container
VaultOS is a terminal-based user interface (TUI) for managing "Desktop" Docker containers.
VaultOS is a terminal-based user interface (TUI) for managing "Desktop" Docker containers. It allows you to effortlessly spin up ephemeral or persistent Linux desktop environments (like Alpine XFCE, Ubuntu KDE, etc.) accessible directly via your web browser.
Make shipping applications more enjoyable.
KubeVela is a modern software delivery platform that makes deploying and operating applications across today's hybrid, multi-cloud environments easier, faster and more reliable.
A PostgreSQL Docker container that automatically upgrades your database.
Its whole purpose in life is to automatically detect the version of PostgreSQL used in the existing PostgreSQL data directory, then automatically upgrade it (if needed) to the required version of PostgreSQL using pg_upgrade with the --link option.
🤖 A minimal and customizable Docker image running the Android emulator as a service.
Docker Container Monitoring for Your Terminal.
A powerful TUI for monitoring Docker containers across multiple hosts with real-time CPU, memory, and network metrics. Built with Rust for blazing-fast performance and minimal resource usage.
A Lightweight, Ready-to-Use Web Browsing Environment in Docker with VNC Access.
VNC-Browser is a ready to use, minimal, customizable docker image designed to provide a lightweight and secure environment for browsing the web via VNC.
An archive-less dockerTools.buildImage implementation.
nix2container provides an efficient container development workflow with images built by Nix: it doesn't write tarballs to the Nix store and allows to skip already pushed layers (without having to rebuild them).
Related contents:
IncusOS is an immutable OS solely designed around safely and reliably running Incus. It uses modern security features like UEFI Secure Boot and TPM to provide a safe boot experience and seamless full disk encryption.
Related contents:
Acceleration Framework For Cloud-Native Distribution.
the Dragonfly image service, providing fast, secure and easy access to container images. Nydus implements a content-addressable file system on the RAFS format, which enhances the current OCI image specification by improving container launch speed, image space and network bandwidth efficiency, and data integrity.
Related contents:
Manage your docker containers and generate a report to share and compare with other self hosters.
Container Census is a lightweight, Go-powered tool that automatically scans your Docker environment across one or many hosts and gives you a clear, historical view of everything running in your stack.
Related contents:
🥑 Language focused docker images, minus the operating system.
"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.
Related contents:
An application for automating docker containers updates with a web ui.
It's like well-known watchtower, but with a web UI where you can change most of the settings or view the current state of the containers.
Related contents:
Patch the past. Build the future. Eliminate your CVEs
Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.:
1,700+ trusted container images to eliminate your vulnerabilities and mitigate malware.
Related contents:
Ubuntu, Alpine, Arch, and Fedora based Webtop images, Linux in a web browser supporting popular desktop environments.
Related contents:
Docker Registry UI.
A simple, lightweight UI for exploring and managing Docker/OCI container registries.
Run Windows Apps on Linux with Seamless Integration.
WinBoat is an Electron app which allows you to run Windows apps on Linux using a containerized approach. Windows runs as a VM inside a Docker container, we communicate with it using the WinBoat Guest Server to retrieve data we need from Windows. For compositing applications as native OS-level windows, we use FreeRDP together with Windows's RemoteApp protocol.
Related contents:
an open source geocoder for openstreetmap data.
photon is an open source geocoder built for OpenStreetMap data. It is based on elasticsearch/OpenSearch - an efficient, powerful and highly scalable search platform.
Related contents:
Search engine for address. Only address.
Addok will index your address data and provide an HTTP API for full text search.
It is extensible with plugins, for example for geocoding CSV files.
Used in production by France administration, with around 26 millions addresses. In those servers, full France data is imported in about 15 min and it scales to around 2000 searches per second.
- Addok @ GitHub.
- Conteneurs Addok pour Docker avec les données de références diffusées par la Base Adresse Nationale :fr: @ GitHub.
Related contents:
Easy Tailscale to WireGuard bridge in a container.
A simple Docker container app which allows connecting existing WireGuard hosts to the Tailscale network, in case the device running WireGuard is locked in and/or does not support Tailscale binaries.
Related contents:
Securing containers, one scan at a time.
Harbor Guard is a comprehensive container security scanning platform that provides an intuitive web interface for managing and visualizing security assessments of Docker images.
A modular backup solution designed for Docker environments, safely handling containerized workloads by stopping and restarting containers during backup operations, ensuring data consistency.
Open-Source Low-Latency Accelerated Linux WebRTC HTML5 Remote Desktop Streaming Platform for Self-Hosting, Containers, Kubernetes, or Cloud/HPC .
Build single-executable microVMs from Docker images.
Bottlefire turns container images into standalone, zero-dependency Linux executables that bundle Firecracker and launch microVMs automatically.
bake is a Linux CLI tool that can embed microVM resources (firecracker binary, kernel, initrd, boot disk) into itself. It also implements bidirectional communication between VM and host - including networking and directory sharing - entirely in userspace, without requiring root privilege.
TUI viewer for docker-compose.
