The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Container Open-Source Projects
-
Docker-OSX
Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
docker-mailserver
Production-ready fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) running inside a container.
-
sealos
Sealos is a production-ready Kubernetes distribution that provides a one-stop solution for both public and private cloud. https://sealos.io
-
SSVM
WasmEdge is a lightweight, high-performance, and extensible WebAssembly runtime for cloud native, edge, and decentralized applications. It powers serverless apps, embedded functions, microservices, smart contracts, and IoT devices.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
kruise
Automated management of large-scale applications on Kubernetes (incubating project under CNCF)
-
devspace
DevSpace - The Fastest Developer Tool for Kubernetes ⚡ Automate your deployment workflow with DevSpace and develop software directly inside Kubernetes.
-
kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
-
redroid-doc
redroid (Remote-Android) is a multi-arch, GPU enabled, Android in Cloud solution. Track issues / docs here
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Running macOS legally requires real mac servers and a bespoke storage solution: https://www.datacenterdynamics.com/en/analysis/not-just-stac...
A self-hosted macOS runner will be more economical in the long-run, if you have a spot you can hook it up at, or if you're fine doing things less than legally, you can use https://github.com/sickcodes/Docker-OSX.
cat << EOF wget \ https://github.com/goharbor/harbor/releases/download/v2.9.4/\ harbor-offline-installer-v2.9.4.tgz EOF
I can recommend Docker mailserver (it also works with Podman). It is already pretty lightweight but you can even make it lighter and it has an active community as well as regular updates.
Install Multipass from https://multipass.run
Apko leverages the APK package format from Alpine and draws inspiration from ko, a fast container image builder for Go applications.
For the task of building the graph image, my first idea was to rely on buildah. In fact, our design was already heavily relying on containers/image for all things regarding copying images from one registry to the other, or from one registry to an archive. The obvious choice was to use the same suite of modules in order to keep dependencies to a minimum.
https://github.com/uber/kraken?tab=readme-ov-file#comparison...
"Kraken was initially built with a BitTorrent driver, however, we ended up implementing our P2P driver based on BitTorrent protocol to allow for tighter integration with storage solutions and more control over performance optimizations.
Kraken's problem space is slightly different than what BitTorrent was designed for. Kraken's goal is to reduce global max download time and communication overhead in a stable environment, while BitTorrent was designed for an unpredictable and adversarial environment, so it needs to preserve more copies of scarce data and defend against malicious or bad behaving peers.
Despite the differences, we re-examine Kraken's protocol from time to time, and if it's feasible, we hope to make it compatible with BitTorrent again."
Project mention: ⚡⚡ Level Up Your Cloud Experience with These 7 Open Source Projects 🌩️ | /r/Cloud | 2023-12-07Knative
Alguns frameworks trabalham desta forma por padrão, como é o caso do Angular, quando este não é o padrão do framework que utilizamos podemos usar alguma biblioteca, como a Inversify ou tsyringe da Microsoft.
Project mention: Ahoy! 🦭 Podman Desktop v1.5.2 is ship-shape and ready to board! 🛥️ | /r/podman | 2023-11-05A new, search-driven command palette is now available to enable quick access to various commands available across 🦭 Podman Desktop. You can try this new tool out by hitting the F1 key. #4081 && #3979
We use https://github.com/uber-go/automaxprocs after we joyfully discovered that Go assumed we had the entire cluster's cpu count on any particular pod. Made for some very strange performance characteristics in scheduling goroutines.
Project mention: A morning with the Rabbit R1: a fun, funky, unfinished AI gadget | news.ycombinator.com | 2024-04-24It does show how incompetent the attacker was, I report below what Retr0id wrote in the issue:
"tl;dr: The "leak" seems real, but doesn't prove any of the claims made in the readme.
This statement from Peiyuan Liao, the rabbit CTO, is consistent with what I'm seeing here: https://twitter.com/liaopeiyuan/status/ 1782922595199033662
So the "leak" is a bit of a nothingburger, containing partial code for the relatively boring process of letting users authenticate with online services through a sandboxed browser session, from which auth tokens etc. can be extracted. You can't infer anything about how LAM does or doesn't work from this.
