crun
rules_docker
Our great sponsors
crun | rules_docker | |
---|---|---|
30 | 8 | |
2,787 | 1,058 | |
3.5% | - | |
9.3 | 0.0 | |
3 days ago | 7 months ago | |
C | Starlark | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
crun
-
Show HN: dockerc – Docker image to static executable "compiler"
Yep pretty much.
The executables bundle crun (a container runtime)[0], and a fuse implementation of squashfs and overlayfs. Appended to that is a squashfs of the image.
At runtime the squashfs and overlayfs are mounted and the container is started.
[0]: https://github.com/containers/crun
-
Howto: WASM runtimes in Docker / Colima
cpu: 4 disk: 60 memory: 12 arch: host hostname: colima autoActivate: true forwardAgent: false # I only tested this with 'docker', not 'containerd': runtime: docker kubernetes: enabled: false version: v1.24.3+k3s1 k3sArgs: [] network: address: true dns: [] dnsHosts: host.docker.internal: host.lima.internal # Added: # - containerd-snapshotter: true (meaning containerd will be used for pulling images) # - default-runtime / runtimes: crun (instead of the default 'runc') docker: default-runtime: crun features: buildkit: true containerd-snapshotter: true runtimes: crun: path: /usr/local/bin/crun vmType: vz rosetta: true mountType: virtiofs mountInotify: false cpuType: host # This provisioning script installs WasmEdge and builds crun with wasmedge support: provision: - mode: system script: | [ -f /etc/docker/daemon.json ] && echo "Already provisioned!" && exit 0 echo "Install system updates:" apt-get update -y apt-get upgrade -y echo "Install WasmEdge and crun dependencies:" # NOTE: packages curl git python3 already installed: apt-get install -y make gcc build-essential pkgconf libtool libsystemd-dev libprotobuf-c-dev libcap-dev libseccomp-dev libyajl-dev libgcrypt20-dev go-md2man autoconf automake criu apt-get clean -y - mode: user script: | [ -f /etc/docker/daemon.json ] && echo "Already provisioned!" && exit 0 echo "Installing WasmEdge:" curl -sSf https://raw.githubusercontent.com/WasmEdge/WasmEdge/master/utils/install.sh | sudo bash -s -- -p /usr/local echo echo "`wasmedge -v` installed!" # NOTE: I failed to Configure Wasmtime properly - turned off for now: #echo "Installing Wasmtime:" #curl -sSf https://wasmtime.dev/install.sh | bash #sudo cp .wasmtime/bin/* /usr/local/bin/ #rm -rf .wasmtime #echo "`wasmtime -V` installed!" echo "Install crun:" git clone https://github.com/containers/crun cd crun ./autogen.sh #./configure --with-wasmedge --with-wasmtime ./configure --with-wasmedge make sudo make install crun -v echo "crun installed! Replacing runc with crun:" # NOTE: replacing runc with runc is to simplify containerd config TRC=`which runc` sudo rm -rf $TRC sudo cp `which crun` $TRC echo "Configuring containerd:" sudo mkdir -p /etc/containerd/ containerd config default | sudo tee /etc/containerd/config.toml >/dev/null echo "Restarting/reloading docker/containerd services:" sudo systemctl daemon-reload sudo systemctl restart containerd # As soon as Colima writes its /etc/docker/daemon.json file (right after this provisioning script), # it will also start the Docker daemon. If we stop Docker here, the changes will actually take effect: sudo systemctl stop docker sshConfig: true mounts: [] env: {}
-
Google assigns a CVE for libwebp and gives it a 10.0 score
On this note, I was really surprised to find Red Hat's OCI runtime is written in C: https://github.com/containers/crun
Is anyone working on a Rust version?
-
US Cybersecurity: The Urgent Need for Memory Safety in Software Products
It's interesting that, in light of things like this, you still see large software companies adding support for new components written in non-memory safe languages (e.g. C)
As an example Red Hat OpenShift added support for crun(https://github.com/containers/crun) this year(https://cloud.redhat.com/blog/whats-new-in-red-hat-openshift...), which is written in C as an alternative to runc, which is written in Go(https://github.com/opencontainers/runc)...
