for-linux
Moby
for-linux | Moby | |
---|---|---|
34 | 213 | |
744 | 67,768 | |
0.0% | 0.3% | |
0.0 | 10.0 | |
over 1 year ago | 4 days ago | |
Go | ||
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
for-linux
-
Docker Private Registry using Harbor
Software Version Description Docker Engine Version 20.10.10-ce+ or higher For installation instructions, see https://docs.docker.com/engine/installation/ Docker Compose docker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin) For installation instructions, see https://docs.docker.com/compose/install/ OpenSSL Latest is preferred Used to generate certificate and keys for Harbor
-
IBM Cloud Code Engine (serverless) Application setup with a private registry — Step by Step Guide
Install the Docker CLI.
-
Serverless Horrors
Reading the GitHub issue about this is somewhat entertaining: https://github.com/docker/for-linux/issues/690
People are getting hacked a lot because of this, and docker doesn't seem to care all that much.
-
Signing container images: Comparing Sigstore, Notary, and Docker Content Trust
Docker: A tool for building, running, and managing Docker containers
-
Docker and iptable question
possibly useful: https://github.com/docker/for-linux/issues/690 (Docker bypasses ufw firewall rules)
-
What could go wrong with docker containers?
Sure - I work in an environment where I have to be on the VPN to access Snowflake. I also have to use Windows. The easiest dev environment for that is to install WSL2 and do the development in Ubuntu therein. However, the way that WSL2 manages Ubuntu is through some Windows host processes instead of the daemons that typically are used when you run Ubuntu. You can search around and find various reports about this - it manifests as "Cannot connect to the docker daemon." Here is one example from a quick search. On Windows, the way that you can easily get around that, if your org supports it, is to run Docker Desktop for Windows, which then manages that daemon process. That's all fine and good, but WSL has issues with routing traffic through VPNs for some reason. Again, here is a quick example of the type of things you'll find when you Google about this problem.
-
Network Adapter Restriction, Possible?
For a more universal configuration, setting the ip option in Docker's daemon.json file should tell Docker to only bind to that IP address. It does sound like there may be some bugs with this setting though, so your mileage may vary.
-
Still waiting for Ubuntu 22.04 LTS base image for ODROID M1
One workaround I've found is: https://github.com/docker/for-linux/issues/1437
-
MEM USAGE 0 - using sudo docker stats
Thank you. Your link is probably solution, it looks similar to the post I found before on github (and I was afraid to use it).
- Docker (on Windows) - Can no longer start a container
Moby
- An open framework to assemble specialized container systems
-
Release Radar • March 2024 Edition
Having been featured in our February 2023, and January 2024 Release Radars, Moby is the original Linux Container runtime. This new version adds a bunch of changes to the Docker CLI and Moby itself with additional features. There's bug fixes and enhancements, with the main thing for users to be on the look out for containers that were created using Docker Engine 25.0.0. These containers might have duplicate MAC addresses, and thus must be recreated. The same goes for those containers created with Moby 25.0+ and with user defined MAC addresses. Read up on all these changes in the release notes.
-
Choosing a Name for Your Computer
Formlabs does this as well for their 3d printers, my earliest encounter of this was when Docker started getting popular: https://github.com/moby/moby/blob/master/pkg/namesgenerator/...
- Docker Inc. refuses to patch HIGH vulnerabilities in Docker
-
Do not install Docker Desktop on GNU/Linux systems
Try to use moby instead since that is the engine in Docker.
https://github.com/moby/moby
-
Exploring Podman: A More Secure Docker Alternative
> Podman is designed to help with this by providing stronger default security settings compared to Docker. Features like rootless containers, user namespaces, and seccomp profiles, while available in Docker, aren't enabled by default and often require extra setup.
Seccomp has been enabled by default since 2015: https://github.com/moby/moby/pull/18780
It is true that Rootless isn't enabled by default but its "extra setup" can be done with a single command (`dockerd-rootless-setuptool.sh install`)
- Moby: Block io_uring_* syscalls in default profile
- Io_uring will be blocked by default on Docker
-
OpenZFS 2.2: Block Cloning, Linux Containers, BLAKE3
Perhaps.
Thing is, https://github.com/moby/moby/blob/670bc0a46c4ca03b75f1e72f73... is using https://github.com/mistifyio/go-zfs which features code like `out, err := zfsOutput("get", "-H", key, d.Name)` (Source: https://github.com/mistifyio/go-zfs/blob/master/zfs.go#L315) to get a single zfs property.
Somebody chose to use a library as abstraction that looks good but is implemented as a MVP (nothing wrong with that). "In the future, we hope to work directly with libzfs" should have raised an alarm somewhere, though.
What are some alternatives?
ufw-docker - To fix the Docker and UFW security flaw without disabling iptables
podman - Podman: A tool for managing OCI containers and pods.
async-profiler - Sampling CPU and HEAP profiler for Java featuring AsyncGetCallTrace + perf_events [Moved to: https://github.com/async-profiler/async-profiler]
containerd - An open and reliable container runtime
cli - Snyk CLI scans and monitors your projects for security vulnerabilities.
nerdctl - contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
ghost-chase-condition - Chasing a performance-eating ghost down the JVM rabbit hole
docker-openwrt - OpenWrt running in Docker
beekeeper-studio - Modern and easy to use SQL client for MySQL, Postgres, SQLite, SQL Server, and more. Linux, MacOS, and Windows.
ofelia - A docker job scheduler (aka. crontab for docker)
Netdata - The open-source observability platform everyone needs
k3d - Little helper to run CNCF's k3s in Docker