Sysbox

An open-source, next-generation container runtime (runc).

Works below Docker / Containerd (no need to learn new tools).

Empowers containers to run software such as systemd, Docker, Kubernetes, and legacy apps, seamlessly and securely.

sysbox-diagram.PNG

No need to learn new tools. Use Docker and Kubernetes as usual.

See it at work ...

sysbox-intro-demo-figure.PNG
Octocat.png
 

Features

Anything-in-Docker

Microservices, Systemd-in-Docker, Docker-in-Docker, Kubernetes-in-Docker, etc. Plus legacy apps too.

OCI-Based

Use Docker and Kubernetes as usual to deploy more secure and powerful containers. Sysbox works under the covers. No need to learn new tools.

Secure

With Sysbox, all containers are strongly isolated via Linux user namespace (root in the container maps to an unprivileged user on the host).

Fast & Efficient

Unmatched speed & efficiency: Deploy a 10-node K8s cluster in under 2 minutes and with only 1GB storage overhead!

See here for more.

Easy

Use simple Docker run commands and container images that you fully control. No need for complex images, host mounts, or custom container entrypoints. 

Baked-in Containers

Easily preload container or pod images using a simple Dockerfile or Docker commit.

Run Sysbox containers along-side regular containers, without conflict.

 

Sysbox is Unique ...

It's the only solution to enable deployment of "VM-like" containers using Docker and Kubernetes,

with strong isolation, bare-metal performance, and no VM overhead.

sysbox-comparison-table.PNG

Design Philosophy

Sysbox is designed with a simple principle:

 

Any software that runs in a VM should run in a container, seamlessly and with strong isolation. 

No need for complex Docker commands, images, entrypoints, or unsecure containers.