Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free. Learn more →
Top 23 Go OCI Projects
-
-
Project mention: Latest versions of Docker cause memory leak in MySQL 5.7 | news.ycombinator.com | 2023-09-07
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
This sort of feels like seeing someone riding a bike and saying: why don’t they just get a car? The simple fact is that containers and VMs are quite different. Whether something uses VMX and friends or not is also a red herring, as gVisor also “rolls it own VMM” [1].
[1] https://github.com/google/gvisor/tree/master/pkg/sentry/plat...
-
Project mention: US Cybersecurity: The Urgent Need for Memory Safety in Software Products | news.ycombinator.com | 2023-09-21
It's interesting that, in light of things like this, you still see large software companies adding support for new components written in non-memory safe languages (e.g. C)
As an example Red Hat OpenShift added support for crun(https://github.com/containers/crun) this year(https://cloud.redhat.com/blog/whats-new-in-red-hat-openshift...), which is written in C as an alternative to runc, which is written in Go(https://github.com/opencontainers/runc)...
-
Project mention: Open source container scanning tool to find vulnerabilities and suggest best practice improvements? | /r/selfhosted | 2023-04-15
https://github.com/quay/clair 9.4k stars, updated 17 hours ago
-
To transfer the image between your local machine and the server, you'll need a registry such as Docker Hub or GitHub Container Registry. (Technically you can compress images and distribute them as files but it's more of a headache than it's worth) There are plenty of registries that will allow you to host private images if that's a concern for you, but it will be harder to find a free/cheap solution. You can also host your own registry using the Distribution Project. But be warned that while hosting a basic registry is really easy, locking it down can be a pain because of the lack of well maintained and easy to use projects.
-
Now since Kubernetes works off of containerd I'll be taking a different approach on handling container builds by using nerdctl and the buildkit that comes bundled with it. I'll do this on the amd64 control plane node since it's beefier than my Raspberry Pi workers for handling builds and build related services. Go ahead and download and unpack the latest nerdctl release as of writing (make sure to check the release page in case there's a new one):
-
Mergify
Updating dependencies is time-consuming.. Solutions like Dependabot or Renovate update but don't merge dependencies. You need to do it manually while it could be fully automated! Add a Merge Queue to your workflow and stop caring about PR management & merging. Try Mergify for free.
-
I appreciate that podman can run daemonless, but I've gotten tired of waiting for them to implement heredoc support and have continued to use docker.
-
In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.
-
Container Runtime Interface (CRI) is one of the important parts of the Kubernetes cluster. It is a plugin interface allowing kubelet to use different container runtimes. And recently CRI-O container runtime has been announced as a CNCF Graduated project. I thought of writing a blog on CRI-O and how to set up a single-node Kubernetes cluster with Kubeadm and CRI-O.
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.
-
-
-
Otras iniciativas empezaron a surgir debido a la alta popularidad de los containers y debido a esto, en 2015 se crea OCI(Open Container Initiative) para definir un estandar para containers(runtimes e imagenes).
-
firecracker-containerd
firecracker-containerd enables containerd to manage containers as Firecracker microVMs
My team is working on multi-cloud AWS Bottlerocket remix (Azure, GCP) with opt-in support for [firecracker-containerd](https://github.com/firecracker-microvm/firecracker-containerd) for our in-house CNCF distro, investigating microkernels applicability (tldr; they are not production-ready). We test kubernetes compat and migration plans for over 40+ cherry-picked solutions, and facing numerous compat issues for every k8s update. We do have support for Container Managed Control Planes described above, as well.
-
Interesting, I'd not known of this RFC before.
Another example of a content-addressed data store could be OCI registries (more commonly known as container image registries). Using them to store arbitrary artefacts is quite well supported now: https://oras.land/
-
We have built something very similar to what you are describing: https://github.com/chainguard-dev/apko
-
-
There is a tool written for this exact scenario! (disclaimer: I am a maintainer) https://github.com/defenseunicorns/zarf . Zarf can create packages out of all of your images, Helm charts, manifests... and deploy that package w/ zero dependencies on the other side (you can even use k3s built into the default init package if you don't have a cluster). The docs do it more justice https://docs.zarf.dev/docs/zarf-overview .
-
It was time to work on the infrastructure, we already made some decisions and assumed pros and cons. I already have worked with Google Cloud and I especially love how they use Kubernetes, so I wanted to learn how I can use it in Oracle Cloud (via Terraform if possible). I use k8s and Terraform at my home lab, so it should be easy to set up the infrastructure for this project, and it was thanks to the OCI Terraform provider.
-
CRI-O is a lightweight container runtime for Kubernetes. It is an implementation of Kubernetes CRI to use Open Container Initiative (OCI) compatible runtimes for running pods. It supports runc and Kata Containers as the container runtimes, but any OCI-compatible runtime can be integrated.
-
-
a couple projects underway for containers, still wip but promising.
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
Go OCI related posts
- Latest versions of Docker cause memory leak in MySQL 5.7
- Kubernetes Setup With WSL Control Plane and Raspberry Pi Workers
- Docker Is Four Things
- HelloSystem: A graphical OS built on FreeBSD
- RFC 6920: Naming Things with Hashes
- Apko: APK-based OCI image builder
- Creating Kubernetes Cluster With CRI-O
-
A note from our sponsor - SonarQube
www.sonarqube.org | 24 Sep 2023
Index
What are some of the best open-source OCI projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | podman | 19,081 |
2 | containerd | 14,852 |
3 | gvisor | 14,171 |
4 | runc | 10,755 |
5 | clair | 9,712 |
6 | distribution | 7,831 |
7 | buildkit | 7,067 |
8 | buildah | 6,528 |
9 | grype | 6,507 |
10 | cri-o | 4,751 |
11 | syft | 4,676 |
12 | pouch | 4,604 |
13 | image-spec | 2,950 |
14 | runtime-spec | 2,914 |
15 | firecracker-containerd | 1,914 |
16 | oras | 1,065 |
17 | apko | 838 |
18 | runq | 755 |
19 | zarf | 708 |
20 | terraform-provider-oci | 678 |
21 | distribution-spec | 641 |
22 | umoci | 628 |
23 | runj | 553 |