#containerd contains #nerd

Unhappy with #DockerDesktop on #macOS? Give #Colima a try!

It's a free and open #container runtime for macOS. It now supports the macOS #virtualization framework, #virtiofs for fast volume mounts and forwarding #inotify events for hot/live reloading. It can even provide a #containerd, #kubernetes or #incus runtime.

https://github.com/abiosoft/colima

(I would've preferred #podman, as that's what I'm mostly using in production, but it still doesn't support forwarding inotify events on macOS)

Устанавливаем кластер Kubernetes в LXC-контейнерах Proxmox

Если вы когда-либо разворачивали Kubernetes-кластер на виртуальных машинах (ВМ), то знаете, насколько это может быть ресурсоёмко. Особенно это ощущается на одноплатных компьютерах вроде Orange Pi 5 Plus, даже несмотря на его 16 ГБ оперативной памяти. Для домашнего лабораторного стенда или лёгкой продакшн-инфраструктуры хочется чего-то более лёгкого и быстрого

https://habr.com/ru/articles/901260/

#kubernetes #keepalived #haproxy #containerd #crio #orange_pi #arm64

Hey Everyone, You've been meaning to do it but now is the time 'circle the wagons' and get your systems moved from docker to something else.

Time for me to 'restart' the migration.

Remember: never Oracle

https://techcrunch.com/2025/02/13/former-oracle-cloud-exec-don-johnson-takes-over-as-dockers-new-ceo/

#docker #podman #containerd #lxc #lxd

Aaaaand we have a revelation. Dug through containerd source code and found the check, it's bailing cause loopback provides no IPs on the default interface which is eth0.

Not really sure how to fix it yet but it's a breakthrough when it was looking pretty stale.

So....is it even possible to run a pod with ONLY local loopback? No east-west, no access from the host, no vEth pairs just alone.

#CNI #Containerd #kh8s #k8s #Kubernetes

We've progressed from hacked-up shell scripts dumping context and writing Bash test harnesses.

We're up to compiling GoLang debug CNI plugins with static linking so we can dump context Even Betterer ™️

It's been a long day.

#kh8s #k8s #Containerd #Kubernetes

We're at the stage of reconstructing JSON from containerd debug log lines, for anyone playing along at home.

Loopback CNI plugin seems to be returning a successful result but the netns it claims is simply not there. I also note that there's no pause image pulled on the node, which I thought was a step *before* calling the CNI plugin...

The loopback plugin should be sufficient to launch a container by itself...right?

#Kubernetes #k8s #CNI #Containers #Containerd

Any good guides xor tipps for a single node kubernetes cluster setup that can be scaled up to 3 nodes later on?

#kubernetes #containerd #linux

@cmm11 @mwl I've tried to push this rock for a long time. We shouldnt use docker in our enterprise deployments. Or if we do, it should be with #containerd and Pod Security Admission enforced at the cluster level in k8s. To be honest, most devs that build docker containers default to root and often do things at the os level. We use halolint in our CI/CD pipelines to try and catch this and harden our containers, but the devs sometimes hack around the linters. 😉 Devs want convenience, not security.

Trying #containerd 2.0.0 on #flatcar - this is a good opportunity to test the User Namespace feature on #kubernetes:
```
$ kubectl exec -ti userns-01 -- cat /proc/self/uid_map
0 391577600 65536
$ ssh to-k8s-node -- cat /proc/self/uid_map
0 0 4294967295
```

If you want to try it out, here's the containerd 2.0.0 sysext definition: https://github.com/flatcar/sysext-bakery/pull/97 and doc to BYO containerd on Flatcar: https://www.flatcar.org/docs/latest/provisioning/sysext/#remove-docker-and--or-containerd-from-flatcar

#containerd just released v2.0.0! 🎉

I expect it will take a bit to work through the various pipelines before everyone is running it. This was also their chance to remove a bunch of deprecated features. Specifics are in the release notes.

https://github.com/containerd/containerd/releases/tag/v2.0.0

Just recently:

- Why do you have 64GB of RAM? That’s just overkill, there is no way you—

* opens VM Manager *

- Oh… nevermind.

#Virtualization #Docker #Containers #Container #OCI #ContainerD #VM #VMManager

#Buildpacks do not support #Docker with #containerd image store

https://github.com/spring-projects/spring-boot/issues/40100

Awesome 🎉 #rust #rocket #digitalocean #kubernetes 👇star my code
https://github.com/giuliohome/rust-rocket-playground

Btw podman is yet another fake #opensource #foss repository

I stop suggesting @Podman_io
I wasted my time with those stupid idiots.

https://github.com/containers/podman/issues/24013

I admit that @docker is the way to go to #build a #Dockerfile

Or #containerd ctr + #kaniko !
+ #chatgpt for support 💪 instead of github useless maintainers

All tested on #WSL #Ubuntu ☕

Docker Desktop 4.34: MSI Installer GA, Upgraded Host Networking, and Powerful Enhancements for Boosted Productivity & Administration
#Docker #Products #AIML #Containerd #DockerDesktop #DockerDesktoprelease #Microsoft #WSL2

https://www.docker.com/blog/docker-desktop-4-34/

After over a year I gave up using #docker alternatives, e.g. #containerd + #nerdctl. Too much stuff is not working out of the box. Pretty sad that there is still no real alternative.

Can you pull a container image with a known good digest from an untrusted registry?

It depends. Following the OCI distribution spec, a client is not required to validate the digest. Instead, the registry can send a header with another hash algorithm, and the client must validate using algo and hash from the header. A malicious registry can deliver both malicious manifests and blobs to a spec conform client.

Docker & containerd seem to check the digest as one might expect, many other clients don't.

My colleague @burger is proposing to tighten the spec and require clients to verify the digest if present: https://github.com/opencontainers/distribution-spec/issues/549

#container #security #OCI #containerd #Docker #Kubernetes #infosec

https://www.hackingnote.com/en/versus/crictl-vs-ctr/

#containerd #crictl reads from #kubernetes cri so hosts.toml under certs.d

https://github.com/containerd/containerd/discussions/6468

https://stackoverflow.com/a/72750550/21375897

while #ctr has image pull --user "name:pswd" option, directly (it does not read from cri)

Ok #GetFediHired, I finally got one for ya!

Dagger (https://dagger.io/) is building a "#DevOps operating system" using containers and we're looking for someone to help build the core platform. Product is #OpenSource!

Needed Skills: #Go, #Docker, AWS, Moby/Buildkit

Bonus Points: #Containerd #OCI

Location: Remote! North or South America

Note: While it's a DevOps tool, this is not a DevOps role.

Shoot an email to jenna@dagger.io if you're interested!

#Hiring #JobOpportunity

I just read #containerd as contaiNerd…

#kubernetes