18 Repos
Minimal, hardened, or specialized foundation images for containerized applications.
Distinguishing note: No existing candidates; focuses on the supply chain and composition of container base layers.
Explore 18 awesome GitHub repositories matching devops & infrastructure · Container Base Images. Refine with filters or upvote what's useful.
This project is a comprehensive, community-driven directory that serves as a centralized discovery hub for the container ecosystem. It functions as a structured knowledge base, aggregating a wide array of software tools, educational materials, and technical resources designed to assist developers and operators in mastering containerization technologies. The repository distinguishes itself through a meticulously organized taxonomy that maps the entire container lifecycle, from initial development and image building to orchestration, security, and infrastructure operations. By curating disparat
Offers optimized and hardened base images for containerized application development.
This project is a Docker educational resource and a collection of practical examples designed for learning containerization technologies. It serves as a guide for understanding container fundamentals, including the creation and management of custom images and the use of registries. The repository provides specialized references for container security hardening, such as managing kernel privileges and implementing supply chain security. It also includes tutorials for multi-container orchestration and a DevOps guide focused on CI/CD automation and image optimization. The material covers a broad
Provides criteria for selecting minimal, hardened foundation images for containerized applications.
Distroless provides a collection of security-hardened, minimal base container images designed to reduce attack surfaces by excluding non-essential system utilities, package managers, and shells. These images are constructed to contain only an application and its specific runtime dependencies, enforcing the principle of least privilege by configuring environments for non-root execution. The project distinguishes itself through a focus on supply chain integrity and reproducible builds. It utilizes declarative build configurations to track package versions and validates container image integrity
Offers minimal, language-specific container base images containing only essential runtime dependencies.
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
Supplies optimized, minimal container base images tailored for native executable runtimes.
Cog is a machine learning packaging tool and containerized model wrapper that bundles models and their dependencies into standardized Docker containers. It functions as an environment manager and inference server, ensuring consistent model execution across different hardware systems by resolving GPU drivers, system libraries, and Python dependencies. The project distinguishes itself by automatically generating RESTful HTTP servers and OpenAPI schemas based on defined model input and output types. It manages large model weights as external fixtures to optimize image size and utilizes a slot-ba
Builds standardized Docker containers by resolving GPU drivers and dependencies from a declarative configuration file.
Phusion/baseimage-docker is a minimal Ubuntu-based Docker base image that includes a proper init system for managing multiple services and processes inside a single container. It provides a lightweight init process that reaps zombie processes, forwards stop signals for graceful shutdown, and supervises daemons through runit, restarting them automatically if they crash. The image includes a preconfigured OpenSSH server restricted to public-key authentication for secure shell access to running containers, along with a cron daemon for scheduling recurring tasks. It supports ordered startup scrip
Boots a stripped-down operating system inside a container, omitting unnecessary services to reduce attack surface and image size.
Buildah is a tool for creating OCI-compliant container images without requiring a background daemon process. It functions as a daemonless image constructor and distribution tool, allowing users to build, push, and pull images between local storage and remote registries. The project distinguishes itself by supporting unprivileged image building through the use of user namespaces and rootless mode. It enables direct modification of container root filesystems by mounting them to the host, allowing images to be treated as directories that can be manipulated via standard shell commands or scripts.
Defines base image instructions that execute automatically when used as a parent for new builds.
Pocket ID is a self-hosted OpenID Connect (OIDC) identity provider that replaces traditional passwords with passkey-based authentication using WebAuthn public-key cryptography. It runs as a standalone service on user-managed infrastructure, eliminating shared secrets entirely by authenticating users through passkeys instead of passwords. The project distinguishes itself through security-hardened deployment patterns, including distroless container images, non-root user execution, and read-only root filesystems to reduce the attack surface. It supports configurable token signing algorithms (RSA
Uses a distroless base image that excludes shells and system libraries to minimize the attack surface.
The Operator SDK is a framework for building, packaging, and managing custom controllers that extend the Kubernetes API. It serves as a toolset for defining new API types and implementing reconcile loops to automate the lifecycles of complex applications. The project provides specialized support for creating operators based on Helm charts or Ansible playbooks, allowing users to maintain a desired cluster state using existing automation tools. It includes a dedicated system for packaging controllers into standardized container image bundles for distribution via the Operator Lifecycle Manager.
Allows specifying the foundation container image to ensure compatible runtimes and dependencies for the operator.
This repository provides a Docker base image built on Alpine Linux, designed to produce containers under 5 MB. It is a minimal Linux container image that uses the apk package manager for installing software from the Alpine Linux repository. The image is constructed with a musl-based C library and a BusyBox-based userland, replacing GNU coreutils with a single compact binary. It structures the filesystem as a single root filesystem layer to minimize storage and transfer overhead, and is compatible with multi-stage Docker builds to keep final images lean. The project covers building smaller an
Provides the official Alpine Linux Docker base image, the canonical musl-based container foundation under 5 MB.
