felix - Project Calico's per-host agent Felix, responsible for programming routes and security policy

  •        20

This repository contains the source code for Project Calico's per-host daemon, Felix. The best place to ask a question or get help from the community is the calico-users #slack. We also have an IRC channel.

http://projectcalico.org/
https://github.com/projectcalico/felix

Tags
Implementation
License
Platform

   




Related Projects

cilium - HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP

  •    Go

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos. A new Linux kernel technology called BPF is at the foundation of Cilium. It supports dynamic insertion of BPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. BPF is highly efficient and flexible. To learn more about BPF, read more in our extensive BPF and XDP Reference Guide.

felix - The Felix Programming Language

  •    C

The Felix Programming Language

Calico - A pure layer 3 approach for Virtual Networking for highly scalable data centers

  •    Python

Project Calico represents a new approach to virtual networking, based on the same scalable IP networking principles as the Internet. Unlike other virtual networking approaches, Calico does not use overlays, instead providing a pure Layer 3 approach to data center networking. Calico is simple to deploy and diagnose, provides a rich security policy, supports both IPv4 and IPv6 and can be used across a combination of bare-metal, VM and container workloads.

liquidluck - Felix Felicis (aka liquidluck) is a static blog generator in python

  •    Python

Felix Felicis (aka liquidluck) is a simple lightweight static blog generator written in Python.Documentation is available on RTD.

Apache Felix - OSGi framework implementation and related technologies

  •    Java

Apache Felix is a community effort to implement the OSGi R4 Service Platform. The OSGi specifications originally targeted embedded devices and home services gateways, but they are ideally suited for any project interested in the principles of modularity, component-orientation, and/or service-orientation. OSGi technology combines aspects of these aforementioned principles to define a dynamic service deployment framework that is amenable to remote management.


liquidluck - Felix Felicis (aka liquidluck) is a static blog generator in python

  •    Python

Felix Felicis (aka liquidluck) is a static blog generator in python

Weave - Simple, Resilient Multi-host Docker Networking

  •    Go

Weave is a simple, portable and reliable way to network and manage containers and microservices. It provides a simple and resilient network for your application that is portable across data centers and public clouds. Weave Net creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery.

canal - Policy based networking for cloud native applications

  •    

Refer to Canal/flannel Hosted Install for up to date installation directions and manifests. This repo is deprecated and no further updates are expected here. Canal is a community-driven initiative that aims to allow users to easily deploy Calico and flannel networking together as a unified networking solution - combining Calico’s industry-leading network policy enforcement with the rich superset of Calico and flannel overlay and non-overlay network connectivity options.

Apache Karaf - OSGi distribution for server-side applications

  •    Java

Karaf Container is a modern and polymorphic container. It's a lightweight, powerful, and enterprise ready container powered by OSGi. By polymorphic, it means that Karaf can host any kind of applications: OSGi, Spring, WAR, and much more. It uses either the Apache Felix or Eclipse Equinox OSGi frameworks, providing additional features on top of the framework.

Rancher - Complete container management platform

  •    Go

Rancher is an open source project that provides a complete platform for operating Docker in production. It provides infrastructure services such as multi-host networking, global and local load balancing, and volume snapshots. It integrates native Docker management capabilities such as Docker Machine and Docker Swarm. It offers a rich user experience that enables devops admins to operate Docker in production at large scale.

geard - geard is no longer maintained - see OpenShift 3 and Kubernetes

  •    Go

The geard agent exposes operations on containers needed for large scale orchestration in production environments, and tries to map those operations closely to the underlying concepts in Docker and systemd. It supports linking containers into logical groups (applications) across multiple hosts with iptables based local networking, shared environment files, and SSH access to containers. It is also a test bed for prototyping related container services that may eventually exist as Docker plugins, such as routing, event notification, and efficient idling and network activation.The gear daemon and local commands must run as root to interface with the Docker daemon over its Unix socket and systemd over DBus.

netplugin - Container networking for various use cases

  •    Go

Getting-started videos are available on YouTube. This will provide you with a minimal experience of uploading the intent and seeing the netplugin system act on it. It will create a network on your host that lives behind an OVS bridge and has its own unique interfaces.

