Permanent Docker Images On IPFS

Why Docker And IPFS

IPFS the InterPlanetary File System is a peer to peer, distributed, content addressable, data store. It has a variety of features such as file deduplication, torrent style swarming, and multiple clients including a browser embeddable javascript only implementation.


With IPFS as long as any IPFS node in the world has a copy of a docker image it may be downloaded and deployed. HTTP links break, servers go down, names change. The existing file distribution paradigm is limited.

Docker Load / Save

A little known feature of Docker is the ability to dump images into a tar file, and then load them back into the system. This can be accomplished with docker load, and docker save. This makes it very easy to use docker without any dependency on a registry.

With this functionality you could distribute Docker images however you want. This could be done over an HTTP webserver, a USB sneakernet, or in our case IPFS.

Distributing Images

Lets pick some image to distribute. In my case I am going to pick the latest NGINX. Docker save will export an image along with its current tags. I don’t want to save this image with all it’s tags so I am going to export it by it’s id instead of name. This will ensure the image alone is distributed without all the tagging context.

> docker save 3f8a4339aadd > nginx.tar

This will produce an uncompressed tar file that contains all the Docker image layers for NGINX. Because IPFS has automatic block level deduplication, changes made to other versions of the docker image should be fairly efficiently stored and distributed, regardless of the layer changed.


Now that we have an image lets add it to IPFS.

> ipfs add nginx.tar
added Qmbi6Y2aFG3SfjpzQgbu65on7EMFwusGqLYSPCGrcVRJ8A nginx.tar

Great! Now as long as we have our IPFS node up anyone will be able to download the NGINX docker image, and assist in its distribution.

Fetching Images

Now lets move to our machine that we want to deploy NGINX on and download the image.

> ipfs get Qmbi6Y2aFG3SfjpzQgbu65on7EMFwusGqLYSPCGrcVRJ8A
Saving file(s) to Qmbi6Y2aFG3SfjpzQgbu65on7EMFwusGqLYSPCGrcVRJ8A

And to load it into our Docker daemon.

> docker load --input Qmbi6Y2aFG3SfjpzQgbu65on7EMFwusGqLYSPCGrcVRJ8A
Loaded image ID: sha256:3f8a4339aadda5897b744682f5f774dc69991a81af8d715d37a616bb4c99edf5

Now that we have the raw image we want to name it something convenient.

> docker tag sha256:3f8a4339aadda5897b744682f5f774dc69991a81af8d715d37a616bb4c99edf5 nginxipfs

Now we can use our Docker image like normal.

Building On This

Just throwing files up on IPFS is not nearly a sufficient infrastructure for a real Docker workflow. But consider that files may not need to be distributed with the same mechanism that you discover them.