distroless - 🥑 Language focused docker images, minus the operating system.

  •        163

"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells any other programs you would expect to find in a standard Linux distribution.For more information, see this talk (video).

https://github.com/GoogleCloudPlatform/distroless

Tags
Implementation
License
Platform

   




Related Projects

distroless - 🥑 Language focused docker images, minus the operating system.

  •    Python

"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution. For more information, see this talk (video).

colossus - Colossus — An example microservice architecture for Kubernetes using Bazel, Go, Java, Docker, Kubernetes, Minikube, Gazelle, gRPC, Prometheus, Grafana, and more

  •    Python

Wait a second, these services don't do anything meaningful! Nope, they sure don't. But that's okay because the point of this project is to show you how to get the basic (yet not-at-all-trivial) plumbing to work. Colossus is a boilerplate project that's meant as a springboard to more complex and meaningful projects. Getting all of these technologies to work together was a real challenge. I had to dig through countless GitHub issues and dozens of example projects to make all these things work together. I'm offering this repo as a starter pack for other people with a Bazel monorepo targeting Kubernetes.

infrastructure-as-code-tutorial - Infrastructure As Code Tutorial

  •    

This tutorial is intended to show what the Infrastructure as Code (IaC) is, why we need it, and how it can help you manage your infrastructure more efficiently. It is practice-based, meaning I don't give much theory on what Infrastructure as Code is in the beginning of the tutorial, but instead let you feel it through the practice first. At the end of the tutorial, I summarize some of the key points about Infrastructure as Code based on what you learn through the labs.

coolstore-microservices - :ferris_wheel: :sailboat: :ship: A containerized polyglot service mesh based on

  •    CSharp

The structure of README is inspired from GoogleCloudPlatform Demo. CoolStore is a containerised polyglot microservices application consisting of services based on .NET Core, NodeJS and more running on Service Mesh.

rules_go - Go rules for Bazel

  •    Go

The master branch is only guaranteed to work with the latest version of Bazel.Create a file at the top of your repository named WORKSPACE and add one of the snippets below, verbatim. This will let Bazel fetch necessary dependencies from this repository and a few others.


container-agent - Simple agent for running containers based on a declarative manifest.

  •    Python

[![Build Status](https://travis-ci.org/GoogleCloudPlatform/container-agent.svg?branch=master)](https://travis-ci.org/GoogleCloudPlatform/container-agent)

guetzli - Perceptual JPEG encoder

  •    C++

Guetzli is a JPEG encoder that aims for excellent compression density at high visual quality. Guetzli-generated images are typically 20-30% smaller than images of equivalent quality generated by libjpeg. Guetzli generates only sequential (nonprogressive) JPEGs due to faster decompression speeds they offer.There's also a Bazel build configuration provided. If you have Bazel installed, you can also compile Guetzli by running bazel build -c opt //:guetzli.

Bazel - Google's own build tool

  •    Java

Bazel is a build tool that builds code quickly and reliably. It is used to build the majority of Google's software, and thus it has been designed to handle build problems present in Google's development environment. A comprehensive, built-in set of rules lets you build software for a wide variety of languages and platforms right out of the box.

gradle-appengine-plugin - Gradle plugin that provides tasks for uploading, running and managing Google App Engine projects

  •    Groovy

NOTE: All App Engine users (except Android Studio users - support is not quite ready) are encouraged to transition to the [new gradle plugin] (https://github.com/GoogleCloudPlatform/app-gradle-plugin) for their projects.The plugin provides tasks for uploading, downloading, running and managing Google App Engine (App Engine) projects in any given Gradle build.

google-api-ruby-client

  •    Ruby

These client libraries are officially supported by Google. However, the libraries are considered complete and are in maintenance mode. This means that we will address critical bugs and security issues but will not add any new features. For Google Cloud Platform APIs such as Datastore, Cloud Storage or Pub/Sub, we recommend using GoogleCloudPlatform/google-cloud-ruby which is under active development.

awesome-docker - :whale: A curated list of Docker resources and projects

  •    Javascript

A curated list of Docker resources and projects Inspired by @sindresorhus' awesome and improved by these amazing contributors. The creators and maintainers of this list do not receive any form of payment to accept a change made by any contributor. This page is not an official Docker product in any way. It is a list of links to projects and is maintained by volunteers. Everybody is welcome to contribute. The goal of this repo is to index open-source projects, not to advertise for profit.

