Add PIDs cgroup support to runC and Dockeran invention by cyphar Currently, dealing with forkbombs and similar issues with Docker and runC is not very nice (you have to set a global limit for all Docker processes or you have to limit kernel memory which isn't very practical). I'm going to work on getting some [patches][2] merged into runC and Docker to enable PIDs support for Docker. |
Rootless Containersan invention by cyphar In many cases, people want to start containers on a system where the administrator is not happy about granting privileges to users or installing any new software. For example, when I was a researcher and wanted to run Python 3 on a computing cluster it was not possible to get the administrator to install Docker or Python 3. In recent Linux kernels, it has been possible to create containers without any privileges. All that's missing is a container runtime that allows you to do this. LXC is close but falls short (it requires certain privileged processes and PAM modules for everything to work). |
SLES/openSUSE integration for Claira project by tboerger Clair is a static vulnerability analyzer for containers. Currently it supports containers based on Debian, Ubuntu and RedHat. I already started this project on the CSM workshop, now I want to finish the integration for openSUSE and SLES based container images. You can track the changes at https://github.com/coreos/clair/pull/199. |
OCI Image Distribution with RPMsa project by cyphar Currently the Open Container Initiative doesn't specify a distribution protocol or system, and the current "standard" format is the Docker registry protocol. Aside from technical reservations with Docker registry, it is also not an OCI-compliant system and will require a lot of work to integrate it into all of the openSUSE/SUSE tooling.
So, a very insane idea I came up with is to convert OCI images to RPMs and then distribute them as simple RPMs. The idea would be to use capabilities ( |
Kubic Desktop - aka Sgt Peppers Read Only Hearts Club Banda project by RBrownSUSE The Kubic Project currently produces a "CaaSP-like" Tumbleweed OS, focused on Kubernetes clusters However many of the attributes of Kubic (read-only filesystem, transactional updates, containerised services) could be an interesting platform for another use A Chromebook-like Linux Desktop |
Learn more about container from SUSE CaaS Platforma project by xguo How to deploy container - Docker based on SUSE CaaS Platform. |
Kernel Boot/Testing Framework with LinuxKita project by vrothberg Problem statementOnce a kernel is built, a developer/janitor may want to boot the kernel for various reasons, such as performing simple boot test or running tests and workloads from user space or simply playing around in a shell. However, an easy to use and a descriptive tool to perform those tasks doesn't exist to our knowledge. |
move concourse instance from bare-metal to caasp production instancea project by m_meister Right now our concourse instance http://salzbreze.suse.de:8080 runs containerized (via docker-compose) on bare metal We already have a production caasp instance, so we can already move it there |
kubeojo: Health metrics for products and testsuitesa project by dmaiocchi Updated over 2 years ago. 2 hacker ♥️. 1 follower. |
OpenShift Origin on Kubica project by RBrownSUSE The incredible Neal Gompa has packaged Open Shift Origin (RH's core Docker + Kubernetes stack) for openSUSE Links: |
Architecting a Machine Learning project with SUSE CaaSPan invention by jordimassaguerpla The goal of this project is to get an overview of the state-of-the-art technology on training and deploying machine learning projects with kubernetes and apply that to a SUSE CaaSP cluster. With that in mind, we will train and deploy a model for summarizing github issues: |
Hammer an Envoy service mesh onto a SAP S4/HANA landscape and watch everything explode.a project by STorresi Although CNCF projects are almost exclusively related to Linux containers, some ideas, like wrapping all the services into network proxies to create a distributed data-plane and enable true observability, could perhaps be explored for some kind of backport in complex legacy distributed systems, like... say... S4/HANA?! I don't even know if this is feasible, but trying won't hurt... just stand at a safe distance from the cluster! |
Modernize Mash deploymenta project by seanmarlow Mash is a Python based CI/CD pipeline for automated testing and publishing of public cloud images. Currently the production and development deployment for the package is inconsistent, slow and manual. This is a barrier to rapid development, deployment and testing. It also means the development workflow is different than production. This can lead to production issues which were not seen during development. In order to modernize the Mash workflow I plan to spend the week digging into a plethora of tools to first learn then build out a new workflow. The goal is to simplify deployment by choosing tools that provide consistency, modularity and repeatability. By leveraging the best tools available we can harden the code and accelerate the release cycle. |
