An application for automating docker containers updates with a web ui.

It's like well-known watchtower, but with a web UI where you can change most of the settings or view the current state of the containers.

A tool that facilitates building OCI images.

• Buildah @ GitHub.

Patch the past. Build the future. Eliminate your CVEs

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.:

1,700+ trusted container images to eliminate your vulnerabilities and mitigate malware.

• Chainguard container images registry.
• Chainguard for Raspberry Pi.

Related contents:

• Episode 635: The Texas Linux Fest Special @ Linux Unplugged.
• A Gift for the Open Source Community: Chainguard’s CVE-Free Raspberry Pi Images (Beta) @ Chainguard.

Ubuntu, Alpine, Arch, and Fedora based Webtop images, Linux in a web browser supporting popular desktop environments.

Related contents:

• I Run a Full Linux Desktop in Docker Just Because I Can @ How-To Geek.

Docker Registry UI.

A simple, lightweight UI for exploring and managing Docker/OCI container registries.

Run Windows Apps on Linux with Seamless Integration.

WinBoat is an Electron app which allows you to run Windows apps on Linux using a containerized approach. Windows runs as a VM inside a Docker container, we communicate with it using the WinBoat Guest Server to retrieve data we need from Windows. For compositing applications as native OS-level windows, we use FreeRDP together with Windows's RemoteApp protocol.

• WinBoat @ GitHub.

an open source geocoder for openstreetmap data.

photon is an open source geocoder built for OpenStreetMap data. It is based on elasticsearch/OpenSearch - an efficient, powerful and highly scalable search platform.

• Photon Docker Image @ GitHub.

Related contents:

• Une auto-complétion d'adresse sans service tiers, comme Mapbox ou Google Maps ? C'est possible ! @ Ludovic Frank :fr:.

Search engine for address. Only address.

Addok will index your address data and provide an HTTP API for full text search.

It is extensible with plugins, for example for geocoding CSV files.

Used in production by France administration, with around 26 millions addresses. In those servers, full France data is imported in about 15 min and it scales to around 2000 searches per second.

• Addok @ GitHub.
• Conteneurs Addok pour Docker avec les données de références diffusées par la Base Adresse Nationale :fr: @ GitHub.

Related contents:

• Une auto-complétion d'adresse sans service tiers, comme Mapbox ou Google Maps ? C'est possible ! @ Ludovic Frank :fr:.

Easy Tailscale to WireGuard bridge in a container.

A simple Docker container app which allows connecting existing WireGuard hosts to the Tailscale network, in case the device running WireGuard is locked in and/or does not support Tailscale binaries.

Related contents:

• TailGuard - La solution Docker qui marie WireGuard et Tailscale pour du VPN surpuissant @ Korben :fr:.

Securing containers, one scan at a time.

Harbor Guard is a comprehensive container security scanning platform that provides an intuitive web interface for managing and visualizing security assessments of Docker images.

• Harbor Guard @ GitHub.

A modular backup solution designed for Docker environments, safely handling containerized workloads by stopping and restarting containers during backup operations, ensuring data consistency.

• repliqate @ GitHub.

Open-Source Low-Latency Accelerated Linux WebRTC HTML5 Remote Desktop Streaming Platform for Self-Hosting, Containers, Kubernetes, or Cloud/HPC .

• Selkies @ GitHub.
• Webtop @ LinuxServer.io GitHub.

Build single-executable microVMs from Docker images.

Bottlefire turns container images into standalone, zero-dependency Linux executables that bundle Firecracker and launch microVMs automatically.

bake is a Linux CLI tool that can embed microVM resources (firecracker binary, kernel, initrd, boot disk) into itself. It also implements bidirectional communication between VM and host - including networking and directory sharing - entirely in userspace, without requiring root privilege.

• bake @ GitHub.

TUI viewer for docker-compose.

DCV is a TUI (Terminal User Interface) tool for monitoring Docker containers and Docker Compose applications.

Related contents:

• DCV - Quand votre terminal devient un cockpit Docker @ Korben :fr:.

RamaLama strives to make working with AI simple, straightforward, and familiar by using OCI containers.

RamaLama is an open-source developer tool that simplifies the local serving of AI models from any source and facilitates their use for inference in production, all through the familiar language of containers.

• RamaLama @ GitHub.

Related contents:

• Episode 616: From Boston to bootc @ Linux Unplugged.

