{"id":41214194,"url":"https://github.com/migetapp/container-os","last_synced_at":"2026-04-02T17:07:11.790Z","repository":{"id":318972501,"uuid":"1076948909","full_name":"migetapp/container-os","owner":"migetapp","description":"Minimal, production-ready container operating systems by Miget — built on Ubuntu and Alpine with selectable runtimes (Docker, Podman) for secure, cloud-native workloads.","archived":false,"fork":false,"pushed_at":"2026-03-22T05:54:17.000Z","size":119,"stargazers_count":4,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-22T20:39:04.029Z","etag":null,"topics":["alpine","cloud-native","container-os","docker-runtime","immutable-os","linux-base-image","microvm","miget","paas","paas-services","podman","ubuntu"],"latest_commit_sha":null,"homepage":"https://miget.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/migetapp.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-15T15:04:58.000Z","updated_at":"2026-03-13T12:23:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"0024603e-37e2-4b65-87af-a04848e08c5b","html_url":"https://github.com/migetapp/container-os","commit_stats":null,"previous_names":["migetapp/container-os"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/migetapp/container-os","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/migetapp%2Fcontainer-os","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/migetapp%2Fcontainer-os/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/migetapp%2Fcontainer-os/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/migetapp%2Fcontainer-os/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/migetapp","download_url":"https://codeload.github.com/migetapp/container-os/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/migetapp%2Fcontainer-os/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31311159,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alpine","cloud-native","container-os","docker-runtime","immutable-os","linux-base-image","microvm","miget","paas","paas-services","podman","ubuntu"],"created_at":"2026-01-22T23:54:10.013Z","updated_at":"2026-04-02T17:07:11.784Z","avatar_url":"https://github.com/migetapp.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Miget Container OS\n\nMiget Container OS provides the base runtime used by [Miget's](https://miget.com) Platform-as-a-Service and Cloud offerings. Each image bundles the tooling required to run container workloads inside a Miget MicroVM, delivering strong isolation while keeping familiar Docker or Podman workflows.\n\n## What is a MicroVM?\n\nMiget MicroVMs are lightweight virtual machines tailored for container execution. They boot a minimal userland, expose only the services required for workload orchestration, and rely on hardware virtualization for strong isolation. Compared with traditional nested containers, MicroVMs eliminate the need for user-namespace tricks or rootless shims-the workload runs with full privileges inside the VM while the host maintains isolation boundaries.\n\n## Current Release: 1.0.17\n\n### Component Versions\n\n| Component | Ubuntu 22.04\u003cbr/\u003edockerd | Ubuntu 22.04\u003cbr/\u003epodman | Ubuntu 24.04\u003cbr/\u003edockerd | Ubuntu 24.04\u003cbr/\u003epodman | Alpine 3.19\u003cbr/\u003edockerd | Alpine 3.19\u003cbr/\u003epodman | Alpine 3.20\u003cbr/\u003edockerd | Alpine 3.20\u003cbr/\u003epodman | Alpine 3.21\u003cbr/\u003edockerd | Alpine 3.21\u003cbr/\u003epodman | Alpine 3.22\u003cbr/\u003edockerd | Alpine 3.22\u003cbr/\u003epodman |\n|-----------|:----------:|:----------:|:----------:|:----------:|:----------:|:----------:|:----------:|:----------:|:----------:|:----------:|:----------:|:----------:|\n| **Docker Compose** | v5.1.1 | v5.1.1 | v5.1.1 | v5.1.1 | v5.1.1 | v5.1.1 | v5.1.1 | v5.1.1 | v5.1.1 | v5.1.1 | v5.1.1 | v5.1.1 |\n| **Docker CE** | 5:29.3.1-1\\~ubuntu.22.04\\~jammy | - | 5:29.3.1-1\\~ubuntu.24.04\\~noble | - | 25.0.5-r1 | - | 26.1.5-r0 | - | 27.3.1-r5 | - | 28.3.3-r5 | - |\n| **Podman** | - | 3.4.4+ds1-1ubuntu1.22.04.3 | - | 4.9.3+ds1-1ubuntu0.2 | - | 4.8.3-r3 | - | 5.2.5-r0 | - | 5.3.2-r5 | - | 5.6.2-r3 |\n| **Containerd** | 2.2.2-1\\~ubuntu.22.04\\~jammy | - | 2.2.2-1\\~ubuntu.24.04\\~noble | - | 1.7.10-r3 | - | 1.7.17-r2 | - | 2.0.0-r5 | - | 2.1.5-r2 | - |\n| **OpenSSH** | 1:8.9p1-3ubuntu0.14 | 1:8.9p1-3ubuntu0.14 | 1:9.6p1-3ubuntu13.15 | 1:9.6p1-3ubuntu13.15 | 9.6_p1-r2 | 9.6_p1-r2 | 9.7_p1-r5 | 9.7_p1-r5 | 9.9_p2-r0 | 9.9_p2-r0 | 10.0_p1-r10 | 10.0_p1-r10 |\n| **Supervisor** | 4.2.1-1ubuntu1 | 4.2.1-1ubuntu1 | 4.2.5-1ubuntu0.1 | 4.2.5-1ubuntu0.1 | 4.2.5-r4 | 4.2.5-r4 | 4.2.5-r5 | 4.2.5-r5 | 4.2.5-r5 | 4.2.5-r5 | 4.2.5-r5 | 4.2.5-r5 |\n\n\u003e **Note**: All images include standalone docker-compose binary at `/usr/local/bin/docker-compose`, independent of the docker-compose-plugin that comes with Docker CE.\n\n## Supported tags and respective Dockerfiles\n\n- **Alpine 3.19 dockerd**\n\n  `1.0.17-alpine-3.19.9-dockerd`, `1.0.17-alpine3.19-dockerd`, `1.0.17-alpine3.19`, `alpine3.19`, `stable-alpine3.19-dockerd`\n  ([`dockerfiles/alpine/3.19/dockerd.Dockerfile`](dockerfiles/alpine/3.19/dockerd.Dockerfile))\n\n- **Alpine 3.19 podman**\n\n  `1.0.17-alpine-3.19.9-podman`, `1.0.17-alpine3.19-podman`, `stable-alpine3.19-podman`\n  ([`dockerfiles/alpine/3.19/podman.Dockerfile`](dockerfiles/alpine/3.19/podman.Dockerfile))\n\n- **Alpine 3.20 dockerd**\n\n  `1.0.17-alpine-3.20.9-dockerd`, `1.0.17-alpine3.20-dockerd`, `1.0.17-alpine3.20`, `alpine3.20`, `stable-alpine3.20-dockerd`\n  ([`dockerfiles/alpine/3.20/dockerd.Dockerfile`](dockerfiles/alpine/3.20/dockerd.Dockerfile))\n\n- **Alpine 3.20 podman**\n\n  `1.0.17-alpine-3.20.9-podman`, `1.0.17-alpine3.20-podman`, `stable-alpine3.20-podman`\n  ([`dockerfiles/alpine/3.20/podman.Dockerfile`](dockerfiles/alpine/3.20/podman.Dockerfile))\n\n- **Alpine 3.21 dockerd**\n\n  `1.0.17-alpine-3.21.6-dockerd`, `1.0.17-alpine3.21-dockerd`, `1.0.17-alpine3.21`, `alpine3.21`, `stable-alpine3.21-dockerd`\n  ([`dockerfiles/alpine/3.21/dockerd.Dockerfile`](dockerfiles/alpine/3.21/dockerd.Dockerfile))\n\n- **Alpine 3.21 podman**\n\n  `1.0.17-alpine-3.21.6-podman`, `1.0.17-alpine3.21-podman`, `stable-alpine3.21-podman`\n  ([`dockerfiles/alpine/3.21/podman.Dockerfile`](dockerfiles/alpine/3.21/podman.Dockerfile))\n\n- **Alpine 3.22 dockerd**\n\n  `1.0.17-alpine-3.22.3-dockerd`, `1.0.17-alpine3.22-dockerd`, `1.0.17-alpine3.22`, `alpine3.22`, `latest-alpine`, `stable-alpine3.22-dockerd`\n  ([`dockerfiles/alpine/3.22/dockerd.Dockerfile`](dockerfiles/alpine/3.22/dockerd.Dockerfile))\n\n- **Alpine 3.22 podman**\n\n  `1.0.17-alpine-3.22.3-podman`, `1.0.17-alpine3.22-podman`, `stable-alpine3.22-podman`\n  ([`dockerfiles/alpine/3.22/podman.Dockerfile`](dockerfiles/alpine/3.22/podman.Dockerfile))\n\n- **Ubuntu 22.04 dockerd**\n\n  `1.0.17-ubuntu-22.04-dockerd`, `1.0.17-ubuntu22-dockerd`, `1.0.17-ubuntu22`, `ubuntu22`, `stable-ubuntu22-dockerd`\n  ([`dockerfiles/ubuntu/22.04/dockerd.Dockerfile`](dockerfiles/ubuntu/22.04/dockerd.Dockerfile))\n\n- **Ubuntu 22.04 podman**\n\n  `1.0.17-ubuntu-22.04-podman`, `1.0.17-ubuntu22-podman`, `stable-ubuntu22-podman`\n  ([`dockerfiles/ubuntu/22.04/podman.Dockerfile`](dockerfiles/ubuntu/22.04/podman.Dockerfile))\n\n- **Ubuntu 24.04 dockerd**\n\n  `1.0.17-ubuntu-24.04-dockerd`, `1.0.17-ubuntu24-dockerd`, `1.0.17-ubuntu24`, `ubuntu24`, `latest`, `stable-ubuntu24-dockerd`\n  ([`dockerfiles/ubuntu/24.04/dockerd.Dockerfile`](dockerfiles/ubuntu/24.04/dockerd.Dockerfile))\n\n- **Ubuntu 24.04 podman**\n\n  `1.0.17-ubuntu-24.04-podman`, `1.0.17-ubuntu24-podman`, `stable-ubuntu24-podman`\n  ([`dockerfiles/ubuntu/24.04/podman.Dockerfile`](dockerfiles/ubuntu/24.04/podman.Dockerfile))\n\n\n## Image Matrix\n\nImages are generated from the templates in `templates/` and published under the `miget/container-os` repository on Docker Hub. Variants exist for:\n\n- Ubuntu 22.04 \u0026 24.04 with either dockerd or podman\n- Alpine 3.19, 3.20, 3.21, 3.22 with either dockerd or podman\n\nConcrete Dockerfiles are rendered into `dockerfiles/\u003cos\u003e/\u003cversion\u003e/\u003cengine\u003e.Dockerfile` for each supported combination.\n\n## Services Managed by Supervisord\n\nEvery image starts `supervisord`, which launches and supervises the following programs:\n\n- **sshd** – Provides a fully functional remote shell for the `miget` user (SSH key-based)\n- **crond** – Executes scheduled maintenance jobs inside the MicroVM\n- **dockerd** *or* **podman** – Container runtime chosen by the image flavor\n\nDuring boot the entrypoint script prepares `/run/sshd`, `/var/run/sshd`, `/var/spool/cron`, and runtime state for Podman when applicable.\n\n## Running the Images Locally\n\nAll flavors expect privileged execution. When testing, run with `--privileged` (or the equivalent in your orchestration system) and map ports as needed for SSH.\n\n### Ubuntu with dockerd\n\n```bash\ndocker run --rm -d \\\n  --name miget-ubuntu-dockerd \\\n  --privileged \\\n  -p 2222:22 \\\n  miget/container-os:latest\n```\n\n### Ubuntu with podman\n\n```bash\ndocker run --rm -d \\\n  --name miget-ubuntu-podman \\\n  --privileged \\\n  -p 2223:22 \\\n  miget/container-os:ubuntu24-podman\n```\n\n### Alpine with dockerd\n\n```bash\ndocker run --rm -d \\\n  --name miget-alpine-dockerd \\\n  --privileged \\\n  -p 2224:22 \\\n  miget/container-os:alpine3.22\n```\n\n### Alpine with podman\n\n```bash\ndocker run --rm -d \\\n  --name miget-alpine-podman \\\n  --privileged \\\n  -p 2225:22 \\\n  miget/container-os:alpine3.22-podman\n```\n\nThese commands expose SSH on the host for troubleshooting; docker-in-docker or podman-in-podman operations will use the runtime inside the MicroVM.\n\n## Default User and SSH Access\n\nEach image creates a passwordless `miget` user (UID/GID 1000) with an empty `/home/miget/.ssh/authorized_keys`. Supply your public key by mounting a file when launching the container:\n\n```bash\ndocker run --rm -d \\\n  --name miget-ubuntu-dockerd \\\n  --privileged \\\n  -p 2222:22 \\\n  -v $(pwd)/authorized_keys:/home/miget/.ssh/authorized_keys:ro \\\n  miget/container-os:latest\n```\n\nPermissions on the directory (`700`) and file (`600`) are enforced by the image. Connect using:\n\n```bash\nssh -p 2222 miget@localhost\n```\n\n## Privileged Environment Requirements\n\nAll images are intended to run with full privileges. This matches Miget's MicroVM execution model and avoids brittle rootless/container hacks. When running under Kubernetes or Docker, ensure the pod or container is privileged; the workflows expect access to `/dev/fuse`, iptables, and kernel features commonly restricted in non-privileged contexts.\n\n## Contributing\n\nSee `DEVELOPMENT.md` for contributor workflow details, including local development setup, manifest updates, validation, and publishing pipelines.\n\n## License\n\nCopyright © 2025 [Miget](https://miget.com)\n\nLicensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmigetapp%2Fcontainer-os","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmigetapp%2Fcontainer-os","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmigetapp%2Fcontainer-os/lists"}