|4 months ago||8 days ago|
|-||Apache License 2.0|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Help dockerizing a rocket server with a small image.
4 projects | reddit.com/r/rust | 29 Oct 2022
Google provides distroless docker images that only contains little basic components (no c runtime, no openssl, no OS itself) so they're very tiny. You can check https://github.com/GoogleContainerTools/distroless/tree/main/base for these images.
How to create small Docker images for Rust
5 projects | dev.to | 5 Oct 2022
We can also use the distroless family of images maintained by Google that use packages from debian, but remove all the useless packages in order to create minimal images. Thus, we no longer need to use the MUSL libc.
Implement DevSecOps to Secure your CI/CD pipeline
54 projects | dev.to | 27 Sep 2022
Using distroless images not only reduces the size of the container image it also reduces the surface attack. The need for container image signing is because even with the distroless images there is a chance of facing some security threats such as receiving a malicious image. We can use cosign or skopeo for container signing and verifying. You can read more about securing containers with Cosign and Distroless Images in this blog.
Devbox 0.0.4 is released!
2 projects | dev.to | 8 Sep 2022
In addition to Go language detection, we now also auto-detect Poetry applications written in Python, and install the proper tools. The container image is based on a distroless image, making the resulting image small.
A handy template if you're starting a new project from scratch.
2 projects | reddit.com/r/golang | 10 Aug 2022
Also using scratch does have some caveats (no ca-certificates, no tzdata). I would generally prefer distroless.
Minify your container by up to 30x to be more secure (free and open source)
6 projects | news.ycombinator.com | 3 Aug 2022
distroless static (the smallest one, https://github.com/GoogleContainerTools/distroless/tree/main...)
is about 4 MB.
It contains things like:
/usr/share/zoneinfo/6 projects | news.ycombinator.com | 3 Aug 2022
Scratch is blank. Distroless includes some Debian components that removes a bunch of "gotchas" that some people relying on scratch run into.
- A /etc/passwd entry for a root user
- A /tmp directory
Package your FastAPI application with “Distroless” Docker Images
3 projects | dev.to | 19 Jul 2022
Distroless Docker Images is a project proposed by Google in order to help building slimmer containers. The project description states it’s "Language focused docker images, minus the operating system". Sounds interesting, right?
I deleted 78% of my Redis container and it still works
14 projects | news.ycombinator.com | 16 Jul 2022
See: Distroless images
This is one of the huge benefits of recent systems languages like go and rust -- they compile to single binaries so you can use things like scatch containers. You may have to fiddle with gnu libc/musl libc (usually when getaddrinfo is involved/dns etc), but once you're done with it, packaging is so easy.
Even languages like Node (IMO the most progressive of the scripting languages) have packages like vercel/pkg which produce native binaries.
BTW if you're considering running redis these days... Check out KeyDB, it's impressive. There are a lot of redis alternatives with interesting features these days that I wonder if running vanilla redis is even a good idea anymore (outside of ensuring complete feature-set compatibility).
Minikube now supports rootless podman driver for running Kubernetes
11 projects | news.ycombinator.com | 22 Jun 2022
Unikernel is what you're interested in, but it's not as easy as taking some Linux-based server software and spitting out a bootable image for bare metal. If you strip the kernel and OS out you lose the network stack and all kinds of system services that most software depends on directly.
I think Google's distroless container images are worth checking out as a quasi-alternative: https://github.com/GoogleContainerTools/distroless You use them as a base for a docker image and copy in your server code. These images are tailor made to strip out _everything_ that's not necessary to run the software--there's no shell for example. So you're still running a Linux kernel, libc, etc. but there's nothing there for an attacker to use other than your app code.
What are some alternatives?
iron-alpine - Hardened alpine linux baseimage for Docker.
spring-boot-jib - This project is about Containerizing a Spring Boot Application With Jib
jib - 🏗 Build container images for your Java applications.
dockerfiles - Various Dockerfiles I use on the desktop and on servers.
whalebrew - Homebrew, but with Docker images
example-bazel-monorepo - 🌿💚 Example Bazel-ified monorepo, supporting Golang, Java, Python, Scala, and Typescript
podman - Podman: A tool for managing OCI containers and pods.
fpm - Effing package management! Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity.
Sandboxie - Sandboxie Plus & Classic
docker-alpine - Official Alpine Linux Docker image. Win at minimalism!
docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
dive - A tool for exploring each layer in a docker image