LXC
watchtower
LXC | watchtower | |
---|---|---|
7 | 215 | |
4,449 | 16,965 | |
0.9% | 2.1% | |
9.2 | 8.2 | |
5 days ago | 15 days ago | |
C | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
LXC
-
LXD Moves into Canonical
I hope this doesn't affect LXC negatively.
LXC and LXD share plenty of contributors.
https://github.com/lxc/lxc/graphs/contributors
https://github.com/canonical/lxd/graphs/contributors
I use an "unprivileged LXC container" setup on several Debian bullseye hosts. It works fantastic, and each LXC container feels like a real server.
Compare that to Docker's "one-container-one-process" philosophy, reinventing the wheel by awkwardly composing multiple containers.
-
Support for Android apps
There is an issue with lxc as stated here: https://github.com/lxc/lxc/issues/4283 and https://github.com/Vanilla-OS/apx/issues/118
-
LXC & AD
I'm currently attempting to enroll my Ubuntu (20.04) (Unprivileged) LXC hosts to my windows AD server but am having difficulty. I'm using SSSD and KRB5 to manage the user directory and authentication. Once joining the domain with realmd, all seems ok, I can use the id command, etc to lookup users and groups and the host appears in Windows Users and Computers. The issue I'm having is with authentication, I believe it to be related to this issue however I don't entirely understand the solution and can't seem to find much else on the matter (Note the method I'm using works fine on full VMs). Would anybody please be able to provide more clarity in layman's terms?
-
LXC and LXD: a different container story
I don't recall having to do any uid/gid fixup last time I made an unprivileged container. I did have to prepare the unprivileged host user, of course, by reserving a range of subordinate uids/gids (/etc/sub?id) and configuring a virtual network interface limit (/etc/lxc/lxc-usernet).
To create the container, I did this:
lxc-create -t download -n -- -d debian -r bullseye -a amd64
Note that this runs the 'download' template, which (IIRC) is better suited to unprivileged containers than the 'debian' template is. The 'download' template will list its available distros if you do this:
lxc-create -t download -n -- --list
Note that some versions of lxc-create may fail with a keyserver error because sks-keyservers.net died somewhat recently. Workaround: DOWNLOAD_KEYSERVER=hkp://keyserver.ubuntu.com lxc-create
https://github.com/lxc/lxc/issues/3894
-
Lxc container still gives Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted after following graysky's edit of wiki
Found this issue and edited the config file of the lxc container:
-
How to - Create LXC containers FROM Docker and OCI images
and on this thread... an different approach is described
-
Finally joining the club
https://github.com/lxc/lxc/issues/1629#issuecomment-311379508
watchtower
-
My deployment platform is a shell script
Related: https://github.com/containrrr/watchtower
- PSA - Run "docker image prune" once in a while.
-
Roundcube Open-Source Webmail Software Merges with Nextcloud
> if you're using the docker image, upgrades are a breeze. Just bump the tag on the image, redeploy, and you're done.
Or you could just run Watchtower beside it and it will automatically update your docker containers. https://github.com/containrrr/watchtower If you are OK with automated updates.
-
The Curse of Docker
So i primarily use containers on my local machine walled off from the internet, so it's not a big concern for me. Watchtower [1] is popular among home server users too which automatically updates containers to the latest image.
For production uses I think companies generally build their own containers. They would have a common base linux container and build the other containers based off that with a typical CI/CD pipeline. So if glibc is patched, it's probably patched in the base container and the others are then rebuilt. You don't have to patch each container individually, just the base. Production also minimizes the scope of containers with nothing installed except what's necessary so they have few dependencies.
[1] https://github.com/containrrr/watchtower
-
Ask HN: If you were to build a web app today what tech stack would you choose?
You can use Watchtower (https://containrrr.dev/watchtower/) that solves problem of manual pulling on VPS.
-
Running watchtower weekly or whenever new image is available
I checked https://containrrr.dev/watchtower/ and Arguments, but I don't understand where to attach that using portainer.
-
Long Term Ownership of an Event-Driven System
Again, there are options to automate some of the burden here by using tools such as Watchtower.
-
Updating Docker Apps automagically with Watchtower✨🐳
Have you ever deployed a Docker app on a server, but everytime you push a new version of your image to a Docker registry you need to manually restart your app? If you want to automate this restarting, this blog post is for you! I am now going to show you how you can do this with literally 1 simple command using Watchtower!
- Plex Docker Saved me
- Watchtower updates
What are some alternatives?
Portainer - Making Docker and Kubernetes management easy.
ouroboros - Automatically update running docker containers with newest available image
Docker Compose - Define and run multi-container applications with Docker
Diun - Receive notifications when an image is updated on a Docker registry
Docker - Notary is a project that allows anyone to have trust over arbitrary collections of data
Docker Swarm - Source repo for Docker's Documentation
docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
Dokku - A docker-powered PaaS that helps you build and manage the lifecycle of applications
whats-up-docker - What's up Docker ( aka WUD ) gets you notified when a new version of your Docker Container is available.
Harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
shepherd - Docker swarm service for automatically updating your services whenever their image is refreshed