Dieses Projekt bietet einen umfassenden Architektur-Blueprint und Implementierungssatz für den Aufbau einer Platform-as-a-Service auf Kubernetes. Es dient als technische Ressource für die Bereitstellung von Container-Orchestrierungsumgebungen, die Verwaltung des gesamten Softwareentwicklungs-Lebenszyklus und die Integration einer vollständigen DevOps-Toolchain. Die Implementierung betont die automatisierte Softwarebereitstellung durch die Integration von Build- und Delivery-Pipelines, privaten Container-Registries und verteilten Konfigurationssystemen. Es ermöglicht die Entkopplung von Anwendungseinstellungen von Images über einen zentralen Konfigurationsmanager, was umgebungsspezifische Updates ohne Neuerstellung von Containern erlaubt. Die Plattform deckt ein breites Spektrum Cloud-nativer Funktionen ab, einschließlich Container-Netzwerk-Orchestrierung, Layer-4- und Layer-7-Traffic-Management sowie Microservice-Orchestrierung mit Rolling-Update-Strategien. Zudem integriert es einen vollständigen Observability-Stack für zentralisiertes Logging, Distributed Tracing und die Visualisierung von Zeitreihenmetriken. Das Projekt ist primär als Sammlung von Shell-Skripten und Konfigurationsdateien implementiert, um die Bereitstellung der Orchestrierungsschicht und der unterstützenden Dienste zu automatisieren.
Creates standardized foundation images with pre-configured agents and timezones for microservices.
This project serves as a documentation hub and specification repository for official Docker images. It functions as a metadata-driven documentation generator that transforms structured content files into markdown files and readmes for public distribution. The repository provides technical guides and configuration standards for deploying containerized software across multiple CPU architectures. It includes detailed manuals for configuring environment variables, volume mounts, and network settings to ensure consistent image deployments. The documentation covers a broad range of containerized e
Provides minimal base images utilizing musl libc and BusyBox to reduce final container sizes.
Tsuru is an open-source platform as a service for automating the build, deployment, and scaling of containerized applications. It functions as a container-based deployment engine and a management layer for Kubernetes, transforming source code into container images and coordinating their lifecycles. The platform is designed for multi-cloud infrastructure management, allowing applications to be distributed across different cloud providers and regions to increase resilience. It features a flexible deployment model that supports multi-process containers, enabling a single repository to run differ
Creates deployable environments by combining base images with language-specific dependencies using buildpack-style synthesis.
This project provides a collection of official base images for building and running .NET applications across various operating systems and hardware architectures. It includes standardized runtime environments, containerized development kits, and specialized images designed for isolated application execution. The collection is distinguished by its focus on image optimization and security hardening. It offers distroless images that remove shells and package managers to reduce the attack surface, as well as composite layering and ahead-of-time compilation to improve startup performance and lower
Provides stripped-down base images containing only essential packages to reduce security risks and startup time.
Strider ist ein CI/CD-Server, der darauf ausgelegt ist, das Bauen, Testen und Bereitstellen von Software durch Continuous-Integration- und Delivery-Pipelines zu automatisieren. Er fungiert als containerisiertes Build-System, das Aufgaben innerhalb isolierter Container ausführt, um konsistente Umgebungen über verschiedene Host-Maschinen hinweg beizubehalten. Die Plattform implementiert ein Configuration-as-Code-Modell und verwaltet Projekteinstellungen sowie Umgebungsvariablen über versionskontrollierte Dateien, um reproduzierbare Workflows zu gewährleisten. Zudem integriert sie sich über LDAP mit externen Verzeichnisservern, um Benutzeridentitäten und administrative Zugriffsberechtigungen zu verwalten. Das System enthält eine RESTful-Automatisierungs-API zur Verwaltung des internen Zustands und zum Auslösen von Pipelines über Web-Requests. Es unterstützt die gleichzeitige Job-Ausführung, um die Verarbeitungszeit zu reduzieren, und bietet ein Plugin-basiertes Erweiterungsmodell zum Hinzufügen benutzerdefinierter Hooks und Benutzeroberflächenelemente.
Automates the packaging and pushing of applications to cloud hosting platforms using standardized buildpacks.
Kubero is a self-hosted Platform as a Service (PaaS) that simplifies the deployment, scaling, and management of containerized applications on Kubernetes. It functions as an application manager, CI/CD orchestrator, and multi-tenant manager, allowing users to run workloads without writing manual configuration files. The platform distinguishes itself through automated image synthesis, transforming source code from Git repositories into deployable containers via buildpacks, Dockerfiles, or nixpacks. It implements a GitOps delivery model with automated pipelines that trigger builds on push events
Transforms source code into deployable container images using buildpacks, nixpacks, or Dockerfiles automatically.
Flox is a Nix environment manager designed to create, share, and maintain reproducible software stacks. It uses declarative manifests to isolate project dependencies and toolchains, ensuring identical runtimes across different machines and operating systems. The platform distinguishes itself by enabling the deployment of imageless workloads to Kubernetes, allowing software to run in pods without traditional container images. It can also synthesize OCI-compliant container images and distroless artifacts directly from declarative environment definitions. The project covers broad capability are
Synthesizes OCI-compliant container images directly from declarative environment manifests.
GLIDE is a generative model designed for text-to-image synthesis, image editing, and the contextual filling of masked image regions. It uses a guided diffusion process to transform random noise into high-resolution imagery that aligns with descriptive text prompts. The system provides specialized capabilities for modifying existing visuals, including the ability to alter specific image elements and iteratively refine selected regions through text-driven guidance. It also functions as an inpainting tool, filling missing or masked sections of an image with new content that blends naturally with
Transforms random noise into high-resolution images through an iterative denoising process guided by text.