awesome-linux-containers

A curated list of awesome Linux Containers frameworks, libraries and software

GitHub

2k stars
67 watching
170 forks
last commit: 6 months ago
Linked from 8 awesome lists

awesomebest-practicescontainerslinux-containers

Awesome Linux Containers / Foundations

OPEN CONTAINER INITIATIVE The Open Container Initiative is a lightweight, open governance structure, to be formed under the auspices of the Linux Foundation, for the express purpose of creating open industry standards around container formats and runtime
Cloud Native Computing Foundation The Cloud Native Computing Foundation will create and drive the adoption of a new set of common container technologies informed by technical merit and end user value, and inspired by Internet-scale computing
Cloud Foundry Foundation The Cloud is our foundry

Awesome Linux Containers / Specifications

Open Container Specifications 3,191 2 months ago This project is where the Open Container Initiative Specifications are written. This is a work in progress
App Container basics 8,817 over 4 years ago App Container (appc) is an open specification that defines several aspects of how to run applications in containers: an image format, runtime environment, and discovery protocol
Systemd Container Interface Systemd is a suite of basic building blocks for a Linux system. It provides a system and service manager that runs as PID 1 and starts the rest of the system. If you write a container solution, please consider supporting the following interfaces
Nulecule Specification 102 over 7 years ago Nulecule defines a pattern and model for packaging complex multi-container applications and services, referencing all their dependencies, including orchestration metadata in a container image for building, deploying, monitoring, and active management
Oracle microcontainer manifesto This is not a new container format, but simply a specific method for constructing a container that allows for better security and stability
Cloud Native Application Bundle Specification 956 about 2 years ago A package format specification that describes a technology for bundling, installing, and managing distributed applications, that are by design, cloud agnostic

Awesome Linux Containers / Clouds

Amazon EC2 Container Service Container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances
Google Cloud Platform Run Docker containers on Google Cloud Platform, powered by Kubernetes. Google Container Engine actively schedules your containers, based on declared needs, on a managed cluster of virtual machines
Jelastic Unlimited PaaS and Container-Based IaaS in a Joint Cloud Solution for DevOps
Joyent High-Performance Container-Native Infrastructure for Today's Demanding Real-Time Web and Mobile Applications
Kubernetes Manage a cluster of Linux containers as a single system to accelerate Dev and simplify Ops
Mesosphere The Mesosphere Datacenter Operating System (DCOS) is a new kind of operating system that spans all of the machines in your datacenter or cloud. It provides a highly elastic, and highly scalable way of deploying applications, services and big data infrastructure on shared resources
OpenShift Origin OpenShift Origin is a distribution of optimized for continuous application development and multi-tenant deployment. Origin adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams
Warden 283 almost 8 years ago Manages isolated, ephemeral, and resource controlled environments. Part of Cloud Foundry - the open platform as a service project
Virtuozzo A platform, built on Virtuozzo containers, that can be easily run on top of any bare-metal or virtual servers in any public or private cloud, to automate, optimize, and accelerate internal IT and development processes
Rancher Rancher is a complete, open source platform for deploying and managing containers in production. It includes commercially-supported distributions of Kubernetes, Mesos, and Docker Swarm, making it easy to run containerized applications on any infrastructure
Docker Swarm Docker Swarm is native clustering for Docker
Azure Container Service Azure Container Service optimizes the configuration of popular open source tools and technologies specifically for Azure
CIAO Cloud Integrated Advanced Orchestrator for Intel Clear Linux OS
Alibaba Cloud Container Service Container Service is a high-performance and scalable container application management service that enables you to use Docker and Kubernetes to manage the lifecycle of containerized applications
Nomad HashiCorp Nomad is a single binary that schedules applications and services on Linux, Windows, and Mac. It is an open source scheduler that uses a declarative job file for scheduling virtualized, containerized, and standalone applications

Awesome Linux Containers / Operating Systems

CoreOs A lightweight Linux operating system designed for clustered deployments providing automation, security, and scalability for your most critical applications
RancherOS RancherOS is a tiny Linux distro that runs the entire OS as Docker containers
Project Atomic Project Atomic provides the best platform for your Linux Docker Kubernetes (LDK) application stack. Use immutable infrastructure to deploy and scale your containerized applications
Snappy Ubuntu Core Ubuntu Core is the perfect system for large-scale cloud container deployments, bringing transactional updates to the world’s favourite container platform
ResinOS A host OS tailored for containers, designed for reliability, proven in production
Photon 3,032 15 days ago Photon OS is a minimal Linux container host designed to have a small footprint and tuned for VMware platforms. Photon is intended to invite collaboration around running containerized and Linux applications in a virtualized environment
Clear Linux Project The Clear Linux Project for Intel Architecture is a distribution built for various Cloud use cases
CargOS CargOS is a new lightweight, open source, platform for Docker hosts that aims for speed, manageability and security. Releases are built for 64-bit Intel/AMD CPUs
OSv OSv is the open source operating system designed for the cloud. Built from the ground up for effortless deployment and management, with superior performance
HypriotOS Minimal Debian-based operating systems that is optimized to run Docker. It made it dead easy use Docker on any Raspberry Pi
MCL MCL ( ) is a from scratch minimal Linux OS designed specifically to run containers. It has a small footprint of ~50MB and boots within seconds. It is currently optimized to run Docker