Portainer - Simple management UI for Docker

  •    Javascript

Portainer is a lightweight management UI which allows you to easily manage your different Docker environments (Docker hosts or Swarm clusters). Portainer is meant to be as simple to deploy as it is to use. It consists of a single container that can run on any Docker engine (can be deployed as Linux container or a Windows native container). It allows you to manage your Docker containers, images, volumes, networks and more ! It is compatible with the standalone Docker engine and with Docker Swarm mode.

docker - Docker Official Image packaging for Docker

  •    Shell

This is the Git repo of the Docker "Official Image" for docker (not to be confused with any official docker image provided by docker upstream). See the Docker Hub page for the full readme on how to use this Docker image and for information regarding contributing and issues. The full description from Docker Hub is generated over in docker-library/docs, specifically in docker-library/docs/docker.

prometheus - A docker-compose stack for Prometheus monitoring

  •    

Before we get started installing the Prometheus stack. Ensure you install the latest version of docker and docker swarm on your Docker host machine. Docker Swarm is installed automatically when using Docker for Mac or Docker for Windows.Clone the project locally to your Docker host.

Distribution - The Docker toolset to pack, ship, store, and deliver content

  •    Go

The Docker toolset to pack, ship, store, and deliver content. This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-registry project with a new API design, focused around security and performance.

Dry - A Docker container manager for the terminal

  •    Go

Dry is a terminal application to manage Docker. It shows information about Containers, Images and Networks, and, if running a Docker Swarm, it also shows all kinds of information about the state of the Swarm cluster. It can connect to both local or remote Docker daemons. Besides showing information, it can be used to manage Docker. Most of the commands that the official Docker CLI has, are available in dry with the same behaviour.

docker-compose-nodejs-examples - Finally some real world examples on getting started with Docker Compose and Nodejs

  •    Javascript

Docker Compose is an awesome tool for creating isolated development environments with Docker by using simple configurations with YAML. It's clean and easy enough to wrap your head around, even if you are new to Docker. Even though, the official website is lacking some practial, real world examples for getting started with Docker Compose and Nodejs. I hope the following real world examples will save you from some headache (like I had) while trying to figure out how to (pragmatically) use Docker Compose for your Nodejs apps.

Docker-Secure-Deployment-Guidelines - Deployment checklist for securely deploying Docker

  •    

Within today’s growing cloud-based IT market, there is a strong demand for virtualisation technologies. Unfortunately most virtualisation solutions are not flexible enough to meet developer requirements and the overhead implied by the use of full virtualisation solutions becomes a burden on the scalability of the infrastructure. Docker reduces that overhead by allowing developers and system administrators to seamlessly deploy containers for applications and services required for business operations. However, because Docker leverages the same kernel as the host system to reduce the need for resources, containers can be exposed to significant security risks if not adequately configured. The following itemised list suggests hardening actions that can be undertaken to improve the security posture of the containers within their respective environment. It should be noted that proposed solutions only apply to deployment of Linux Docker containers on Linux-based hosts, using the most recent release of Docker at the time of this writing (1.4.0, commit 4595d4f, dating 11/12/14). Part of the content below is based on publications from Jérôme Petazzoni [1] and Daniel J Walsh [2]. This document aims at adding on to their recommendations and how they can specifically be implemented within Docker. Note: Most of suggested command line options can be stored and used in a similar manner inside a Dockerfile for automated image building. Docker 1.3 now supports cryptographic signatures [3] to ascertain the origin and integrity of official repository images. This feature is however still a work in progress as Docker will issue a warning but not prevent the image from actually running. Furthermore, it does not apply to non-official images. In general, ensure that images are only retrieved from trusted repositories and that the --insecure-registry=[] command line option is never used.

docker-compose-ui - web interface for Docker Compose

  •    Javascript

Docker Compose UI is a web interface for Docker Compose. The aim of this project is to provide a minimal HTTP API on top of Docker Compose while maintaining full interoperability with Docker Compose CLI.

docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production

  •    Shell

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding Docker Security and Best Practices blog post. We are making this available as an open-source utility so the Docker community can have an easy way to self-assess their hosts and docker containers against this benchmark.