DEVOPSdigest asked experts from across the IT industry for their opinions on the top tools to support DevSecOps. Part 3 covers security and monitoring ...
Docker announced the Moby Project and LinuxKit - two collaborative projects that provide a new model for cross-ecosystem collaboration and the advancement of containerized software.
Containers today are driving change in all major technology platforms from the datacenter to the cloud to the Internet of Things (IoT). The Moby Project was developed to provide the container ecosystem with a way to fulfill this demand with a comprehensive project for collaborating on interchangeable components, such as the operating systems, orchestration frameworks or infrastructure management. Contributors can leverage well-tested common components to build more specialized container systems more rapidly -- already used in millions of deployments--while differentiating on features. Participants choose from a library of more than 80 components derived from Docker or they can elect to “bring your own components” (BYOC) packaged as containers with the option to mix and match among all of the components to create a customized container system.
“We are entering the next phase of container innovation with the drive for containers going beyond cloud native to more mainstream deployments across every category of computing from server to cloud to IoT to mobile,” said Solomon Hykes, Founder and CTO of Docker. “This project will be the most important project at Docker since the launch of Docker itself as it provides the ecosystem with a way to create, share, use and build container systems in a way that hasn’t been possible with any open source project in the past. Docker will use Moby for its open source and will collaborate on everything from architecture to design to experimentation with bleeding edge features. Essentially anything that can be containerized can be a Moby component, providing a great opportunity for collaboration with other projects outside of Docker.”
LinuxKit: A Toolkit for Building Secure, Lean and Portable Linux Subsystems
One of the key components for building container platforms is the OS itself. Over the past year, Docker developed a toolkit to assemble custom Linux subsystems with the initial intention to create a more native experience for its desktop (Windows, Mac) and cloud platforms. Today, the company announces it is spinning out this toolkit, LinuxKit, to provide the community with a solution for creating a custom OS. Battle tested by the millions of Docker for Mac and Docker for Windows users, LinuxKit is secure, lean, portable and container native.
LinuxKit has been developed in collaboration with leading companies such as silicon partner ARMl, infrastructure providers like HPE and cloud companies including Microsoft and IBM. As of today, it has been open sourced and will be managed under an open-governance by the Linux Foundation.
Secure by Default for the Container Era
LinuxKit allows users to create very secure Linux subsystems because it is designed around containers. All of the processes, including system daemons, run in containers, enabling users to assemble a Linux subsystem with only the needed services. As a result, systems created with LinuxKit have a smaller attack surface than general purpose systems. It also provides a read-only root file-system for an immutable infrastructure approach to deployments enabled by InfraKit. LinuxKit will have a community-first security process and will serve as an incubator for security-related innovations like Wireguard and Landlock.
Because LinuxKit is container-native, it has a very minimal size - 35MB with a very minimal boot time. All system services are containers, which means that everything can be removed or replaced. LinuxKit’s container native approach means that it is highly portable and can work in many environments: desktop, server, IOT, mainframe, bare metal and virtualized systems.
LinuxKit was open sourced on stage at DockerCon; which coincided with Microsoft premiering its Linux Container on Windows Server and highlighting collaboration with LinuxKit in the realm of Hyper-V isolation.