Our great sponsors
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
There is an example of doing this in the docker-tools examples!
https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-supp...
Nixos website has very nice example of minimal docker images: https://nixos.org/#asciinema-demo-example_4
If you decouple you build from your packaging you can also use from-scratch containers. You can also use distroless' static image [0] to get a posix-y environment with as little space as possible. Total image size of the static image is ~2.4mb and it comes with a `nonroot` user configured to lock down your perms and packages like ca-certs that are often forgotten.
You can make use of this with multistage builds or with build systems like Bazel and Please.build.
[0] - https://github.com/GoogleContainerTools/distroless/blob/main...
> not sure if k8s can run OCI, or if I can push OCI to a docker registry (artifactory)
I push OCI images to AWS ECR, so it would probably work.
> I'm on mac/arm but the images need to run on linux/amd64
I've never used the cross-compilation support in Nixpkgs. My work machine runs macOS (x86_64), so I have a Linux VM as a remote builder. I happen to use LimaVM ( https://github.com/lima-vm/lima ), but anything would work (Qemu, VirtualBox, the VM bundled with Docker Desktop, etc.).
PS: Since containers only work on Linux, and I'm often working on macOS, I use the following assertion to check that I'm not accidentally including Mac builds in a layer:
assert all (d: ((d.type or null) == "derivation") -> (d.system == "x86_64-linux")) drvs;