Run VMs in CaaSP 4 cluster with SUSE-powered kubevirta project by jfehlig This project aims to run VMs in a CaaSP 4 cluster using kubevirt and a libvirt+qemu container (aka compute container) based on SLES15 SP1/2. Compute containers based on openSUSE Leap15.1 and SLES15 SP1 already available in registry.opensuse.org and registry.suse.com respectively. VMs can be deployed to the cluster but there are several functional problems that need investigating, e.g. accessing the VM's serial and VNC consoles, proper network access, etc. |
Packaging libnvidia-containers and nvidia-container-runtime-hookan invention by jordimassaguerpla This is a follow up to https://hackweek.suse.com/projects/architecting-a-machine-learning-project-with-suse-caasp. In the last hackweek I learned that in order to run machine learning workflows on top of SUSE CaaSP, the missing piece is to have libnvidia-containers and nvidia-containers-runtime-hook packaged. |
Migrate suntorytimed/resourcespace container to an openSUSE basea project by suntorytimed Project DescriptionFor quite some time I am providing a ResourceSpace container on Docker Hub. It is meanwhile pulled about 234K times but unfortunately still based on Ubuntu. Meanwhile I have updated the base to Ubuntu 20.04, but I would like to move it to openSUSE instead. With ResourceSpace 9.5 coming out soon I see a possibility of introducing this switch. Enno Gotthold also did a great job of packaging ResourceSpace on OBS, so this could be used as a starting point for the container. |
Uyuni/SUSE Manager containerization projecta project by moio Deploy Uyuni as an app from the Rancher marketplace - or install via Helm on any Kubernetes cluster, on any OS, or any Public Cloud. The dream |
containerizing MicroOS Desktop componentsa project by fcrozat Project DescriptionMoving as much as possible of MicroOS Desktop into containers. |
Rancher & Gardener: Stronger Togetheran idea by mlnoga Project DescriptionGardener is SAP's portable Kubernetes distribution and management framework, which aims to create a common base layer for current and future SAP applications and services. Rancher is the leading management framework for arbitrary Kubernetes distributions. Wouldn't it be great if Rancher and Gardener could work together, and Gardner became a first-class citizen in Rancher? |
Near-zero downtime upgrades for stateful services with Rancheran idea by mlnoga Project DescriptionContainers are great for scaling stateless services and making them robust. However, stateful services like databases continue to pose challenges. In particular, upgrading a running database service to a new version with near zero downtime is not trivial. Wouldn't it be great if a helm chart or K8S operator could automatically take care of this for you? This would allow you to fire up a database in your K8S cluster and consume it as-a-service. And put us one step closer to building a private cloud that runs anywhere, powered by pure open source. |
Hack current YES Certification SCK with containers and/or public cloud, seperately SLE Microa project by Jackman1 Project DescriptionUsing beta SCK 8.6, attempt to look at hacking options with containers and/or public cloud using Azure or AWS. Do the same thing, completely separate, but using SLE Micro. Probably be a hodgepodge during hack week; but I'll have to get some work done during the week...so it will be perfect for me. |
multipath-tools: improve CIa project by mwilck Project Descriptionmultipath-tools is in urgent need of better CI, both unit tests and "real world" tests. We a very basic set of unit tests, but the coverage is miserable. Also, there's some minimal github workflow code, which could be improved a lot while I'm learning about github workflows. |
WASM support for cloud native buildpacksan idea by atgracey Project DescriptionThe wasm ecosystem is becoming more mature and feature rich. With this, I'd like to allow developers to run their code in wasm without needing to know how to set up their tooling or build the binary. Because of this, I think it would be interesting to extend cloud native buildpacks so you can build wasm-oci images in any of the platforms that support buildpacks. |
Uyuni/SUSE Manager Server Helm chart on k3sa project by moio Building on the lessons learned in the previous HackWeek, attack the Server specifically to create a set of containers deployable on k3s via Helm. |
Package docker compose v2an idea by hennevogel Package compose and compose-switch to replace the python-docker-compose. |