Run AI Generated Code Locally. A secure local sandbox to run LLM-generated code using Apple containers.

CodeRunner is an MCP (Model Context Protocol) server that executes AI-generated code in a sandboxed environment on your Mac using Apple's native containers.

Related contents:

• I Want Everything Local — Building My Offline AI Workspace @ InstaVM.

Lock, Stock, and Two Smoking MicroVMs. Create and manage the lifecycle of MicroVMs backed by containerd.

A streamlined service to manage the lifecycle of microVMs. Flintlock lets you focus on deploying your application in MicroVMs tailored for its need.

The original use case for flintlock was to create microVMs on a bare-metal host where the microVMs will be used as nodes in a virtualized Kubernetes cluster. It is an essential part of Liquid Metal and can be orchestrated by Cluster API Provider Microvm.

• Flintlock @ GitHub.

Traefik Landing Page

A simple, modern, and dynamic dashboard for your Traefik services. This application automatically discovers services via the Traefik API and displays them in a clean, responsive grid. It's designed to be run as a lightweight, multi-arch Docker container.

Cloud-based development using your local tools.

Mutagen provides real-time file synchronization and flexible network forwarding for developers, extending the reach of local development tools to cloud-based containers and infrastructure.

Mutagen is a new kind of remote development tool that enables your existing local tools to work with code in remote environments like cloud servers and containers. It does this by providing high-performance real-time file synchronization and flexible network forwarding. It supports synchronization and forwarding between local systems, SSH-accessible locations, and Docker containers.

• Mutagen @ GitHub.

Transactional, in-place operating system updates using OCI/Docker container images. bootc is the key component in a broader mission of bootable containers.

• bootc @ GitHub.
• Fedora/CentOS bootc Documentation.

Related contents:

• Episode 623: 50 Days of Blue @ Linux Unplugged.

🐙 Octoplex is a live video restreamer for Docker.

A self-hosted, real-time port monitoring and discovery tool.

By auto-discovering services on your systems, portracker provides a live, accurate map of your network. It helps eliminate manual tracking in spreadsheets and prevents deployment failures caused by port conflicts.

💽 Build Bespoke OS Images

A fancy wrapper around dnf --installroot, apt, pacman and zypper that generates customized disk images with a number of bells and whistles.

• mkosi @ GitHub.

Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source) .

SlimToolkit allows developers to inspect, optimize and debug their containers using its xray, lint, build, debug, run, images, merge, registry, vulnerability (and other) commands. It simplifies and improves your developer experience building, customizing and using containers. It makes your containers better, smaller and more secure while providing advanced visibility and improved usability working with the original and minified containers.

• Slim(toolkit) @ GitHub.

The workflow engine for Kubernetes.

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows is implemented as a Kubernetes CRD (Custom Resource Definition).

• Argo Workflows @ GitHub.

Related contents:

• Argo Workflows 3.7 @ Argo Project's Medium.

Build Container Images In Kubernetes.

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster.

kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.

Development environments for coding agents. Enable multiple agents to work safely and independently with your preferred stack.

Container Use lets each of your coding agents have their own containerized environment. Go from babysitting one agent at a time to enabling multiple agents to work safely and independently with your preferred stack.

A self hosted virtual browser that runs in docker and uses WebRTC.

Neko is a powerful tool that allows you to run a fully-functional browser in a virtual environment, giving you the ability to access the internet securely and privately from anywhere. With Neko, you can browse the web, run applications, and perform other tasks just as you would on a regular browser, all within a secure and isolated environment.

• n.eko @ GitHub.

Related contents:

• Episode 624: Tiny PC, Huge Problems @ Linux Unplugged.
• Neko - Le navigateur virtuel partagé qui tourne dans Docker @ Korben :fr:.

Single-node Kubernetes, reimagined for edge and embedded.

Ultra-lightweight, OCI-compliant, single-node Kubernetes built for constrained environments. No clustering. No etcd. Just what you need to run real workloads on real hardware—fast.

• kubesolo @ GitHub.

Kubernetes distribution for bare-metal, on-prem, edge, IoT.

k0s is the simple, solid & certified Kubernetes distribution that works on any infrastructure: bare-metal, on-premises, edge, IoT, public & private clouds. It's 100% open source & free.

• k0s @ GitHub.

