like

Aha this is great, thanks for posting!
I thought I had searched the repo thoroughly but no.