I’m just getting started working with incus, and learning how to spin up containers and vms. While I’m learning, I’m trying to see if it’s possible to get a vsphere-like graphical connection to a desktop in a datacenter. Learning about spice has been an interesting experience.
That aside, my objective is to create a handful of OCI images to handle some jobs that our SaaS platform at work does. I’m one of the two founders of Phobos Group, and we’ve built a SaaS platform that does attack surface management.
It is currently using full VMs for its api nodes and worker nodes, but I would like to extrapolate how to create, for example “one worker host”, which would be a django python environment and a bunch of custom code, setups, and an overlay network binary and its config. This sort of thing appears to be more than what a cursory glance at an OCI container is - which I have seen to be things like ‘a single instance of mysql’ or ‘a single instance of nginx’.
What I’m hoping to get some guidance on is “how do I build my own OCI image”? I’d like to basically have the ability to have a sort of ‘gold image’ for things like “a scanning node” or “an api endpoint”, inside which is a full loadout of stuff we’ve plumbed.
So its way way less than a vm, its also way way less than a typical full-os container, but its way more than an OCI image.
Would it be better to create an OCI image to handle this sort of thing, or would it be better to use something like an ubuntu container, and then push snapshots around? Doing this inside of a container seems pretty straightforward, but I’ve not made any attempts to do something like this with an OCI image, so any guidance here would be great!
Incus and OCI are different projects. Incus is Linux Containers. OCI is an initiative built around Docker.
Linux Containers are OS containers and OCI is for App containers.
I feel like what you are after is something more along the lines of CI/CD. You can still use Incus or Docker in that situation as well. It is up to you to decide how you would like to go about it.
I guess the most straightforward way for me to ask my question is thusly:
Is it currently possible for me to build my own OCI image, which would be ‘a bunch of stuff, not just one single app’ - and if so, is there a getting started guide or howto or some instruction?
Incus has its own type of container images and we typically call them system containers. Incus has a service that is able to use/run those system containers. Those images are generated from distrobuilder. Recently (since last year), @stgraber added support for OCI images to Incus. That is, the Incus service is able to run OCI images as well. The OCI images would be downloaded from their respective repositories (such as DockerHub), and Incus would do that download for you, then run the image.
In that respect, Incus is not involved currently in the lifecycle of an OCI image; that is, if you want to create a new OCI image, you would use any of the mature software (such as those from Docker) to do so. You can also create your own personal repository/registry of your new OCI images, and point Incus to get them from there (incus remote add).
Perfect, thats the answer I was looking for!
It seems like it may be less trouble to start with an incus container, load it up the way I want, then snapshot it, as I’m sort of allergic to docker
There are some image build tools like buildah and kaliko that allow for OCI image building independent of Docker, but they also generally use their own build definition file rather than Dockerfile.
And once that’s generated, you’d still need to put it on a registry for Incus to be able to consume it. So indeed, just for your own thing, doing it through a system container may be easier.