Related contents:

• A milestone for lightweight Kubernetes: k0s joins CNCF sandbox @ Cloud Native.

container is a tool that you can use to create and run Linux containers as lightweight virtual machines on your Mac. It's written in Swift, and optimized for Apple silicon.

The tool consumes and produces OCI-compliant container images, so you can pull and run images from any standard container registry. You can push images that you build to those registries as well, and run the images in any other OCI-compliant application.

• container @ GitHub.

Containerization is a Swift package for running Linux containers on macOS.

The Containerization package allows applications to use Linux containers. Containerization is written in Swift and uses Virtualization.framework on Apple silicon.

• Containerization @ GitHub.

Proxy for connecting to Podman rootless containers by domain name.

Makes Firefox the World's First Cloud-Native Dev Browser!

Seriously though, Podfox is a SOCKS5 proxy for accessing Podman's rootless network namespace from the host. Podfox creates a convenient virtual domain hierarchy in the proxy: a <container>.<network>.podman request gets resolved as <container>.dns.podman on <network>'s aardvark-dns server. Firefox can be configured to use it through a PAC policy or an included one-liner extension (TODO: maybe publish to AMO?).

Related contents:

• Podfox: World's First Container-Aware Browser @ Val Packett.

Agentless Vulnerability Scanner for Linux/FreeBSD.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices.

• Vuls @ GitHub.

Production-Grade Container Scheduling and Management.

Kubernetes, also known as K8s, is an open source system for automating deployment, scaling, and management of containerized applications.

• Kubernetes @ GitHub.

Related contents:

• How Kubernetes Works Internally? @ System Design Codex.
• Minimum vital pour survivre sur un sujet Kubernetes @ Téotime Pacreau :fr:.
• Formation Kubernetes : Admin & Développeurs @ DevSecOps :fr:.
• How To Run Kubernetes Commands in Go: Steps and Best Practices @ The New Stack.
• Kubernetes Is Powerful, But Not Secure (at least not by default) @ Tigera.
• Docker to Kubernetes: The 30-Day Migration Path Every Developer Should Know @ Teamcamp's dev.to.
• Beyond the surface - Exploring attacker persistence strategies in Kubernetes @ Raesene's Ramblings.
• The Myths (and Costs) of Running Node.js on Kubernetes @ Platformatic.

macOS & Linux Containers for Computer-Use AI Agents on Apple Silicon. Run Docker Containers for Computer-Use AI Agents on Apple Silicon.

TL;DR: c/ua (pronounced "koo-ah", short for Computer-Use Agent) is a framework that enables AI agents to control full operating systems within high-performance, lightweight virtual containers. It delivers up to 97% native speed on Apple Silicon and works with any vision language models.

• c/ua @ GitHub.

Containerized versions of hundreds of MCP servers 📡 🧠

While experimenting with Model Context Protocol (MCP) servers, we found that setting them up could be a bit tedious and time-consuming. To simplify the process, we created containerized versions of these servers—making it quick, easy, and secure for anyone to get started.

• MCP Containers @ GitHub.

Stateless cluster local OCI registry mirror.

Speed up container pulls and minimize downtime with a stateless peer-to-peer OCI registry mirror for efficient image distribution.

• Spegel @ GitHub.

Related contents:

• Peerd @ GitHub (stolen by Microsoft).
• Getting Forked by Microsoft @ Philip Laine.

Open source container-based virtualization for Linux.

OpenVZ allows multiple secure, isolated Linux containers (also known as virtual private servers or virtual environments) to run on a single physical server. This technology enhances server utilization and ensures that applications do not conflict with each other.

• OpenVZ @ Bitbucket.

Related contents:

• 9 Best Virtualization Software for Linux @ It's FOSS.

The easiest way to manage your container updates. Cup is a small utility with a big impact. Simplify your container management workflow with fast and efficient update checking, a full-featured CLI and web interface, and more.

• Cup @ GitHub.

Deploy Docker Apps on Your Infrastructure.

A lightweight tool for deploying and managing containerised applications across a network of Docker hosts. Bridging the gap between Docker and Kubernetes ✨

• Uncloud @ GitHub.

Docker image that echoes request data as JSON; listens on HTTP/S, useful for debugging.

• An https echo Docker container for web debugging @ Mendhak / Code.
• Débugger vos requêtes HTTP en une ligne plutôt que mille @ Bearstech :fr:.

