Supercharging containers with Nix

Enterprises using containers want consistency across all their environments, faster development, quicker builds and deployments, and minimal container images with reduced attack surfaces. But it’s often hard to consistently achieve all of these goals.

Dockerfiles often fall short of reproducibility leading to inconsistent environments, dependency conflicts. A small change in one layer triggers a full rebuild of everything that follows, resulting in slow builds, and slower deployments. Leftover build time dependencies in image layers bloats containers and increases the attack surface. Integrating Nix with containers is a powerful way to overcome these limitations.

To set the stage, I’ll give a brief intro to key Nix concepts:

- Building packages with nix

- The nix store

- Binary caches

and then I will explain how Nix can be used to:

- Build Docker images using nix to dramatically improve build times and produce truly minimal images with no extra bloat

- Implement a local overlay store that shares Nix packages between pods, significantly reducing pod sizes

- Utilise the nix-sidecar pattern to cut Kubernetes deployment times (currently in use at Anthropic)

- Address supply chain security concerns with Nix's deterministic and hermetic builds and verifiable dependency fetching.

By the end, you’ll leave with insights into several ways of using Nix with Kubernetes to shrink image sizes, streamline build and deployment pipelines, and boost confidence in your Docker and Kubernetes workflows. You’ll also get a first look at Valkyrie, a robust system for running multi-language code securely in Kubernetes or docker using nix with zero config, designed for the demands of modern AI workflows.

• Nix Fundamentals: Gain a understanding of core Nix concepts such as the nix store, derivations and binary caches.

• Building Minimal, Fast Docker Images: Learn how to use Nix to build smaller and faster Docker images by only copying the required packages from the nix store.

• Accelerating Deployments with the Nix-Sidecar Pattern: use the nix-sidecar pattern as a method to reduce Kubernetes deployment times

• Enhancing Supply Chain Security: Understand how Nix's deterministic, hermetic builds and verifiable dependency fetching improve the security of your software supply chain in Kubernetes.