Docker
LXC
Our great sponsors
Docker | LXC | |
---|---|---|
4 | 7 | |
3,176 | 4,436 | |
0.8% | 1.3% | |
2.5 | 9.2 | |
10 days ago | 18 days ago | |
Go | C | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Docker
-
Dagger: a new way to build CI/CD pipelines
I'm not touching anything Docker anymore.
Here's the scenario: you're the unfortunate soul who received the first M1 as a new employee, and nothing Docker-related works. Cue multi-arch builds; what a rotten mess. I spent more than a week figuring out the careful orchestration that any build involving `docker manifest` needs. If you aren't within the very fine line that buildx assumes, good luck pal. How long has `docker manifest` been "experimental?" It's abandonware.
Then I decided it would be smart to point out that we don't sign our images, and so I had to figure out how to combine the `docker manifest` mess with `docker trust`, another piece of abandonware. Eventually I figured out that the way to do it was with notary[1], another (poorly documented) piece of abandonware. The new shiny thing is notation[2], which does exactly the same thing, but is nowhere near complete.
At least Google clearly signals that they are killing something, Docker just lets projects go quiet.
How long before this project lands up like the rest of them? Coincidentally, we were talking about decoupling our CI from proprietary CI, seeing this was a rollercoaster of emotions.
[1]: https://github.com/notaryproject/notary
- Notary
- Notary is a project that allows anyone to have trust over arbitrary collections of data
LXC
-
LXD Moves into Canonical
I hope this doesn't affect LXC negatively.
LXC and LXD share plenty of contributors.
https://github.com/lxc/lxc/graphs/contributors
https://github.com/canonical/lxd/graphs/contributors
I use an "unprivileged LXC container" setup on several Debian bullseye hosts. It works fantastic, and each LXC container feels like a real server.
Compare that to Docker's "one-container-one-process" philosophy, reinventing the wheel by awkwardly composing multiple containers.
-
Support for Android apps
There is an issue with lxc as stated here: https://github.com/lxc/lxc/issues/4283 and https://github.com/Vanilla-OS/apx/issues/118
-
LXC & AD
I'm currently attempting to enroll my Ubuntu (20.04) (Unprivileged) LXC hosts to my windows AD server but am having difficulty. I'm using SSSD and KRB5 to manage the user directory and authentication. Once joining the domain with realmd, all seems ok, I can use the id command, etc to lookup users and groups and the host appears in Windows Users and Computers. The issue I'm having is with authentication, I believe it to be related to this issue however I don't entirely understand the solution and can't seem to find much else on the matter (Note the method I'm using works fine on full VMs). Would anybody please be able to provide more clarity in layman's terms?
-
LXC and LXD: a different container story
I don't recall having to do any uid/gid fixup last time I made an unprivileged container. I did have to prepare the unprivileged host user, of course, by reserving a range of subordinate uids/gids (/etc/sub?id) and configuring a virtual network interface limit (/etc/lxc/lxc-usernet).
To create the container, I did this:
lxc-create -t download -n -- -d debian -r bullseye -a amd64
Note that this runs the 'download' template, which (IIRC) is better suited to unprivileged containers than the 'debian' template is. The 'download' template will list its available distros if you do this:
lxc-create -t download -n -- --list
Note that some versions of lxc-create may fail with a keyserver error because sks-keyservers.net died somewhat recently. Workaround: DOWNLOAD_KEYSERVER=hkp://keyserver.ubuntu.com lxc-create
https://github.com/lxc/lxc/issues/3894
-
Lxc container still gives Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted after following graysky's edit of wiki
Found this issue and edited the config file of the lxc container:
-
How to - Create LXC containers FROM Docker and OCI images
and on this thread... an different approach is described
-
Finally joining the club
https://github.com/lxc/lxc/issues/1629#issuecomment-311379508
What are some alternatives?
Postman - CLI tool for batch-sending email via any SMTP server.
Portainer - Making Docker and Kubernetes management easy.
snap - The open telemetry framework
Docker Compose - Define and run multi-container applications with Docker
Juju - Orchestration engine that enables the deployment, integration and lifecycle management of applications at any scale, on any infrastructure (Kubernetes or otherwise).
Docker Swarm - Source repo for Docker's Documentation
Seaweed File System - SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files! Blob store has O(1) disk seek, cloud tiering. Filer supports Cloud Drive, cross-DC active-active replication, Kubernetes, POSIX FUSE mount, S3 API, S3 Gateway, Hadoop, WebDAV, encryption, Erasure Coding. [Moved to: https://github.com/seaweedfs/seaweedfs]
Dokku - A docker-powered PaaS that helps you build and manage the lifecycle of applications
Harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
Documize - Modern Confluence alternative designed for internal & external docs, built with Go + EmberJS
Habitus - A build flow tool for Docker.