spec
Moby
spec | Moby | |
---|---|---|
4 | 212 | |
1,286 | 67,768 | |
1.1% | 0.3% | |
4.6 | 10.0 | |
16 days ago | 3 days ago | |
Makefile | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
spec
-
RSE Rave Recurrence
I had a really (what I thought at the time) cool idea for a new Kubernetes storage driver, so I implemented the basic version in an evening. That's the first "rave-worthy" event - the architecture of these drivers is fairly complex and there are many ways to do it (see https://github.com/container-storage-interface/spec/blob/master/spec.md) so getting something working as I imagined it, knowing nothing beforehand, was the first moment of joy. The next day (after sharing in a few slacks) I got a DM from a tech lead at and he was really excited about the idea! That second affirmation that someone was excited about the project and wanted to brainstorm with me was my second moment of joy. And then for the third, last night and (some of today, still going to do more after dinner soon!) I've been doing detail work, and learning a ton, debugging, learning, making it slowly better... that flow state (often with music) is probably the closest thing to the idea of a rave. Anyway, that's my story! I love learning Kubernetes stuff, I'm so grateful I've been able to in my current role.
- Docker 23.0.0 is out
-
Infrastructure Engineering — Deployment Strategies
But if all of these are not an issue, then Containers and an orchestration system like Kubernetes can always take care of workload portability especially with OCI now in place for containers and CSI, CNI, CRI, SMI for storage, networking, runtime and service mesh respectively creating a healthy standards based ecosystem for all thereby enabling workload portability without lock-in since for a workload to be truly portable, all the underlying resources should be portable without any/very limited changes.
-
Infrastructure Engineering - Diving Deep
CSI (Container Storage Interface) is a standard which helps establish interoperability between multiple storage providers avoiding the need to have in-tree plugins within the core. So, any storage provider who supports CSI can work with Kubernetes without any issues. You can find a complete list of providers supporting CSI here
Moby
-
Release Radar • March 2024 Edition
Having been featured in our February 2023, and January 2024 Release Radars, Moby is the original Linux Container runtime. This new version adds a bunch of changes to the Docker CLI and Moby itself with additional features. There's bug fixes and enhancements, with the main thing for users to be on the look out for containers that were created using Docker Engine 25.0.0. These containers might have duplicate MAC addresses, and thus must be recreated. The same goes for those containers created with Moby 25.0+ and with user defined MAC addresses. Read up on all these changes in the release notes.
-
Choosing a Name for Your Computer
Formlabs does this as well for their 3d printers, my earliest encounter of this was when Docker started getting popular: https://github.com/moby/moby/blob/master/pkg/namesgenerator/...
- Docker Inc. refuses to patch HIGH vulnerabilities in Docker
-
Do not install Docker Desktop on GNU/Linux systems
Try to use moby instead since that is the engine in Docker.
https://github.com/moby/moby
-
Exploring Podman: A More Secure Docker Alternative
> Podman is designed to help with this by providing stronger default security settings compared to Docker. Features like rootless containers, user namespaces, and seccomp profiles, while available in Docker, aren't enabled by default and often require extra setup.
Seccomp has been enabled by default since 2015: https://github.com/moby/moby/pull/18780
It is true that Rootless isn't enabled by default but its "extra setup" can be done with a single command (`dockerd-rootless-setuptool.sh install`)
- Moby: Block io_uring_* syscalls in default profile
- Io_uring will be blocked by default on Docker
-
OpenZFS 2.2: Block Cloning, Linux Containers, BLAKE3
Perhaps.
Thing is, https://github.com/moby/moby/blob/670bc0a46c4ca03b75f1e72f73... is using https://github.com/mistifyio/go-zfs which features code like `out, err := zfsOutput("get", "-H", key, d.Name)` (Source: https://github.com/mistifyio/go-zfs/blob/master/zfs.go#L315) to get a single zfs property.
Somebody chose to use a library as abstraction that looks good but is implemented as a MVP (nothing wrong with that). "In the future, we hope to work directly with libzfs" should have raised an alarm somewhere, though.
-
The Twelve-Factor App
AppArmor can restrict /proc and this is even used by docker: https://github.com/moby/moby/blob/master/contrib/apparmor/te...
What are some alternatives?
cri-api - Container Runtime Interface (CRI) – a plugin interface which enables kubelet to use a wide variety of container runtimes.
podman - Podman: A tool for managing OCI containers and pods.
community - Kubernetes community content
containerd - An open and reliable container runtime
kubefed - Kubernetes Cluster Federation
nerdctl - contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
swarmkit - A toolkit for orchestrating distributed systems at any scale. It includes primitives for node discovery, raft-based consensus, task scheduling and more.
docker-openwrt - OpenWrt running in Docker
virtual-kubelet - Virtual Kubelet is an open source Kubernetes kubelet implementation.
ofelia - A docker job scheduler (aka. crontab for docker)
cni - Container Network Interface - networking for Linux containers
k3d - Little helper to run CNCF's k3s in Docker