9 repositorios
Executing the primary startup command defined in a container image manifest.
Distinct from CLI Entrypoints: Existing candidates focus on CLI apps or web bundles, not OCI container runtime entrypoints.
Explore 9 awesome GitHub repositories matching devops & infrastructure · Container Entrypoint Execution. Refine with filters or upvote what's useful.
Tini is a lightweight process management tool designed to act as the entrypoint for OCI compliant containers. It functions as a minimal init process that manages the lifecycle of a primary child process, preventing the root process from ignoring critical termination signals. The project focuses on signal proxying and zombie process reaping. It forwards system signals from the container runtime to child processes and process groups to ensure graceful shutdowns. Additionally, it automatically collects terminated child processes to prevent the process table from filling with defunct entries. Ti
Acts as a lightweight wrapper for OCI compliant containers that prevents the primary process from ignoring critical termination signals.
This project is a collection of pre-configured Docker images that provide ready-to-run environments for interactive computing and data science. It functions as a scientific computing stack and a polyglot notebook server, bundling language interpreters and libraries for Python, R, and Julia within a containerized system to ensure reproducible research environments. The collection uses a layered image hierarchy to provide versioned software dependencies and support for hardware acceleration across different CPU architectures. It allows for the creation of custom images based on a foundation of
Provides startup scripts that execute at container launch to configure user identities and server settings.
dockerlabs is a collection of educational labs and technical tutorials designed to teach the fundamentals of containerization and microservice architecture. It provides instructional material and hands-on exercises covering image optimization, security training, infrastructure setup, and cluster orchestration. The project features specific courses and guides focused on reducing image size through multi-stage builds, securing workloads via vulnerability scanning and encrypted networks, and deploying multi-node clusters with high availability using Swarm orchestration. The materials cover a br
Teaches how to override a container's default startup command to execute alternative processes during runtime.
This project is a collection of curated and standardized Docker base images that serve as reliable starting points for building containerized applications. It functions as an OCI container image repository and a build template library, providing a central source of truth for images that adhere to Open Container Initiative standards for portability. The project utilizes an automated image lifecycle pipeline to build, tag, and push images, ensuring that dependencies remain current and security patches are applied. It specifically supports cross-platform distribution by providing a multi-archite
Configures the primary executable entrypoint so containers function as dedicated command-line tools.
gosu es un conmutador de identidad de usuario basado en Go y envoltorio de proceso diseñado para ejecutar comandos bajo una identidad de usuario y grupo específica. Funciona como un binario ligero para cambiar identidades de usuario y reenviar señales antes de ejecutar un proceso de destino. La herramienta se centra en la optimización del punto de entrada del contenedor y la gestión de usuarios dentro de contenedores Docker. Permite la ejecución de procesos como usuarios no root mientras garantiza que las señales del sistema operativo lleguen al proceso hijo y que el comando de destino se establezca como el proceso principal. La utilidad gestiona el cambio de identidad de procesos de Linux y la ejecución de procesos privilegiados. Utiliza llamadas al sistema para el cambio de identidad y proporciona herencia de flujo estándar para conectar el proceso de destino a los flujos de entrada y salida existentes.
Optimizes container entrypoints to avoid PID 1 signal forwarding issues common with shell wrappers.
The OCI Container Image Specification is a standardized format for container images that ensures interoperability between different build tools and runtimes. It serves as a distribution standard for structuring image blobs and manifests, providing a consistent way to transfer data between registries and clients. The specification employs a content-addressable storage standard that identifies image layers and manifests using cryptographic digests to ensure data integrity. It includes a JSON-based configuration schema for defining execution metadata, such as entrypoints and environment variable
Provides a JSON-based specification for defining execution metadata like entrypoints and environment variables.
Lando is a Docker development environment manager and local development orchestrator used to create isolated application stacks. It functions as a web development stack provisioner that coordinates web servers, databases, and runtimes to ensure consistent environment parity across different operating systems. The project distinguishes itself through recipe-based environment bootstrapping for common stacks such as LAMP, LEMP, and MEAN, as well as dedicated provisioning for CMS platforms like WordPress, Drupal, and Joomla. It further differentiates its capabilities by acting as a remote hosting
Enables the specification of custom entrypoints for containers to override default startup behavior.
Este proyecto es una colección de mejores prácticas y plantillas curadas para construir imágenes de Docker seguras, estables y listas para producción. Proporciona estándares para la optimización de imágenes OCI y una guía para implementar configuraciones estándar de la industria en entornos de contenedores. El repositorio ofrece patrones específicos para el endurecimiento de seguridad, como la implementación de ejecución de usuario no root con IDs estáticos para prevenir la escalada de privilegios en el host. También proporciona plantillas estructurales para builds multietapa para separar las dependencias de tiempo de compilación del entorno de ejecución final. Capacidades adicionales cubren la gestión de procesos de contenedores utilizando sistemas init ligeros para manejar señales del sistema y prevenir procesos zombi. El proyecto también incluye métodos para asegurar la reproducibilidad de las builds mediante imágenes base con versiones fijadas y configuraciones de red para resolver fallos de DNS en runtimes de Linux y macOS heredados.
Optimizes container startup scripts to provide better ergonomics for passing command-line arguments.
proot-distro is a rootless container runtime and Linux distribution manager that allows users to install and run isolated guest environments without requiring administrative root privileges. It utilizes PRoot to simulate root access and filesystem redirection, enabling the deployment of full Linux distributions in a non-root space. The project functions as an OCI container image handler, capable of building, pulling, and pushing OCI-compatible images and manifests. It further serves as a cross-architecture execution layer, utilizing user-mode emulation to run binaries and containers built for
Executes the predefined entrypoint and command from an image manifest to simulate standard runtime execution.