spec
gvisor
Our great sponsors
spec | gvisor | |
---|---|---|
48 | 64 | |
2,666 | 14,980 | |
8.7% | 2.7% | |
7.3 | 9.9 | |
11 days ago | 6 days ago | |
Go | ||
Creative Commons Attribution 4.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
spec
-
Show HN: Lapdev, a new open-source remote dev environment management software
Hi, Lapdev dev here. Let me try to answer your question.
It's installed on a remote server so it provides remote environments. If you use VSCode remote, then you can "open" it through VSCode remote ssh.
The environment that Lapdev provides essentially is a container (other format is on the roadmap) with things pre-installed as defined in Devcontainer(https://containers.dev/) format.
-
Show HN: Flox 1.0 – Open-source dev env as code with Nix
Happy to take this one, as I am one of the cofounder of Daytona.
Daytona solves all the automation and provisioning of the dev environment, actually wrote an article here laying out exactly what we do: https://www.daytona.io/dotfiles/diy-guide-to-transform-any-m...
Daytona currently supports only the dev container (https://containers.dev/) "dev env infrastructure as code" standard, but are looking to support others such as devfile, nix and flox.
Hope this helps
-
A Journey to Find an Ultimate Development Environment
The full usage of the container means that you'll do the development inside the container. All the tools for development need to be installed inside the container. One of the technologies that leverage this approach is Devcontainers.
- Use Docker to create a local development Python environment
-
Launching dev containers from code - is impossible?
... is how I introduced the concept of dev containers in my last article.
-
Dev Containers: Open, Develop, Repeat...
How it works? Dev Containers is a specification based on Docker. This specification describes a metadata file (devcontainer.json), which defines how the project (Docker container, IDE settings, plugins, etc) is set up.
-
Try MongoDB and Laravel in 1-click via GitHub Codespaces
Codespaces is built to run Dev Containers, an open standard for Development Containers. The Dev Container will reference a Docker build file, which describes the software and services our app is running on. It also defines things related to our development environment, including IDE plugins, network ports, and more.
-
Dev Container for React Native with Expo
// For format details, see https://aka.ms/devcontainer.json. For config options, see the // README at: https://github.com/devcontainers/templates/tree/main/src/typescript-node { "name": "Node.js & TypeScript", // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile "image": "mcr.microsoft.com/devcontainers/typescript-node:1-20-bullseye", // Features to add to the dev container. More info: https://containers.dev/features. // "features": {}, // Use 'forwardPorts' to make a list of ports inside the container available locally. "forwardPorts": [8081], "initializeCommand": "bash .devcontainer/initializeCommand.sh", // Use 'postCreateCommand' to run commands after the container is created. "postCreateCommand": "bash .devcontainer/postCreateCommand.sh", // Configure tool-specific properties. // "customizations": {}, // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. // "remoteUser": "root", // "containerEnv": { // }, // "remoteEnv": { // "DEV_USER_HOST": "${localEnv:USERNAME}" // }, "runArgs": ["-p=8081:8081", "--env-file", ".devcontainer/.env"] }
-
Microsoft Docker Development Container Templates
I do not know why someone shared this repo, there is nothing special about it other than containing some start templates. I would start here for understanding Dev Containers: https://containers.dev
If you have a scenario where using a container as your development environment makes sense, this is some tooling that can improve the developer experience vs just using plain Docker and Docker Compose.
I see it as being similar to the relationship between Vagrant and Virtual Machines.
You can use plain Dockerfiles if you prefer, dev containers provides some tooling to smooth out the rough edges of using Docker to host your dev environment including mounting your source code into the container etc. Details are at: https://containers.dev
gvisor
-
Maestro: A Linux-compatible kernel in Rust
Isn't gVisor kind of this as well?
"gVisor is an application kernel for containers. It limits the host kernel surface accessible to the application while still giving the application access to all the features it expects. Unlike most kernels, gVisor does not assume or require a fixed set of physical resources; instead, it leverages existing host kernel functionality and runs as a normal process. In other words, gVisor implements Linux by way of Linux."
- Google/Gvisor: Application Kernel for Containers
- How to Escape a Container
-
OS in Go? Why Not
There's two major production-ready Go-based operating system(-ish) projects:
- Google's gVisor[1] (a re-implementation of a significant subset of the Linux syscall ABI for isolation, also mentioned in the article)
- USBArmory's Tamago[2] (a single-threaded bare-metal Go runtime for SOCs)
Both of these are security-focused with a clear trade off: sacrifice some performance for memory safe and excellent readability (and auditability). I feel like that's the sweet spot for low-level Go - projects that need memory safety but would rather trade some performance for simplicity.
-
Tunwg: Expose your Go HTTP servers online with end to end TLS
It uses gVisor to create a TCP/IP stack in userspace, and starts a wireguard interface on it, which the HTTP server from http.Serve listens on. The library will print a URL after startup, where you can access your server. You can create multiple listeners in one binary.
-
How does go playground work?
The playground compiles the program with GOOS=linux, GOARCH=amd64 and runs the program with gVisor. Detailed documentation is available at the gVisor site.
- Searchable Linux Syscall Table for x86 and x86_64
-
Multi-tenancy in Kubernetes
You could use a container sandbox like gVisor, light virtual machines as containers (Kata containers, firecracker + containerd) or full virtual machines (virtlet as a CRI).
-
Firecracker internals: deep dive inside the technology powering AWS Lambda(2021)
An analogous project from Google with similar use cases is gvisor, which IIRC underlies Cloud Run: https://gvisor.dev/
-
Why did the Krustlet project die?
Yeah, runtimeClass lets you specify which CRI plugin you want based on what you have available. Here's an example from the containerd documentation - you could have one node that can run containers under standard runc, gvisor, kata containers, or WASM. Without runtimeClass, you'd need either some form of custom solution or four differently configured nodes to run those different runtimes. That's how krustlet did it - you'd have kubelet/containerd nodes and krustlet/wasm nodes, and could only run the appropriate workload on each node type.
What are some alternatives?
firecracker - Secure and fast microVMs for serverless computing.
podman - Podman: A tool for managing OCI containers and pods.
wsl-vpnkit - Provides network connectivity to WSL 2 when blocked by VPN
kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
containerd - An open and reliable container runtime
KubeArmor - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
WSL - Issues found on WSL
for-mac - Bug reports for Docker Desktop for Mac
podman-desktop - launch and setup vms for podman
unikernels - State of the art for unikernels
Podman Desktop - Podman Desktop - A graphical tool for developing on containers and Kubernetes