Flox Unlocks Imageless Deployments for Kubernetes

November 10, 2025 -- Today at KubeCon NA 2025, Flox, the platform redefining the software development lifecycle for the AI era, announced "Kubernetes, Uncontained," a solution for deploying reproducible workloads that start fast—without pulling or rebuilding images.

Kubernetes delivers a rock-solid foundation for modern infrastructure. Flox adds a small, vendor-maintained shim that allows teams to declare their workload dependencies as Flox environments, powered by Nix. These are declarative, immutable stacks where every package and version is pinned to SHA256-hashed artifacts. At pod startup, the shim activates the Flox environment and fetches the specified artifacts from the node's local read-only store.

Flox's approach integrates cleanly with existing deployment workflows, including CI/CD pipelines, GitOps practices, and security tools. The only change is what gets deployed—Flox environments instead of container images—while Kubernetes's orchestration, networking, and runtime behavior remain unchanged. The benefits include a smaller attack surface, lower cloud costs, faster releases, and Software Bills of Materials (SBOMs) by default.

"Kubernetes gives teams resilient, reliable infrastructure for scheduling, networking, and rollout mechanics," said Michael Brantley, CTO and co-founder of Flox. "What we're doing is simplifying how workloads get packaged and deployed. Teams define applications as immutable, versioned Flox environments, then deploy them using a minimal Flox-maintained shim. The same environment that runs on a developer's laptop runs identically in production."

Building on Proven Patterns at Scale

Flox draws on Kubernetes's proven extensibility to make "imageless" deployments a viable pattern for mainstream infrastructure. Rather than bundling all dependencies into multi-gigabyte container images, Flox uses Nix's input-addressed storage to load only required dependencies at runtime. Under the hood, the Flox shim uses the same Kubernetes's Container Runtime Interface (CRI) hooks used by solutions like Kata Containers and gVisor.

Instead of managing full base images (Alpine, Ubuntu, distroless), teams define dependencies in immutable, versioned Flox environments. These provide an auditable record of what ran and when, giving security and compliance teams traceable, verifiable provenance.

Key Advantages

Organizations can use their existing CI/CD systems, GitOps tools, and security scanning processes. Kubernetes manifests require minimal changes—in most cases just the image reference. Existing Kubernetes security controls, networking policies, and admission controllers work unchanged. The Flox shim integrates at the CRI layer, so it's a drop-in option.

Other advantages include:

• Reduced attack surface, simplified compliance. Deploy only required dependencies with SBOMs-by-default and input-addressed provenance. Smaller artifacts mean fewer packages to track, fewer CVEs to triage, faster security reviews, and simpler inventory.

• Reproducible behavior at build-time and runtime. Every Flox environment is locked to a cryptographic fingerprint—a unique hash computed from its build inputs—so it's always fully reproducible and traceable.

• Lower cloud costs. Eliminate registry storage and egress fees for large base images, shorten CI/CD run times, and reduce the cost of building and maintaining large, multi-gigabyte images.

• Fast deployments. Pods load only the hash-pinned packages they need from a node-local cache. Subsequent deployments add packages to the cache as required—no layer rebuilds—and atomic rollbacks make releases fast and safe.

• Portability: The same Flox environment runs identically across architectures and platforms—on developer laptops, in CI pipelines, and production clusters—ending "works on my machine" issues.

"Just like Kata Containers used the CRI to give you VM-level isolation, or gVisor to give you user-space kernel isolation, Flox's shim gives you Nix-style reproducibility with the ability to run only the software you actually need," said Kelsey Hightower, distinguished engineer and Flox advisor.

Real-World Impact

Most applications work well with traditional container images, but teams running AI/ML workloads and complex multi-language stacks face major packaging challenges.

Container images for ML or AI workloads can reach 5-10 GB—or more—combining packages like PyTorch, TensorFlow, CUDA drivers, the CUDA Toolkit, models, and multi-language toolchains across multiple images. Teams often resort to elaborate workarounds: init containers, volume mounts, manual dependency staging, and custom image optimization pipelines.

With Kubernetes "Uncontained" there's zero base-image overhead, so teams deploy only what their workloads require. Successive deployments benefit from a pre-warmed cache of node-local packages, which means no more waiting on multi-gigabyte image uploads or managing registry data-transfer costs. Beyond performance gains, Flox's support for hash-pinned dependencies and SBOMs-by-default makes deployments reproducible and auditable, so teams can identify and patch vulnerabilities without rebuilding images.

Market Momentum

Since launching Flox 1.0 in March 2024, the company has delivered 40+ releases and attracted Fortune 5 enterprises alongside high-growth tech companies. The company's recent $25M Series B led by Addition reflects the scale of their mission—underscoring their commitment to support customers for the next decade. Today's Kubernetes work is one step on that long-term path.

Availability

Flox Kubernetes support is available today for all Flox users. Organizations interested in deploying reproducible environments without container builds can visit flox.dev/kubernetes or visit booth #1850 at KubeCon North America.

About Flox

Flox offers developers, platform engineers, and operators reproducible environments that span the enterprise SDLC. Built on Nix technology, Flox provides the first end-to-end solution that empowers teams to accelerate and simplify their Systems Development Life Cycle through secure, isolated, and reproducible development and runtime environments. Flox was founded in 2021 as a spinout from the D. E. Shaw group and backed by Addition, NEA, Hetz Ventures, and Illuminate Financial. For more information, visit flox.dev.