Awesome Linux Containers / Hypervisors

Docker 30,083 6 days ago An open platform for distributed applications for developers and sysadmins.
LXD 2,528 11 days ago Daemon based on liblxc offering a REST API to manage LXC containers
OpenVZ OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated Linux containers (otherwise known as VEs or VPSs) on a single physical server enabling better server utilization and ensuring that applications do not conflict
MultiDocker 53 almost 6 years ago Create a secure multi-user Docker machine, where each user is segregated into an indepentent container
Lithos 112 over 5 years ago Lithos is a process supervisor and containerizer for running services. It is not intended to be system init, but rather tries to be a base tool to build container orchestration
containerd A container runtime which can manage a complete container lifecycle - from image transfer/storage to container execution, supervision and networking

Awesome Linux Containers / Containers

runc 11,775 12 days ago runc is a CLI tool for spawning and running containers according to the OCS specification
Bocker 11,269 almost 7 years ago Docker implemented in around 100 lines of bash
Rocket 8,817 over 4 years ago rkt (pronounced "rock-it") is a CLI for running app containers on Linux. rkt is designed to be composable, secure, and fast. Based on AppC specification
LXC 4,627 26 days ago LXC is the well known set of tools, templates, library and language bindings. It's pretty low level, very flexible and covers just about every containment feature supported by the upstream kernel
Vagga 1,861 over 1 year ago Vagga is a fully-userspace container engine inspired by Vagrant and Docker, specialized for development environments
libct 106 about 7 years ago Libct is a containers management library which provides convenient API for frontend programs to rule a container during its whole lifetime
libvirt A big toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes)
systemd-nspawn Spawn a namespace container for debugging, testing and building. Part of
porto 397 over 1 year ago The main goal of Porto is to create a convenient, reliable interface over several Linux kernel mechanism such as cgroups, namespaces, mounts, networking etc
udocker 1,342 about 2 months ago A basic user tool to execute simple containers in batch or interactive systems without root privileges
Let Me Contain That For You 3,411 over 9 years ago LMCTFY is the open source version of Google’s container stack, which provides Linux application containers
cc-oci-runtime 417 about 7 years ago Intel Clear Linux OCI (Open Containers Initiative) compatible runtime
railcar 1,120 almost 5 years ago Railcar is a rust implementation of the opencontainers initiative's runtime spec. It is similar to the reference implementation runc, but it is implemented completely in rust for memory safety without needing the overhead of a garbage collector or multiple threads
Kata Containers Kata Containers is a new open source project building extremely lightweight virtual machines that seamlessly plug into the containers ecosystem
plash 378 about 1 month ago Lightweight, rootless containers
runv 828 over 3 years ago Hypervisor-based (KVM, Xen, QEMU) Runtime for OCI. Security by isolation
podman 23,322 10 days ago Full management of container lifecycle
firecracker 25,366 10 days ago Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine the security and isolation properties provided by hardware virtualization technology with the speed and flexibility of containers
sysbox 2,734 19 days ago Sysbox is a "runc" that creates secure (rootless) containers / pods that run not just microservices, but most workloads that run in VMs (e.g., systemd, Docker, and Kubernetes), seamlessly
youki 6,201 12 days ago A container runtime written in Rust
footloose 1,589 about 1 year ago Containers that look like Virtual Machines

Awesome Linux Containers / Sandboxes

Firejail Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities
NsJail 2,935 2 months ago NsJail is a process isolation tool for Linux. It makes use of the namespacing, resource control, and seccomp-bpf syscall filter subsystems of the Linux kernel
Subuser 889 over 2 years ago Securing the Linux desktop with Docker
Snappy Snappy Ubuntu Core is a new rendition of Ubuntu with transactional updates - a minimal server image with the same libraries as today’s Ubuntu, but applications are provided through a simpler mechanism
xdg-app xdg-app is a system for building, distributing and running sandboxed desktop applications on Linux
Bubblewrap 3,895 11 days ago Run applications in a sandbox using Linux namespaces without root privileges, with user namespacing provided via setuid binary
singularity 2,527 about 2 years ago Universal application containers for Linux
Lxroot 99 about 1 year ago Lxroot is a flexible, lightweight, and safer alternative to chroot and/or Docker for non-root users on Linux