- Barco: Linux Containers from Scratch in C
-
Crun: Fast and lightweight OCI runtime and C library for running containers
Kubernetes needs an OCI runtime to run containers with. Crun is one implementation it can use.
Docker also appears to be able to use crun for it's engine as well. https://github.com/containers/crun/issues/37
-
Best virtualization solution with Ubuntu 22.04
crun
- Why did the Krustlet project die?
-
Is this an incompatibility with docker or an I doing something else wrong?
Looks like https://github.com/containers/crun/issues/255 - start there.
rules_docker
- Ko: Easy Go Containers
-
Crafting container images without Dockerfiles
My company uses Bazel's rules docker to build our images: https://github.com/bazelbuild/rules_docker
They're pretty great and have a lot of the caching and parallelism benefits mentioned in the post for free out of the box, along with determinism (which Docker files don't have because you can run arbitrary shell commands). Our backend stack is also built with Bazel so we get a nice tight integration to build our images that is pretty straightforward.
We've also built some nice tooling around this to automatically put our maven dependencies into different layers using Bazel query and buildozer. Since maven deps don't change often we get a lot of nice caching advantages.
-
Does google use rules_docker internally?
I've seen rules_docker is looking for maintainers here ; Does this mean it doesn't use it that much internally? If so, how do they go about using other services e.g docker-compose for running external services e.g database?
-
Speed boost achievement unlocked on Docker Desktop 4.6 for Mac
Did you mean this one? https://github.com/bazelbuild/rules_docker
I was very interested in this Bazel-based way of building containers but its README page says "it is on minimal life support," which does not inspire confidence. How's your experience using it?
-
Build images within another Docker container
As others have said docker in docker or a separate build server are your best options using docker. You can also use Bazel (which doesn't require the docker daemon) to build docker images which will build deterministic images every time due to not incorporating the timestamp: https://github.com/bazelbuild/rules_docker
-
Evolution of code deployment tools at Mixpanel
There's some BazelCon talks about people doing similar stuff but not actually open sourcing their code.
P.S. if you use rules_docker please feel free to open a PR to add your company to our README: https://github.com/bazelbuild/rules_docker/#adopters
-
Is Docker Dead in the Water?
The docker utility isn't the only way to build and run containers. There's also cri-o, podman, and crun among others for running containers. For building there is podman again, Jib for Java applications, and bazel plus many others. The docker approach of using a client to connect to a daemon required to run as root has turned out to be slow and insecure.
-
Buildpacks vs. Dockerfiles
During the last 3 years I've had the pleasure of using Bazel's rules_docker to generate all my container images (https://github.com/bazelbuild/rules_docker).
In a nutshell, rules_docker is a set of build rules for the Bazel build system (https://bazel.build). What's pretty nice about these rules is that they don't rely on a Docker daemon. They are rules that directly construct image tarballs that you can either load into your local Docker daemon or push to a registry.
What's nice about this approach is that image generation works on any operating system. For example, even on a Mac or Windows system that doesn't have Docker installed, you're able to build Linux containers. They are also fully reproducible, meaning that you often don't need to upload layers when pushing (either because they haven't changed, or because some colleague/CI job already pushed those layers).
I guess rules_docker works fine for a variety of programming languages. I've mainly used it with Go, though.
What are some alternatives?
runc - CLI tool for spawning and running containers according to the OCI specification
buildah - A tool that facilitates building OCI images.
youki - A container runtime written in Rust
kaniko - Build Container Images In Kubernetes
cri-o - Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
rules_gitops - This repository contains rules for continuous, GitOps driven Kubernetes deployments.
podman - Podman: A tool for managing OCI containers and pods.
jib - 🏗 Build container images for your Java applications.
wasm-micro-runtime - WebAssembly Micro Runtime (WAMR)
runtime-tools - OCI Runtime Tools
mixpanel-python - Official Mixpanel Python library.