gvisor - Container Runtime Sandbox

  •    Go

gVisor is a user-space kernel, written in Go, that implements a substantial portion of the Linux system surface. It includes an Open Container Initiative (OCI) runtime called runsc that provides an isolation boundary between the application and the host kernel. The runsc runtime integrates with Docker and Kubernetes, making it simple to run sandboxed containers. gVisor takes a distinct approach to container sandboxing and makes a different set of technical trade-offs compared to existing sandbox technologies, thus providing new tools and ideas for the container security landscape.

kubernetes-network-policy-recipes - Example recipes for Kubernetes Network Policies that you can just copy paste

  •    

You can get stuff like this with Network Policies... This repository contains various use cases of Kubernetes Network Policies and sample YAML files to leverage in your setup. If you ever wondered how to drop/restrict traffic to applications running on Kubernetes, read on.

docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production

  •    Shell

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding Docker Security and Best Practices blog post. We are making this available as an open-source utility so the Docker community can have an easy way to self-assess their hosts and docker containers against this benchmark.

cni - Container Network Interface - networking for Linux containers

  •    Go

There is a community sync meeting for users and developers every 1-2 months. The next meeting will help on a Google Hangout and the link is in the agenda (Notes from previous meeting are also in this doc). The next meeting will be held on Wednesday, January 30th, 2019 at 4:00pm UTC / 11:00am EDT / 8:00am PDT Add to Calendar.

dagda - a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

  •    Python

Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. In order to fulfill its mission, first the known vulnerabilities as CVEs (Common Vulnerabilities and Exposures), BIDs (Bugtraq IDs), RHSAs (Red Hat Security Advisories) and RHBAs (Red Hat Bug Advisories), and the known exploits from Offensive Security database are imported into a MongoDB to facilitate the search of these vulnerabilities and exploits when your analysis are in progress.

pms-docker - Plex Media Server Docker repo, for all your PMS docker needs.

  •    Shell

With our easy-to-install Plex Media Server software and your Plex apps, available on all your favorite phones, tablets, streaming devices, gaming consoles, and smart TVs, you can stream your video, music, and photo collections any time, anywhere, to any device. The bridge networking creates an entirely new network within the host and runs containers within there. This network is connected to the physical network via an internal router and docker configures this router to forward certain ports through to the containers within. The host networking uses the IP address of the host running docker such that a container's networking appears to be the host rather than separate. The macvlan networking creates a new virtual computer on the network which is the container. For purposes of setting up a plex container, the host and macvlan are very similar in configuration.

Docker-Secure-Deployment-Guidelines - Deployment checklist for securely deploying Docker

  •    

Within today’s growing cloud-based IT market, there is a strong demand for virtualisation technologies. Unfortunately most virtualisation solutions are not flexible enough to meet developer requirements and the overhead implied by the use of full virtualisation solutions becomes a burden on the scalability of the infrastructure. Docker reduces that overhead by allowing developers and system administrators to seamlessly deploy containers for applications and services required for business operations. However, because Docker leverages the same kernel as the host system to reduce the need for resources, containers can be exposed to significant security risks if not adequately configured. The following itemised list suggests hardening actions that can be undertaken to improve the security posture of the containers within their respective environment. It should be noted that proposed solutions only apply to deployment of Linux Docker containers on Linux-based hosts, using the most recent release of Docker at the time of this writing (1.4.0, commit 4595d4f, dating 11/12/14). Part of the content below is based on publications from Jérôme Petazzoni [1] and Daniel J Walsh [2]. This document aims at adding on to their recommendations and how they can specifically be implemented within Docker. Note: Most of suggested command line options can be stored and used in a similar manner inside a Dockerfile for automated image building. Docker 1.3 now supports cryptographic signatures [3] to ascertain the origin and integrity of official repository images. This feature is however still a work in progress as Docker will issue a warning but not prevent the image from actually running. Furthermore, it does not apply to non-official images. In general, ensure that images are only retrieved from trusted repositories and that the --insecure-registry=[] command line option is never used.

kompose - Go from Docker Compose to Kubernetes

  •    Go

kompose is a tool to help users who are familiar with docker-compose move to Kubernetes. kompose takes a Docker Compose file and translates it into Kubernetes resources.kompose is a convenience tool to go from local Docker development to managing your application with Kubernetes. Transformation of the Docker Compose format to Kubernetes resources manifest may not be exact, but it helps tremendously when first deploying an application on Kubernetes.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.