Vision for container hosting & handling


#1

Hi I’m still very unsatisfied with the overall container landscape and so I’m always exploring new possibilities.

My current vision is to run OCI containers on the kata-runtime using the firecracker hypervisor.
Possibly managed with Kubernetes, but I’m not sure about that - still searching for simpler solutions (podman for example).

My question now is if there is anybody else here interested in integrating kata and firecracker into NixOS?

I’ve already found your container working group - where I’m in the hope a tooling to easily create OCI containers will be the come out.


#2

Yes. I’m very interested. I have some stuff actually working for Kata (non-firecracker) with containerd on NixOS. I was in the middle of disentangling it into a separate repository when I got distracted with some other projects.

Is this something you plan to actively work on? We have #nixos-kubernetes and I’m always more likely to work on one of my projects if I know someone, anyone will use it or benefit from it.

(That having been said, I’m not sure why the world needs yet another OCI image creation tool. There are already tools in nixpkgs that will create a Docker image, presumably it could be chained to spit out an OCI image, or could at least be used as a template for creating OCI images directly.)

(Side note: I’m also interested in seeing how Nix can hold up against ksonnet/kustomize, I think it has some potential… YAML just can’t be the best we can come up with for distributed microsevices)


#3

I didn’t try but I think we can currently create a OCI container by using our Docker tooling plus skopeo to convert the generated Docker image to an OCI one.

@colemickens Regarding ksonnet, maybe you should try kubenix!

I’m personally interested in finding a way to accelerate Docker image testing: I currently need to run the container in a NixOS test VM; this is not really convenient and efficient.


#4

I’m exploring Kata right now. Can’t say for sure jet if I’ll take the time to actively work on it. But I think it has the potential. It looks promising to be my primary container runtime.

To the OCI building side. I’m not in the search of another image creation tool.
But I see the potential for nixpkgs to be one of the best way to build an image in an declarative way.
The same as the pkgs.dockerTools do right now - but with OCI as it’s first class citizen.

The container landscape is getting vast - so we should first concentrate to support the underling new standard.