runq
runtime
runq | runtime | |
---|---|---|
2 | 4 | |
792 | 2,095 | |
1.4% | - | |
5.4 | 8.3 | |
16 days ago | almost 3 years ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
runq
-
App isolation is considered good for security. Is Docker good for that purpose?
A small note, kata dropped docker support, you need a different platform now, like kubernetes. The only practical alternative for docker I found is https://github.com/gotoz/runq .
- RunQ: Run regular Docker images in QEMU / KVM
runtime
-
AER: Error of this Agent is Reported First
Let me give you an example. [Here's one of the best questions I've ever asked on the internet.]https://github.com/kata-containers/runtime/issues/2795) I've seen many better questions asked, but this is the best I've been able to manage. I provided a decent description of the problem, a test-case that allowed other people to reproduce it as well (not relevant in your case), what I tried that didn't work, and the exact log messages and system information that indicated the problem. I then followed up with the people who were helping me and the problem was resolved.
-
Set *minimum* CPU allocation for a service
in parts of prod we use a combination of cgroups (mentioned in the thread already), taskset https://man7.org/linux/man-pages/man1/taskset.1.html, and in other cases (HPC workloads on large clusters) Kata Containers to isolate and optimize application resources: https://katacontainers.io/
-
Docker for Mac M1 RC
It might use a hypervisor though, as the pendulum swings back
https://katacontainers.io/
-
Building a secure/sandboxed environment for executing untrusted code
Kata Containers
What are some alternatives?
flintlock - Lock, Stock, and Two Smoking MicroVMs. Create and manage the lifecycle of MicroVMs backed by containerd.
wsl-vpnkit - Provides network connectivity to WSL 2 when blocked by VPN
clair - Vulnerability Static Analysis for Containers
amicontained - Container introspection tool. Find out what container runtime is being used as well as features available.
kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
for-mac - Bug reports for Docker Desktop for Mac
gvisor - Application Kernel for Containers
singularity - Singularity has been renamed to Apptainer as part of us moving the project to the Linux Foundation. This repo has been persisted as a snapshot right before the changes.
ignite - Ignite a Firecracker microVM
kubernetes-goat - Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
microshift - A small form factor OpenShift/Kubernetes optimized for edge computing
kubescape - Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.