k-andy
rootlesskit
k-andy | rootlesskit | |
---|---|---|
4 | 8 | |
142 | 1,032 | |
- | 2.7% | |
0.0 | 8.4 | |
over 2 years ago | 2 days ago | |
HCL | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
k-andy
- Hetzner now provides IPv6 only dedicated servers
-
Create production grade Kubernetes clusters in Hetzner Cloud in a couple of minutes or less
Great! We also spend much time in https://github.com/StarpTech/k-Andy it's a terraform module to create a HA cluster on Hetzner Cloud.
- Where to 'play' with k8, free or cheap?
rootlesskit
-
Bocker: Docker implemented in around 100 lines of Bash (2015)
Yes, from the README:
> Bocker runs as root and among other things needs to make changes to your network interfaces, routing table, and firewall rules. I can make no guarantees that it won't trash your system.
Linux makes it quite hard to run "containers" as an unprivileged user. Not impossible! https://github.com/rootless-containers/rootlesskit is one approach and demonstrates much of the difficulty involved. Networking is perhaps the most problematic. Your choices are either setuid binaries (so basically less-root as opposed to root-less anymore) or usermode networking. slirp4netns is the state of the art here as far as I know, but not without security and performance tradeoffs.
-
Is it possible to connect to a host port from a rootless Docker container?
The official docs list some known limitations of rootless Docker, and says that "Host network (docker run --net=host) is also namespaced inside RootlessKit." I don't understand how RootlessKit works, but I am wondering if this means that rootless Docker containers are unable to connect to ports on the host? I also checked the RootlessKit docs but I'm out of my depth there: (https://github.com/rootless-containers/rootlesskit/blob/master/docs/network.md).
- Rootless or rootful for home NAS?
-
Hetzner now provides IPv6 only dedicated servers
Fair Warning: If your app needs to be able to see the user's IP (for throttling, banning, etc.)
Rootless Docker doesn't properly support IPv6 yet with the ability to see the end-users source IP.
* https://github.com/rootless-containers/rootlesskit/issues/25...
-
How to improve your Docker containers security – [cheat sheet]
There may be some overhead with networking if your application uses a very large amount of bandwidth. See:
https://github.com/rootless-containers/rootlesskit/tree/v0.1...
Otherwise for general dockerized applications, you won't notice any difference.
You may find some quirks, but these can all be worked around easily as described on the rootless docker page.
We run it in production with no issues so far.
- Request for Fedora CEO to add these packages
-
Fedora 34 and docker rootless insanity. Warning: rant-y
Now with Fedora 34 I'm having issues from rootlesskit not being packaged. Got the binaries from https://github.com/rootless-containers/rootlesskit/#setup since that go get command never works. I have installed over 50 packages using go get but rootlesskit ALWAYS fails to compile because of some dependency like google/uuid and different Go versions.
- Fedora 34 doesn't have rootlesskit for Docker/Moby?
What are some alternatives?
hetzner-k3s - The easiest and fastest way to create and manage Kubernetes clusters in Hetzner Cloud using the lightweight distribution k3s by Rancher.
slirp4netns - User-mode networking for unprivileged network namespaces