Awesome Linux Containers / Partial Access

nsenter Run program with namespaces of other processes. Part of the util-linux
ip-netns Process network namespace management. Part of the iproute2
unshare Run program with some namespaces unshared from parent. Part of the util-linux
python-nsenter 138 over 4 years ago This Python package allows entering Linux kernel namespaces (mount, IPC, net, PID, user and UTS) by doing the "setns" syscall
butter Python library to interface to low level linux features (inotify, fanotify, timerfd, signalfd, eventfd, containers) with asyncio support
pyspaces 88 over 6 years ago Works with Linux namespaces through glibc with pure python
CRIU Checkpoint/Restore In Userspace is a software tool for Linux operating system. Using this tool, you can freeze a running application (or part of it) and checkpoint it to a hard drive as a collection of files. CRIU integrated with Docker and LXC to implement Live migration of containers
Moby 68,527 15 days ago A "Lego set" of toolkit components for containers software created by Docker

Awesome Linux Containers / Filesystem

container-diff 3,762 7 months ago A tool for analyzing and comparing container images
buildah 7,321 11 days ago A tool which facilitates building OCI container images
skopeo 8,107 11 days ago Work with remote images registries - retrieving information, images, signing content
img 3,895 5 months ago Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder
dgr 248 over 3 years ago Command line utility designed to build and to configure at runtime App Containers Images (ACI) and App Container Pods (POD) based on convention over configuration
Whaler 1,057 over 2 years ago Whaler is designed to reverse engineer a Docker Image into the Dockerfile that created it
dive 45,722 3 months ago A tool for exploring each layer in a docker image
go-containerregistry 3,089 11 days ago Go library and CLIs for working with container registries
kaniko 14,690 13 days ago Kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster
umoci Umoci is a tool to manipulate OCI container images, and can be used as a rudimentary build tool
docker pushrm 138 4 months ago A Docker CLI plugin that that lets you push the README.md file from the current directory to a container registry. Supports Docker Hub, Quay and Harbor

Awesome Linux Containers / Dashboard

LXC-Web-Panel Web panel for LXC on Ubuntu
Liman Basic docker monitoring web application
portainer 30,586 11 days ago Lightweight Docker management UI
swarmpit 3,077 4 months ago Lightweight mobile-friendly Docker Swarm management UI

Awesome Linux Containers / Best practices

The Twelve-Factor App The twelve-factor app is a methodology for building software-as-a-service apps
Container Best Practices A collaborative project to document container-based application architecture, creation and management from Project Atomic

Awesome Linux Containers / Security / Tools

Docker bench security 9,076 5 months ago The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production
CoreOS Clair Open Source Vulnerability Analysis for your Containers
bane 1,175 about 4 years ago Custom AppArmor profile generator for docker containers
OpenSCAP 237 almost 8 years ago The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines
drydock 65 over 8 years ago Drydock provides a flexible way of assessing the security of your Docker daemon configuration and containers using editable audit templates
trireme Security by segmentation for Docker and Kubernetes
goss 5,579 14 days ago Quick and Easy server testing/validation
sockguard 143 about 3 years ago A proxy for docker.sock that enforces access control and isolated privileges
gvisor 15,637 10 days ago gVisor is a user-space kernel, written in Go, that implements a substantial portion of the Linux system surface. It includes an Open Container Initiative (OCI) runtime called runsc that provides an isolation boundary between the application and the host kernel. The runsc runtime integrates with Docker and Kubernetes, making it simple to run sandboxed containers
docker-explorer 523 about 1 year ago A tool to help forensicate offline docker acquisitions
oci-seccomp-bpf-hook 296 11 days ago OCI hook to trace syscalls and generate a seccomp profile
CIS Security Benchmarks
Are Docker containers really secure?
Bringing new security features to Docker
Docker, Linux Containers (LXC), and security
For containers, security is problem #1
Linux Container Security
Ask HN: Best Linux sandbox?
CIS Docker 1.6 Benchmark v1.0.0
Understanding docker security and best practices
Update on Ubuntu Phone security issue
Don't expose the Docker socket (not even to a container)
RedHat Blog
Introduction to Linux Containers
What’s Next for Containers? User Namespaces
Architecting Containers Part 1: Why Understanding User Space vs. Kernel Space Matters
Architecting Containers Part 2: Why the User Space Matters
Secure Your Containers with this One Weird Trick
Why you shouldn't use ENV variables for secret data
When to use-Docker alternatives rkt and LXD
The container is a lie

Awesome Linux Containers / Another Information Sources

sysdig-container-ecosystem 110 over 8 years ago The ecosystem of awesome new technologies emerging around containers and microservices can be a little overwhelming, to say the least. We thought we might be able to help: welcome to the Container Ecosystem Project
doger.io This page is an attempt to document the ins and outs of containers on Linux. This is not just restricted to programmers looking to implement containers or use container like features in their own code but also Sysadmins and Users who want to get more of a handle on how containers work 'under the hood'

Backlinks from these awesome lists: