GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nestybox → sysbox-ee

nestybox / sysbox-ee

Licence: other
Sysbox Enterprise-Edition repository. The enterprise version of the open-source Sysbox "runc" runtime (empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs).

Programming Languages

shell
77523 projects

Labels

dockerkubernetesdevopscontainersrootless-containerscontainer-runtime-securitycontainer-runtimes

Projects that are alternatives of or similar to sysbox-ee

podman-static
static podman binaries and container image
Stars: ✭ 108 (+157.14%)
Mutual labels:  rootless-containers
falco-the-kubernetes-response-engine-using-openfaas-functions
Demonstrating how you can take an action to your intrusions detected by Falco using OpenFaaS functions
Stars: ✭ 23 (-45.24%)
Mutual labels:  container-runtime-security
Singularity-tutorial
Singularity 101
Stars: ✭ 31 (-26.19%)
Mutual labels:  rootless-containers
Singularity
Singularity: Application containers for Linux
Stars: ✭ 2,290 (+5352.38%)
Mutual labels:  rootless-containers
Podman Compose
a script to run docker-compose.yml using podman
Stars: ✭ 2,414 (+5647.62%)
Mutual labels:  rootless-containers
rootlesscontaine.rs
Website to track the progress of rootless containers.
Stars: ✭ 40 (-4.76%)
Mutual labels:  rootless-containers
ctnr
rootless runc-based container engine - deprecated in favour of podman
Stars: ✭ 30 (-28.57%)
Mutual labels:  rootless-containers
runrootless
rootless OCI container runtime with ptrace hacks (No root privileges nor SUID binaries (e.g. newuidmap) are required!)
Stars: ✭ 114 (+171.43%)
Mutual labels:  rootless-containers
awesome-falco
A curated list of Falco related tools, frameworks, blogs, podcasts, and articles
Stars: ✭ 166 (+295.24%)
Mutual labels:  container-runtime-security

sysbox

Docker advances container isolation and workloads with acquisition of Nestybox:

Hi everyone, this is Cesar & Rodny, co-founders of Nestybox.

We are humbled and excited to announce that Nestybox is now officially part of Docker, Inc! Docker is an excellent home for Sysbox, and this will accelerate innovation of Sysbox to advance container isolation and workloads.

Please see this blog and this Q&A for more info. Thanks!

Contents

Introduction

Sysbox Enterprise Edition (Sysbox-EE) is the enterprise version of the open-source Sysbox container runtime, developed by Nestybox.

Sysbox-EE uses Sysbox at its core, but adds enterprise-level features such as:

  • Improved container isolation / security

  • Running more types of system-level workloads inside containers

  • Scalability (running more containers per host)

  • Significant performance and efficiency optimizations (for faster container deployment with reduced disk utilization)

  • Lifecycle (higher release cadence, critical bug fixes ASAP)

  • Nestybox professional support with a guaranteed SLA (rather than best effort on Sysbox)

  • Feature prioritization (Sysbox-EE feature requests are prioritized)

For these reasons, **we recommend that enterprises that wish to use Sysbox in their IT infrastructure use Sysbox-EE**.

Sysbox-EE is a drop-in replacement for Sysbox. It installs and it's used in the exact same way, but includes the enterprise level features described above. On a given host however, either Sysbox or Sysbox-EE must be installed, never both.

See the next sectionfor a comparison between Sysbox-EE and Sysbox (aka Sysbox Community Edition or Sysbox-CE).

Features & Pricing

Sysbox-EE is offered via a 30-day free trial and a paid subscription after that.

Features and pricing info are shown below.

sysbox

(*) For pricing purposes, a "host" is a computer (bare-metal or virtual-machine) with up to 16 CPU cores (32 hyper threads). Per-core pricing at $5 per-core per-month is also available for hosts with < 8 cores. Licensing is per-year. Volume discounts available for 50+ per-host licenses or 350+ per-core licenses.

You can download Sysbox-EE for free and use it during the free trial period. Afterwards, we ask that you contact Nestybox for pricing and payment information.

