Use Cases

The Sysbox runtime enables the use of containers for several use cases that extend beyond microservices.


Kubernetes-in-Docker (aka KinD) means using Docker containers as Kubernetes nodes (instead of physical hosts or VMs). A K8s cluster is a collection of Docker containers (see figure).

This is very useful for development, testing, and CI/CD.

Although tools exist to run Kubernetes-in-Docker, due to limitations of the OCI runc, these use complex container images and very unsecure privileged containers. This removes flexibility and does not isolate the cluster properly (giving the cluster control of the host via "/proc" for example).

Sysbox removes both of these limitations, enabling you to deploy the cluster with simple images, using the configuration you want, and with proper isolation. 

It also ensures you can run multiple K8s clusters on the same host without them potentially stepping on each other via "/proc". 

You can deploy the cluster using simple Docker run commands, with a forked version of the kind tool, or with Nestybox's kindbox tool (to take full advantage of Sysbox).


Sysbox is fast and very efficient: you can deploy a 10-node cluster on a laptop in less than 2 minutes with only 1GB of storage overhead.


Docker Sandboxing

It's often useful for software developers to have a dedicated Docker sandbox environment, inside of which they can work with containers in isolation.

While the concept of running the Docker daemon inside a container has been around for a while, it has up to now required a customized container image and unsecure privileged containers.

Sysbox removes these limitations, enabling you to run Docker inside a container seamlessly and with strong isolation (via the Linux user namespace).

This ensures you can easily and securely deploy Docker sandboxes using containers, saving you the hassle and cost of having to provision a VM for this.

Moreover, Sysbox makes it easy to preload inner container images into the outer container using a Dockerfile or Docker commit.

This increases agility as the container image acts as a preconfigured virtual host, one that can be deployed on your development machine or in any cloud, in seconds.



Sysbox can be used to expand the capabilities of CI/CD pipelines.

Many CI/CD frameworks use Docker containers as the unit of job execution. 

By using Sysbox, these job containers can now be used to build and run containers within them, and even to deploy Kubernetes clusters.

Sysbox enables you to do this efficiently and with proper isolation, ensuring that multiple such jobs don't step on each other.

This increases agility and saves cost, for example by allowing you to test your application's microservices within dedicated and ephemeral K8s-in-Docker clusters as opposed to resorting to costly K8s clusters on the cloud.



(Mon - Fri, 9am to 5pm Pacific Time)

© 2020, Nestybox, Inc.

San Jose, California, United States