DCV is a TUI (Terminal User Interface) tool for monitoring Docker containers and Docker Compose applications.
Related contents:
RamaLama strives to make working with AI simple, straightforward, and familiar by using OCI containers.
RamaLama is an open-source developer tool that simplifies the local serving of AI models from any source and facilitates their use for inference in production, all through the familiar language of containers.
Related contents:
Run AI Generated Code Locally. A secure local sandbox to run LLM-generated code using Apple containers.
CodeRunner is an MCP (Model Context Protocol) server that executes AI-generated code in a sandboxed environment on your Mac using Apple's native containers.
Related contents:
Lock, Stock, and Two Smoking MicroVMs. Create and manage the lifecycle of MicroVMs backed by containerd.
A streamlined service to manage the lifecycle of microVMs. Flintlock lets you focus on deploying your application in MicroVMs tailored for its need.
The original use case for flintlock was to create microVMs on a bare-metal host where the microVMs will be used as nodes in a virtualized Kubernetes cluster. It is an essential part of Liquid Metal and can be orchestrated by Cluster API Provider Microvm.
Traefik Landing Page
A simple, modern, and dynamic dashboard for your Traefik services. This application automatically discovers services via the Traefik API and displays them in a clean, responsive grid. It's designed to be run as a lightweight, multi-arch Docker container.
Cloud-based development using your local tools.
Mutagen provides real-time file synchronization and flexible network forwarding for developers, extending the reach of local development tools to cloud-based containers and infrastructure.
Mutagen is a new kind of remote development tool that enables your existing local tools to work with code in remote environments like cloud servers and containers. It does this by providing high-performance real-time file synchronization and flexible network forwarding. It supports synchronization and forwarding between local systems, SSH-accessible locations, and Docker containers.
Transactional, in-place operating system updates using OCI/Docker container images. bootc is the key component in a broader mission of bootable containers.
Related contents:
A self-hosted, real-time port monitoring and discovery tool.
By auto-discovering services on your systems, portracker provides a live, accurate map of your network. It helps eliminate manual tracking in spreadsheets and prevents deployment failures caused by port conflicts.
💽 Build Bespoke OS Images
A fancy wrapper around dnf --installroot, apt, pacman and zypper that generates customized disk images with a number of bells and whistles.
Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source) .
SlimToolkit allows developers to inspect, optimize and debug their containers using its xray, lint, build, debug, run, images, merge, registry, vulnerability (and other) commands. It simplifies and improves your developer experience building, customizing and using containers. It makes your containers better, smaller and more secure while providing advanced visibility and improved usability working with the original and minified containers.
The workflow engine for Kubernetes.
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows is implemented as a Kubernetes CRD (Custom Resource Definition).
Related contents:
Build Container Images In Kubernetes.
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster.
kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.
Development environments for coding agents. Enable multiple agents to work safely and independently with your preferred stack.
Container Use lets each of your coding agents have their own containerized environment. Go from babysitting one agent at a time to enabling multiple agents to work safely and independently with your preferred stack.
A self hosted virtual browser that runs in docker and uses WebRTC.
Neko is a powerful tool that allows you to run a fully-functional browser in a virtual environment, giving you the ability to access the internet securely and privately from anywhere. With Neko, you can browse the web, run applications, and perform other tasks just as you would on a regular browser, all within a secure and isolated environment.
Related contents:
Single-node Kubernetes, reimagined for edge and embedded.
Ultra-lightweight, OCI-compliant, single-node Kubernetes built for constrained environments. No clustering. No etcd. Just what you need to run real workloads on real hardware—fast.
Kubernetes distribution for bare-metal, on-prem, edge, IoT.
k0s is the simple, solid & certified Kubernetes distribution that works on any infrastructure: bare-metal, on-premises, edge, IoT, public & private clouds. It's 100% open source & free.
Related contents:
container is a tool that you can use to create and run Linux containers as lightweight virtual machines on your Mac. It's written in Swift, and optimized for Apple silicon.
The tool consumes and produces OCI-compliant container images, so you can pull and run images from any standard container registry. You can push images that you build to those registries as well, and run the images in any other OCI-compliant application.
Containerization is a Swift package for running Linux containers on macOS.
The Containerization package allows applications to use Linux containers. Containerization is written in Swift and uses Virtualization.framework on Apple silicon.
Proxy for connecting to Podman rootless containers by domain name.
Makes Firefox the World's First Cloud-Native Dev Browser!
Seriously though, Podfox is a SOCKS5 proxy for accessing Podman's rootless network namespace from the host. Podfox creates a convenient virtual domain hierarchy in the proxy: a <container>.<network>.podman request gets resolved as <container>.dns.podman on <network>'s aardvark-dns server. Firefox can be configured to use it through a PAC policy or an included one-liner extension (TODO: maybe publish to AMO?).
Related contents:
Agentless Vulnerability Scanner for Linux/FreeBSD.
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices.
Production-Grade Container Scheduling and Management.
Kubernetes, also known as K8s, is an open source system for automating deployment, scaling, and management of containerized applications.