They likely used "kiosk escape" tricks to get code exec within the box that runs the browser. Assuming their sandboxing is all set up correctly, this isn't particularly concerning, but it does expose the code that runs within the sandbox for analysis. That's what we appear to have here.
The attacker left behind a file named cdk.log, which is an artifact of https://github.com/cdk-team/CDK/, a container pentesting tool. They were clearly trying to escape the sandbox and pivot to somewhere more interesting, but I don't think they managed it. I think "part 2" is a bluff, this is all they have (feel free to prove me wrong, lol).
But that doesn't mean there's nothing here. Lets look at what we do have.
The most interesting detail to me is a package name list in repo/ typescript/common/base-tsconfig.json
[...]
The only code actually present is for q-web-minion-
What follows is my speculation based on the names alone:
"q" seems like a codename for the rabbit device (so q-hole rabbit hole). Q might stand for "quantum".
The problem with trying to log into and interface with consumer-facing services from 'the cloud" is that you'll get IP rate limited, blocked as a bot, etc. It would make sense to proxy traffic back out through the user's device, and that's what I'd hope q-proxy is about. The big downside with this is that it ~doubles latency and halves available bandwidth, magnifying any deficiencies of a flaky 4G connection. This is perhaps partly why their doordash demo chugged so hard. (protip to the team; use a caching proxy, with SSL, MitM. Detect CDN URLs and don't proxy those.)
This is a total stab in the dark but my guess is that bunny-host is where the LAM action happens, and bunny-builder is for LAM training.
cm-quantum-peripheral-common might be the wrist-mounted device teased in the launch event.
Addendum:
It's also possible there were some juicy credentials accessible within the container. But if there were, they aren't in this leak. In particular, it looks like they're using GCP "service account keys' (/credentials/ cm-gcp-service-account-quantum-workload/gcp-service-account- quantum-workload.json), which according to google's docs "create a security risk and are not recommended. Unlike the other credential file types, compromised service account keys can be used by a bad actor without any additional information".
There isn't enough information here (and/or my analysis isn't deep enough - "cloud" is not my forte) to determine if that'll cause any issues in practice, but if there really is a "part 2" leak, I'd guess this is how they got it."
I OCR two screenshots that I did so there could be errors.
I've been trying to install ReDroid following this guide (replacing docker with podman) but the container gives only the following output:
I also explored another module, go-containerregistry, in order to build images without root privileges. The approach is completely different, and we can manipulate each component of the container image separately. This can present an advantage, if you're looking for a way to fine tune things.
Container related posts
- Docker Private Registry using Harbor
- Are there DevOps public sector roles?
- Soulseek Docker share multiple folders
- A handsome k8s cluster - Is it possible?
- Docker-OSX · Follow @sickcodes on Twitter
- Mykube - simple cli for single node K8S creatiom
- GitHub - guyst16/mykube: k8s-installer - One-click k8s single-node cluster installation on your own device.
-
A note from our sponsor - WorkOS
workos.com | 26 Apr 2024
Index
What are some of the best open-source Container projects? This list will help you:
Project | Stars | |
---|---|---|
1 | Docker-OSX | 35,279 |
2 | awesome-docker | 28,328 |
3 | Harbor | 22,485 |
4 | docker-mailserver | 13,292 |
5 | sealos | 12,944 |
6 | SSVM | 7,932 |
7 | multipass | 7,294 |
8 | ko | 7,234 |
9 | buildah | 6,986 |
10 | kubeedge | 6,395 |
11 | kraken | 5,852 |
12 | serving | 5,388 |
13 | tsyringe | 4,774 |
14 | tbox | 4,690 |
15 | kruise | 4,359 |
16 | Podman Desktop | 4,138 |
17 | devspace | 4,074 |
18 | kubernetes-goat | 3,862 |
19 | automaxprocs | 3,773 |
20 | CDK | 3,638 |
21 | redroid-doc | 3,583 |
22 | swift-collections | 3,514 |
23 | go-containerregistry | 2,949 |
Sponsored