burning1020 / sandbox Goto Github PK
View Code? Open in Web Editor NEWThis project forked from cncf/sandbox
Applications for Sandbox go here! โณ๐ฆ๐งช
License: Apache License 2.0
This project forked from cncf/sandbox
Applications for Sandbox go here! โณ๐ฆ๐งช
License: Apache License 2.0
,,,
[email protected],
[email protected],
[email protected]
[email protected],
[email protected]
Kuasar(Quasar in Kubernetes) is a low-level container runtime that provides multiple sandbox container solutions.
Isolation techniques are being integrated into containers world, including microVM, WebAssembly, application kernel, unikernel, and confidential computing. These techniques create an isolated environment for running containers. That is referred to as a "sandbox".
However, the concept of a sandbox is not well-defined in container runtimes like containerd. Its semantics are unclear and imitated by "pause container", and its management is mixed into container management . We believe it's time to introduce the concept of "sandboxer" that is for handling the sandbox lifecycle and resource management independently. Thus, Kuasar was born.
Kuasar is a low-level container runtime that offers multiple sandbox container solutions. It provides several "sandboxer" implementations for microVM, WebAssembly runtime, and application kernel sandbox. Kuasar consists of two main modules: one, called "sandboxer", handles sandbox lifecycle management, while the other, named "task", manages all containers lifecycle within a sandbox.
Kuasar features:
https://github.com/kuasar-io/kuasar
https://github.com/kuasar-io/containerd,
https://github.com/kuasar-io/rust-extensions,
https://github.com/kuasar-io/web
https://github.com/kuasar-io/kuasar/blob/main/ROADMAP.md
Kuasar is actively inviting additional sandbox technologies to join its ecosystem so these sandbox are planned in roadmap. In addition, kuasar has interests in the following features:
https://github.com/kuasar-io/kuasar/blob/main/CONTRIBUTING.md
https://github.com/kuasar-io/kuasar/blob/main/CODE_OF_CONDUCT.md
https://github.com/kuasar-io/kuasar/blob/main/ADOPTERS.md
Contributing or Sponsoring Org |
---|
Huawei |
Agricultural Bank of China |
WasmEdge |
openEuler |
QuarkContainer |
https://github.com/kuasar-io/kuasar/blob/main/MAINTAINERS.md
To expand the range of sandbox runtime solutions, Kuasar maintains an open and neutral attitude towards sandbox technologies. This aligns seamlessly with CNCF's mission to foster and sustain an ecosystem of open source and vendor-neutral projects. Given CNCF's extensive user base, leveraging CNCF's platform will enable Kuasar to benefit more and more organizations and companies.
Given the diversity of cloud native scenarios and user requirements, many sandbox container runtime solutions have been proposed. Supporting the simultaneous execution of these various runtimes increases the complexity of operation and maintenance. Additionally, smoothly embracing to new sandbox technology can also be challenging.
The beneift could be:
Landscape: Runtime - Container Runtime
Kuasar, as a low level container runtime on cloud computing node, will handle the specific lifecycle management of kubernetes pod, creating the sandbox environment and running containers. So it fits in "Runtime" and "Container Runtime".
TAGs: TAG Runtime
The participation of Kuasar in tag-runtime group will raise discussions about the integration of sandboxes within Kubernetes, particularly in conjunction with containerd. These discussions present an opportunity to enhance the Kubernetes ecosystem, especially the WebAssembly sandbox.
Northbound: Kuasar will interact with the high-level container runtimes implementing CRI to manage a container. Complements the following project:
Southbound: Kuasar will create a sandbox instance and start container inside it. Depends on the following project:
Not just runwasi, but also kata-shim, firecracker-containerd, and runsc have their own considerations when defining the sandbox. Consequently, their diverse implementations introduce challenges for operations and maintenance engineers to toggle runtimes and identify problems. To address this, Kuasar is introduced to simplifiy the management of different sandboxes and provide some implementations based on popular sandbox.
containerd/runwasi support integrate kubernetes with wasm workloads,
kata-containers support integrate kubernetes with lightweight VMs,
gVisor/runsc support integrate kubernetes with gVisor sandbox,
firecracker-containerd support integrate kubernetes with Firecracker microVMs.
https://landscape.cncf.io/?selected=kuasar
N/A
CNCF TAG Runtime Presentation:
https://docs.google.com/document/d/1k7VNetgbuDNyIs_87GLQRH2W5SLgjgOhB6pDyv89MYk/edit#heading=h.otyvkecgzybr
Slide: https://docs.google.com/presentation/d/1SKMaCuwJI5jU2hGkB3ns14i5xLqOolDMJZfZBW70E7k/edit#slide=id.g23d32d0c81c_0_112
N/A
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.