kuasar
containerd
kuasar | containerd | |
---|---|---|
5 | 140 | |
1,273 | 17,574 | |
1.3% | 1.2% | |
8.4 | 9.9 | |
about 1 month ago | 6 days ago | |
Rust | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kuasar
- My VM is lighter (and safer) than your container
-
The advantage of WASM compared with container runtimes
Right now most early examples alas boot a container with a wasm runtime for each wasm instance, which is a sad waste. The whole advantage of wasm should be very lightweight low overhead wasm runtime instances atop a common wasm process. Having a process or container for each instance loses a ton of the benefit, makes it not much better than a regular container.
Thankfully there is work like the Containerd Sandbox API which enables new architectures like this. https://github.com/containerd/containerd/issues/4131
It's still being used to spawn a wasm processes per instance for now, but container runtime project Kuasar is already using the Sandbox API to save significant resources, and has already chimed in in comments on HN to express a desire to have shared-process/multi-wasm-instamxe runtimes, which could indeed allow sub ms spawning that could enable instance per request architectures. https://github.com/kuasar-io/kuasar
- FLaNK Stack Weekly for 30 April 2023
- Kuasar - A Container Runtime in Rust
- Kuasar: An efficient multi-sandbox container runtime
containerd
-
Installing Kubernetes using Kubeadm utility
curl -LO https://github.com/containerd/containerd/releases/download/v2.0.0/containerd-2.0.0-linux-amd64.tar.gz sudo tar Cxzvf /usr/local containerd-2.0.0-linux-amd64.tar.gz
-
Async Rust is not safe with io_uring
Notably, io_uring syscall has been a significant source of vulnerabilities. Last year, Google security team decided to disable it in their products (ChromeOS, Android, GKE) and production servers [1].
Containerd maintainers soon followed Google recommendations and updated seccomp profile to disallow io_uring calls [2].
io_uring was called out specifically for exposing increased attack surface by kernel security team as well long before G report was released [3].
Seems like less of a rust issue and more of a bug(s) in io_uring? I suppose user space apps can provide bandaid fix but ultimately needs to be handled at kernel.
[1] https://security.googleblog.com/2023/06/learnings-from-kctf-...
[2] https://github.com/containerd/containerd/pull/9320
[3] https://lwn.net/Articles/902466/
-
You run containers, not dockers - Discussing Docker variants, components and versioning
So once we had a single binary, then "Docker, Inc" started separating the functionalities into multiple binaries on Linux. That was the beginning the of dependencies and components we have today, except that these dependencies are now not limited to Docker. containerd can also be the container runtime of Kubernetes.
-
🌐 Navigating the CNCF Landscape: A Roadmap for Open Source Contributions 🚀
OCI Runtimes: Containerd Overview
-
Kubernetes Cluster Architecture
Containerd
-
5 DevOps Hacktoberfest Projects to Contribute to!
Containers are everywhere, and containerd is one of the standards for container runtimes. It is a container runtime that is designed to be simple, secure, and efficient. It is used to run containers in a containerized environment, and it is the runtime for Docker!
-
7 Best Practices for Container Security
Container engine security focuses on the underlying runtime system that manages and executes containers, such as Docker, containerd, or CRI-O. These container engines are responsible for interfacing with the operating system kernel to provide the isolated environments that containers run within.
-
Kubernetes Simplified: A Comprehensive Introduction for Beginners
Container Runtime: The engine that actually runs the container (e.g., Docker or containerd).
-
5 Alternatives to Docker Desktop
Containerd is an open-source project originally created by Docker Inc. and is now a graduated project of the Cloud Native Computing Foundation (CNCF). It is a container runtime that's part of the Docker ecosystem, but it can also be used as a stand-alone. It's designed to handle the execution and lifecycle management of containers and provides a robust and reliable runtime that can be embedded into higher-level systems such as Docker, Kubernetes, and other container orchestration platforms.
-
Kubernetes vs Philippine Power Outages - On setting up k0s over Tailscale
Note: For production environments, ensure TLS certificates are correctly configured. Refer to containerd documentation for additional configuration details. Once configured, k0s will utilize these settings to pull private images from your registry as needed.
What are some alternatives?
pandas-ai - Chat with your database (SQL, CSV, pandas, polars, mongodb, noSQL, etc). PandasAI makes data analysis conversational using LLMs (GPT 3.5 / 4, Anthropic, VertexAI) and RAG.
podman - Podman: A tool for managing OCI containers and pods.
agorakube - Agorakube is a Certified Kubernetes Distribution built on top of CNCF ecosystem that provides an enterprise grade solution following best practices to manage a conformant Kubernetes cluster for on-premise and public cloud providers.
cri-o - Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
oxia - Oxia - Metadata store and coordination system
Moby - The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
HealthGPT - Query your Apple Health data with natural language 💬 🩺
podman-compose - a script to run docker-compose.yml using podman
keras-ocr - A packaged and flexible version of the CRAFT text detector and Keras CRNN recognition model.
colima - Container runtimes on macOS (and Linux) with minimal setup
kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.