README.md
enbi
Comprised of two parts:
-
NixBuild CRD. An instance of one looks like this:
Spec:Flake URL: git+https://nossa.ee/~talya/chog?rev=f5d531177a7330e9b270c15cca5df0eb72b8684cImage Tag: nossa.ee/talya/chog:f5d531177a7330e9b270c15cca5df0eb72b8684cPackage Name: chog-docker.stream-layeredSystem: aarch64-linuxWhen created, this will build
packages.aarch64-linux.chog-docker.stream-layeredfrom the given flake, on a node in the cluster which has the target architecture. (Nodes can be excluded from builds with-node-repel.)Itβs expected that the output will be a Docker/OCI tarball image itself, or (preferably) a script generated by
streamLayeredImage. The resulting tarball will be loaded into thecontainerdof the build host; use something like Spegel to make it automatically available to any host that might need it.You can see whatβs happening in
kubectl get:NAME IMAGE TAG SYSTEM STATUS BUILD NODE AGEpodwatcher-5d74cd57bb nossa.ee/talya/chog:f5d531177a7330e9b270c15cca5df0eb72b8684c aarch64-linux Succeeded cass 71mAnd more details in
kubectl describe:Status:Build Job Name: podwatcher-5d74cd57bb-5d74cd57bbBuild Node: cassConditions:Last Transition Time: 2025-08-31T08:34:01ZMessage: Build completed successfully and result was fetched from endpointReason: ResultSuccessStatus: TrueType: SuccessLast Transition Time: 2025-08-31T08:34:01ZMessage: Image loadedReason: BuildFinishedStatus: TrueType: CompleteImage Digest: sha256:707b2b90f3f21c5cccad07429f51e1a37b9833d4ff87b323786d7cb246b8360cImage Size: 112199680Status: Succeeded -
Annotations to be added to your PodTemplateSpec. Like this:
Pod Template:Labels: app.kubernetes.io/name=chogAnnotations: enbi.hrzn.ee/nixbuild-flakeUrl: git+https://nossa.ee/~talya/chog?rev=f5d531177a7330e9b270c15cca5df0eb72b8684cenbi.hrzn.ee/nixbuild-imageTag: nossa.ee/talya/chog:f5d531177a7330e9b270c15cca5df0eb72b8684cenbi.hrzn.ee/nixbuild-packageName: chog-docker.stream-layeredIf a Pod with these annotations is found to be failing to start up due to a missing image, and the tag of that image matches the one in the annotation, a corresponding NixBuild will be created; after the image is built and loaded, your containers will come up at next retry!
Left to do:
- flesh out the tests; weβll need to manipulate the state surrounding the controller (create Nodes, PVs, etc.).
- check our behaviour when a Pod fails to start because itβs trying to run a container with the
wrong arch; we probably will ignore it (search codebase for
RestartCount). - running in Docker for Macβs kind doesnβt work well wrt. building across Nodes; thereβs no Spegel-like auto-pull across Nodes, only from the host cache (which we donβt (canβt?) touch).
- consider limiting the number of leftover successful NixBuilds.
- make it easier to deploy for others (and to update our own deployment, given the situation
with
config/and how we use Timoni). - document assumptions, limitations.
-
local-overlay-storesupport? - system (Node) Nix daemon support?
Built while following the Kubebuilder book.
License
Copyright Β© 2025 Asherah Connor <ashe@kivikakk.ee>
Licensed under the Apache License, Version 2.0 (the βLicenseβ); you may not use this file except in
compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0;
it is included in this distribution at LICENSE.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an βAS ISβ BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