If you have questions, you can reach us here.

Supported Distros

Sysbox-EE relies on functionality available only in relatively recent Linux kernel releases.

See the distro compatibility doc for information about the supported Linux distributions and the required kernel releases.

We plan to add support for more distros in the near future.

Host Requirements

The Sysbox-EE host must meet the following requirements:

  • It must be running one of the supported Linux distros.

  • We recommend a minimum of 4 CPUs (e.g., 2 cores with 2 hyperthreads) and 4GB of RAM. Though this is not a hard requirement, smaller configurations may slow down Sysbox-EE.

Installation

Sysbox-EE is a drop-in replacement for Sysbox, meaning that it's installed and used in the same way.

For this reason, the documents in the Sysbox repo apply equally to both Sysbox and Sysbox-EE.

Here are the links to the docs showing how to install Sysbox-EE:

Using Sysbox-EE

Once Sysbox-EE is installed, you create a container using your container manager or orchestrator (e.g., Docker or Kubernetes) and an image of your choice.

Docker command example:

$ docker run --runtime=sysbox-runc --rm -it --hostname my_cont registry.nestybox.com/nestybox/ubuntu-bionic-systemd-docker
root@my_cont:/#

Kubernetes pod spec example:

apiVersion: v1
kind: Pod
metadata:
  name: ubu-bio-systemd-docker
  annotations:
    io.kubernetes.cri-o.userns-mode: "auto:size=65536"
spec:
  runtimeClassName: sysbox-runc
  containers:
  - name: ubu-bio-systemd-docker
    image: registry.nestybox.com/nestybox/ubuntu-bionic-systemd-docker
    command: ["/sbin/init"]
  restartPolicy: Never

You can choose whatever container image you want, Sysbox-EE places no requirements on the image.

Refer to the Documentation section below for further examples on how to use Sysbox-EE.

Documentation

The following documents in the Sysbox repo show how to use Docker and Kubernetes to deploy containers with Sysbox.

These docs apply equally to both Sysbox and Sysbox-EE.

Features that are specific to Sysbox-EE are tagged with "Sysbox-EE Feature Highlight" in the docs.

  • Sysbox Quick Start Guide

    • Provides many examples for using Sysbox to deploy enhanced containers. New users should start here.

  • Sysbox User Guide

    • Provides more detailed information on Sysbox features and troubleshooting.

In addition, the Nestybox blog site has articles on how to use Sysbox to deploy containers.

Filing Issues

We apologize for any problems in the product or documentation, and we appreciate users filing issues that help us improve Sysbox-EE.

To file issues with Sysbox-EE (e.g., bugs, feature requests, documentation changes, etc.), please refer to the issue guidelines document.

Security

If you find bugs or issues that may expose a Sysbox-EE vulnerability, please report these by sending an email to [email protected]. Please do not open security issues in this repo. Thanks!

In addition, a few vulnerabilities have recently been found in the Linux kernel that in some cases reduce or negate the enhanced isolation provided by Sysbox containers. Fortunately they are all fixed in recent Linux kernels. See the Sysbox User Guide's Vulnerabilities & CVEs chapter for more info, and reach out on the Sysbox Slack channel for further questions.

Support

Reach us at our slack channel or at [email protected] for any questions. See our contact info below for more options.

Sysbox Enterprise customers get a guaranteed support SLA from Nestybox, and their issues and requests are prioritized.

About Nestybox

Nestybox enhances the power of Linux containers.

We are developing software that enables containers to run any type of workload (not just micro-services), and do so easily and securely.

Our mission is to provide users with a fast, efficient, easy-to-use, and secure alternative to virtual machines for deploying virtual hosts on Linux.

Contact

We are happy to help. You can reach us at:

Email: [email protected]

Slack: Nestybox Slack Workspace

Phone: 1-800-600-6788

We are there from Monday-Friday, 9am-5pm Pacific Time.

Thank You

We thank you very much for using Sysbox-EE. We hope you find it useful.

Your trust in us is very much appreciated!

-- The Nestybox Team

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].