Container Awesome
Storage, Metadata, Runtime
- CRI
- opencontainers/runc
- google/gvisor
- Apache-2.0, Go
- Application Kernel for Containers
- runsc
- nvidia-container-runtime
- containers/crun
- GPL-2, C
- lightweight
- containers/youki
- Apache-2.0, Rust
- CNI
- Kube-router
- Calico
- Flannel
- CSI
- Daemon - 管理 OCI 容器、镜像
- ContainerD
- docker
- podman
- lxd
- rkt
- Builder
- Source to Image
- openshift/source-to-image
- GoogleContainerTools/jib
- Java to container
- bazelbuild/bazel
- ko
- Golang to kubernetes
- Skaffold
- buildpack
- Registry Client
- Registry Server
- habor
- nexus
- netvarun/docket
- DOCKEr + torrenT
- docker/docker-credential-helpers
- docker-credential-osxkeychain.
- Web UI
$HOME/.docker/config.json
{
"credsStore": "osxkeychain"
}
- cri-o
- Container Desktop/VM
- Docker Desktop
- podman machine
- lima-vm/lima
- Linux VM on macOS for running containerd
- QEMU+HVF
- lima-vm/sshocker 文件共享 - 反向 sshfs
- ssh -L
- 基于 lima
- abiosoft/colima
- Container runtimes on macOS & Linux
- Rancher Desktop
- abiosoft/colima
- mikrok8s
- minikube
- weaveworks/footloose
- Containers that look like Virtual Machines
- GoogleContainerTools/kpt
- Automate Kubernetes Configuration Editing
- checkpoint-restore/criu
- GPLv2, C
- application or container live migration, snapshots, remote debugging
Image
- https://github.com/opencontainers/image-spec
- containerd/stargz-snapshotter
- fast container image distribution plugin with lazy pulling
- https://nydus.dev/
- OCI tar layer -> Blob+meta
- containerd/nydus-snapshotter
- containerd snapshotter with data deduplication and lazy loading in P2P
- dragonflyoss/nydus
- based on FUSE,virtiofs
- RAFS v6 - erofs over fscache - Linux 5.19+
- dragonflyoss/Dragonfly2
- P2P-based file distribution and image acceleration
- https://d7y.io/blog/2022/06/06/evolution-of-nydus/
- https://github.com/dragonflyoss/nydus/blob/master/docs/nydusify.md
- goharbor/acceleration-service
- google/crfs
- CRFS: Container Registry Filesystem
- read-only FUSE
Runtime
- drifting-in-space/spawner
- Session-lived containers for advanced browser-based applications.
- indigo-dc/udocker
- https://github.com/opencontainers/runtime-spec/blob/main/implementations.md
CLI
- ctr,nerdctl -> containerd
- contaiNERD CTL
- crictl -> cri -> containerd
- cri 是 kubelet 接口
工具
- sigstore/cosign
- Container Signing
- plexsystems/sinker
- 同步镜像
- 使用 github.com/docker/docker/client 操作 docker
- 使用 github.com/google/go-containerregistry 操作 仓库
go install github.com/plexsystems/sinker@latest
sinker push
.images.yaml
target:
host: mycompany.com
repository: myteam
sources:
- repository: coreos/prometheus-operator
host: quay.io
tag: v0.40.0
- crane
- 基于 google/go-containerregistry 的工具
- containers/skopeo
- remote images registries - retrieving information, images, signing content
- oras
- regctl
- GoogleContainerTools/container-diff
- jwilder/dockerize
- 参考
库
- google/go-containerregistry
- uber/kraken
- P2P Docker registry capable of distributing TBs of data in seconds
- dragonfly2
- heroku/docker-registry-client
- Docker Registry HTTP V2
- https://docs.quay.io/api/swagger/
- quay/quay
- Apache-2.0, Python
- distribution/distribution
- registry
- Docker HUB API
curl https://hub.docker.com/v2/repositories/wener/base/tags | jq
# Registry API
curl https://ustc-edu-cn.mirror.aliyuncs.com/v2/wener/base/tags/list | jq -r '.tags | .[]'
Build
问题
- 是否需要 Linux 环境
- 是否需要 Privilege 环境
- 是否需要守护进程
- 是否支持跨平台
- Manifest 支持
- 缓存支持
- 易用性
Inspect
docker run --rm -it \
-v /var/run/docker.sock:/var/run/docker.sock \
-p 7001:7001 \
--name diving vicanso/diving