A scale-out production-ready vendor-neutral OCI-native container image/artifact registry (purely based on OCI Distribution Specification)

• Zot Registry @ GitHub.

WAGMIOS is a self-hosted container management system with AI-powered automation. It enables you to efficiently manage your containers with W.I.L.L.O.W, an AI assistant that optimizes your workflow.

Deploy your projects directly from your local computer to your production server easily.

Airo helps you deploying containers to your self-hosted server, without worrying about configuring pipelines, serverless services or different platforms. Just your self-hosted servers.

Warewulf is a stateless and diskless container operating system provisioning system for large clusters of bare metal and/or virtual systems.

• Warewulf @ GitHub.

A Bloat Aware Filesystem for Container Debloating.

BLAFS is a bloat-aware filesystem for container debloating. The design principles of BLAFS are effective, efficient, and easy to use. It detects the files used by the container, and then debloats the container by removing the unused files. The debloated containers are still functional and can run the same workload as the original containers, but with a much smaller size and faster deployment.

A CLI/TUI that simplifies launching VSCode projects, with a focus on dev containers.

Migrate from Docker to Podman.

fly-to-podman is a small bash script that helps you migrate from Docker to Podman. It will migrate your Docker containers, images, and volumes to Podman, as well as keep your container data and configurations (mounts, ports, etc.) intact.

Power tools for kubectl. Faster way to switch between clusters and namespaces in kubectl.

kubectx is a tool to switch between contexts (clusters) on kubectl faster. kubens is a tool to switch between Kubernetes namespaces (and configure them for kubectl) easily.

Related contents:

• Gestion des namespaces et contextes avec kubens & kubectx @ DevSecOps :fr:.

nerdctl is a Docker-compatible CLI for containerd.

contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...

Related contents:

• Introduction à nerdctl pour containerd @ DevSecOps :fr:.

CLI and validation tools for Kubelet Container Runtime Interface (CRI) . cri-tools aims to provide a series of debugging and validation tools for Kubelet CRI, which includes:

• crictl: CLI for kubelet CRI.
• critest: validation test suites for kubelet CRI.

Related contents:

• Gérez vos conteneurs avec crictl @ DevSecOps :fr:.

Control panel to Start/Stop/View Logs for apps in Docker, Systemd, VMs or anything else (with user scripts).

Scale to Zero.

An free and open-source software to start workloads on demand and stop them after a period of inactivity.

Sablier is a free and open-source software that can scale your workloads on demand. Start your containers on demand, shut them down automatically when there's no activity. Docker, Docker Swarm Mode and Kubernetes compatible.

• Sablier @ GitHub.

Reloader can watch changes in ConfigMap and Secret and do rolling upgrades on Pods with their associated DeploymentConfigs, Deployments, Daemonsets Statefulsets and Rollouts.

A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig.

• Reloader @ GitHub.

Kubernetes for Prod, Tilt for Dev. A toolkit for fixing the pains of microservice development. Define your dev environment as code. For microservice apps on Kubernetes.

Tilt powers microservice development and makes sure they behave! Run tilt up to work in a complete dev environment configured for your team.

Tilt automates all the steps from a code change to a new process: watching files, building container images, and bringing your environment up-to-date. Think docker build && kubectl apply or docker-compose up.

• Tilt @ GitHub.

Related contents:

• Tilt In Two Minutes @ Get Tilt's YouTube.

Lightweight universal DDNS Updater program. Container to update DNS records periodically with WebUI for many DNS providers. Program to keep DNS A and/or AAAA records updated for multiple DNS providers

Effortlessly deploy apps using a container — minimal know-how required.

Infinite OS is a container operating system designed to allow you to deploy applications knowing little to nothing about containers. It comes with a user-friendly dashboard, REST API, and CLI for seamless container management.

• Infinite OS @ GitHub.

Idle: The Chillest Container You'll Ever Run 💤.

📦 Idle is a minimalist container designed to do nothing but idle indefinitely.

Idle is written in minimalist C. It includes graceful handling of SIGINT/SIGTERM signals for a clean shutdown, ensuring it's a well-behaved citizen in your Kubernetes cluster.

SOCI Snapshotter is a containerd snapshotter plugin. It enables standard OCI images to be lazily loaded without requiring a build-time conversion step. "SOCI" is short for "Seekable OCI", and is pronounced "so-CHEE".