Related contents:
- How Kubernetes Works Internally? @ System Design Codex.
- Minimum vital pour survivre sur un sujet Kubernetes @ Téotime Pacreau :fr:.
- Formation Kubernetes : Admin & Développeurs @ DevSecOps :fr:.
- How To Run Kubernetes Commands in Go: Steps and Best Practices @ The New Stack.
- Kubernetes Is Powerful, But Not Secure (at least not by default) @ Tigera.
- Docker to Kubernetes: The 30-Day Migration Path Every Developer Should Know @ Teamcamp's dev.to.
- Beyond the surface - Exploring attacker persistence strategies in Kubernetes @ Raesene's Ramblings.
- The Myths (and Costs) of Running Node.js on Kubernetes @ Platformatic.
- k8s-1m: fully functional Kubernetes cluster with 1 million active nodes.
- Investigating and fixing "StopPodSandbox from runtime service failed" Kubelet errors @ Marcus Noble.
- Managing Kubernetes Workloads Using the App of Apps Pattern in ArgoCD-2 @ CNCF.
- How to use AI to make Kubernetes monitoring smarter @ Danlio's Medium.
- Why Kube-State-Metrics Matters for Kubernetes Observability @ weeklycloud's Medium.
- 64GB RAM Kubernetes Cluster for €39/month — Part 1: Proxmox & LVM & NAT @ TrackIT Blog.
- A Practical Guide to Running NVIDIA GPUs on Kubernetes @ jimangel.io.
- Preventing Kubernetes from Pulling the Pause Image from the Internet @ Kyle Cascade.
- Ten Common Kubernetes Misconfigurations That Cause Outages (And What You Can Do About It) @ Cloud Native Now.
- Wrangling Kubernetes contexts @ natkr's ramblings.
- In-place Pod resizing in Kubernetes: How it works and how to use it @ Palark's Blog.
- Kubernetes Metrics: Types, Tools, & Monitoring Guide @ spacelift.
- How to Troubleshoot Common Kubernetes Errors (2025 Guide) @ Spacelift.
- Kubernetes Optimization using In-Place Pod Resizing and Zone-Aware Routing @ halodoc.
- What's Wrong with Kubernetes Today @ DevZero.
- How I think about Kubernetes @ Georgi Arnaudov.
macOS & Linux Containers for Computer-Use AI Agents on Apple Silicon. Run Docker Containers for Computer-Use AI Agents on Apple Silicon.
TL;DR: c/ua (pronounced "koo-ah", short for Computer-Use Agent) is a framework that enables AI agents to control full operating systems within high-performance, lightweight virtual containers. It delivers up to 97% native speed on Apple Silicon and works with any vision language models.
Containerized versions of hundreds of MCP servers 📡 🧠
While experimenting with Model Context Protocol (MCP) servers, we found that setting them up could be a bit tedious and time-consuming. To simplify the process, we created containerized versions of these servers—making it quick, easy, and secure for anyone to get started.
Stateless cluster local OCI registry mirror.
Speed up container pulls and minimize downtime with a stateless peer-to-peer OCI registry mirror for efficient image distribution.
Related contents:
Open source container-based virtualization for Linux.
OpenVZ allows multiple secure, isolated Linux containers (also known as virtual private servers or virtual environments) to run on a single physical server. This technology enhances server utilization and ensures that applications do not conflict with each other.
Related contents:
The easiest way to manage your container updates. Cup is a small utility with a big impact. Simplify your container management workflow with fast and efficient update checking, a full-featured CLI and web interface, and more.
Deploy Docker Apps on Your Infrastructure.
A lightweight tool for deploying and managing containerised applications across a network of Docker hosts. Bridging the gap between Docker and Kubernetes ✨
Docker image that echoes request data as JSON; listens on HTTP/S, useful for debugging.
A scale-out production-ready vendor-neutral OCI-native container image/artifact registry (purely based on OCI Distribution Specification)
WAGMIOS is a self-hosted container management system with AI-powered automation. It enables you to efficiently manage your containers with W.I.L.L.O.W, an AI assistant that optimizes your workflow.
Deploy your projects directly from your local computer to your production server easily.
Airo helps you deploying containers to your self-hosted server, without worrying about configuring pipelines, serverless services or different platforms. Just your self-hosted servers.
Warewulf is a stateless and diskless container operating system provisioning system for large clusters of bare metal and/or virtual systems.
A Bloat Aware Filesystem for Container Debloating.
BLAFS is a bloat-aware filesystem for container debloating. The design principles of BLAFS are effective, efficient, and easy to use. It detects the files used by the container, and then debloats the container by removing the unused files. The debloated containers are still functional and can run the same workload as the original containers, but with a much smaller size and faster deployment.
A CLI/TUI that simplifies launching VSCode projects, with a focus on dev containers.
Migrate from Docker to Podman.
fly-to-podman is a small bash script that helps you migrate from Docker to Podman. It will migrate your Docker containers, images, and volumes to Podman, as well as keep your container data and configurations (mounts, ports, etc.) intact.