Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge. Learn more →
Gvisor Alternatives
Similar projects and alternatives to gvisor
-
-
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
-
-
-
kata-containers
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
-
sysbox
An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
-
Onboard AI
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
-
KubeArmor
Cloud-native Runtime Security Enforcement System. Workload hardening and implementing least-permissive policies made easy.
-
-
garden
Automation for Kubernetes development and testing. Spin up production-like environments for development, testing, and CI on demand. Use the same configuration and workflows at every step of the process. Speed up your builds and test runs via shared result caching
-
-
-
-
-
-
-
TinyGo
Go compiler for small places. Microcontrollers, WebAssembly (WASM/WASI), and command-line tools. Based on LLVM.
-
Clippy
A bunch of lints to catch common mistakes and improve your Rust code. Book: https://doc.rust-lang.org/clippy/
-
-
SSVM
WasmEdge is a lightweight, high-performance, and extensible WebAssembly runtime for cloud native, edge, and decentralized applications. It powers serverless apps, embedded functions, microservices, smart contracts, and IoT devices.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
gvisor reviews and mentions
-
OS in Go? Why Not
There's two major production-ready Go-based operating system(-ish) projects:
- Google's gVisor[1] (a re-implementation of a significant subset of the Linux syscall ABI for isolation, also mentioned in the article)
- USBArmory's Tamago[2] (a single-threaded bare-metal Go runtime for SOCs)
Both of these are security-focused with a clear trade off: sacrifice some performance for memory safe and excellent readability (and auditability). I feel like that's the sweet spot for low-level Go - projects that need memory safety but would rather trade some performance for simplicity.
-
Tunwg: Expose your Go HTTP servers online with end to end TLS
It uses gVisor to create a TCP/IP stack in userspace, and starts a wireguard interface on it, which the HTTP server from http.Serve listens on. The library will print a URL after startup, where you can access your server. You can create multiple listeners in one binary.
-
How does go playground work?
The playground compiles the program with GOOS=linux, GOARCH=amd64 and runs the program with gVisor. Detailed documentation is available at the gVisor site.
- Searchable Linux Syscall Table for x86 and x86_64
-
Multi-tenancy in Kubernetes
You could use a container sandbox like gVisor, light virtual machines as containers (Kata containers, firecracker + containerd) or full virtual machines (virtlet as a CRI).
-
Firecracker internals: deep dive inside the technology powering AWS Lambda(2021)
An analogous project from Google with similar use cases is gvisor, which IIRC underlies Cloud Run: https://gvisor.dev/
-
Why did the Krustlet project die?
Yeah, runtimeClass lets you specify which CRI plugin you want based on what you have available. Here's an example from the containerd documentation - you could have one node that can run containers under standard runc, gvisor, kata containers, or WASM. Without runtimeClass, you'd need either some form of custom solution or four differently configured nodes to run those different runtimes. That's how krustlet did it - you'd have kubelet/containerd nodes and krustlet/wasm nodes, and could only run the appropriate workload on each node type.
-
Do I need kata containers?
It all depends on your use-case and expectations. You should definitely check out gvisor. It creates a userpace isolated kernels for every container, thus making it sandboxed. The workloads then still run inside a container, not a stripped down OCI compatible VM as in kata.
-
I'm releasing cargo-sandbox
The Linux kernel has a huge attack surface, and privilege escalation vulnerabilities abound. This is why https://gvisor.dev/ exists - it's a memory-safe proxy for Linux syscalls. This is also why Chrome OS runs its Linux environment in a custom hypervisor written in Rust instead of containers.
-
Userspace isn't slow, some kernel interfaces are
I can chime in with some optimizations (linux).
For normal UDP sockets UDP_GRO and UDP_SEGMENT can be faster than sendmmsg/recvmmsg.
In Gvisor they decided that read/write from tun is slow so they did PACKET_MMAP on raw socket instead. AFAIU they just ignore tap device and run a raw socket on it. Dumping packet from raw socket has faster interface than the device itself.
https://github.com/google/gvisor/blob/master/pkg/tcpip/link/...
-
A note from our sponsor - InfluxDB
www.influxdata.com | 1 Dec 2023
Stats
google/gvisor is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of gvisor is Go.