Kubernetes example
This deployment sets up a 4-container deployment with separate CAS, scheduler and worker. Don’t use this example deployment in production. It’s insecure.
In this example we’re using kind
to set up the cluster cilium
to provide a
LoadBalancer
and GatewayController
.
First set up a local development cluster:
Next start a few standard deployments. This part also builds the remote execution containers and makes them available to the cluster:
Finally, deploy NativeLink:
This demo setup creates two gateways to expose the cas
and scheduler
deployments via your local docker network:
You can now pass these IP addresses to your Bazel invocation to use the remote cache and executor:
When you’re done testing, delete the cluster:
Use a published image
Published images can be found under the Container registry, which uses the namespace https://ghcr.io
. When using the Container registry, you can select prebuilt images and avoid building the image yourself.
To pull an existing image, you can run:
Derive a Tag for an OCI image
To derive the tag of the NativeLink image at a specific commit, run the below command and change someCommit
with the commit hash you want to use:
Alternatively, the tag can be derived from the upstream sources at the current state of the upstream main branch by running this command:
Similarly, you can also clone or checkout a specific version or commit of the NativeLink git repository to evaluate the output of the entire NativeLink flake. For example, assuming you’ve done the NativeLink Getting Started Guide and cloned the repository, you can run these sample commands:
The --raw
removes the surrounding quotes from the output string.
We don’t recommend using this command to
retrieve an image:
nix eval github:TraceMachina/nativelink#image.imageTag --raw
Using this command prevents anyone from
identifying the specific version of the
NativeLink container in use because
reflects the image version available at the
time of download. It’ll be hard to debug,
revert to previous versions if there are issues
and complicate bug tracking.
It’s for these same reasons you won’t be able
to retrieve an image using the latest
tag.
Build and copy an OCI image
You can build and copy the image to a container registry with the copyTo
attribute. Below are examples within the NativeLink repository for building and copying an image:
- Example 1 highlights:
- Example 2 highlights how to skip pushing to an intermediary registry by copying directly to the docker-daemon:
You can find more about details around nix. Published images are signed using cosign
. For more details of the verification process of publishing OCI images see SECURITY.md
NativeLink Community
Reach out to the NativeLink Slack community for any questions via #NativeLink!