Skip to content
/ container-os Public

Minimal, production-ready container operating systems by Miget — built on Ubuntu and Alpine with selectable runtimes (Docker, Podman) for secure, cloud-native workloads.

miget.com

License

Apache-2.0 license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

migetapp/container-os

BranchesTags

Repository files navigation

Miget Container OS

Miget Container OS provides the base runtime used by Miget's Platform-as-a-Service and Cloud offerings. Each image bundles the tooling required to run container workloads inside a Miget MicroVM, delivering strong isolation while keeping familiar Docker or Podman workflows.

What is a MicroVM?

Miget MicroVMs are lightweight virtual machines tailored for container execution. They boot a minimal userland, expose only the services required for workload orchestration, and rely on hardware virtualization for strong isolation. Compared with traditional nested containers, MicroVMs eliminate the need for user-namespace tricks or rootless shims-the workload runs with full privileges inside the VM while the host maintains isolation boundaries.

Current Release: 1.0.0

Component Versions

Component Ubuntu 22.04
dockerd		 Ubuntu 22.04
podman		 Ubuntu 24.04
dockerd		 Ubuntu 24.04
podman		 Alpine 3.19
dockerd		 Alpine 3.19
podman		 Alpine 3.20
dockerd		 Alpine 3.20
podman		 Alpine 3.21
dockerd		 Alpine 3.21
podman		 Alpine 3.22
dockerd		 Alpine 3.22
podman
Docker Compose v2.40.0 v2.40.0 v2.40.0 v2.40.0 v2.40.0 v2.40.0 v2.40.0 v2.40.0 v2.40.0 v2.40.0 v2.40.0 v2.40.0
Docker CE 5:28.5.1-1~ubuntu.22.04~jammy - 5:28.5.1-1~ubuntu.24.04~noble - 25.0.5-r1 - 26.1.5-r0 - 27.3.1-r5 - 28.3.3-r3 -
Podman - 3.4.4+ds1-1ubuntu1.22.04.3 - 4.9.3+ds1-1ubuntu0.2 - 4.8.3-r3 - 5.2.5-r0 - 5.3.2-r5 - 5.6.1-r2
Containerd 1.7.28-1~ubuntu.22.04~jammy - 1.7.28-1~ubuntu.24.04~noble - - - - - - - - -
OpenSSH 1:8.9p1-3ubuntu0.13 1:8.9p1-3ubuntu0.13 1:9.6p1-3ubuntu13.14 1:9.6p1-3ubuntu13.14 9.6_p1-r2 9.6_p1-r2 9.7_p1-r5 9.7_p1-r5 9.9_p2-r0 9.9_p2-r0 10.0_p1-r9 10.0_p1-r9
Supervisor 4.2.1-1ubuntu1 4.2.1-1ubuntu1 4.2.5-1ubuntu0.1 4.2.5-1ubuntu0.1 4.2.5-r4 4.2.5-r4 4.2.5-r5 4.2.5-r5 4.2.5-r5 4.2.5-r5 4.2.5-r5 4.2.5-r5

Note: All images include standalone docker-compose binary at /usr/local/bin/docker-compose, independent of the docker-compose-plugin that comes with Docker CE.

Supported tags and respective Dockerfiles

Image Matrix

Images are generated from the templates in templates/ and published under the miget/container-os repository on Docker Hub. Variants exist for:

  • Ubuntu 22.04 & 24.04 with either dockerd or podman
  • Alpine 3.19, 3.20, 3.21, 3.22 with either dockerd or podman

Concrete Dockerfiles are rendered into dockerfiles/<os>/<version>/<engine>.Dockerfile for each supported combination.

Services Managed by Supervisord

Every image starts supervisord, which launches and supervises the following programs:

  • sshd – Provides a fully functional remote shell for the miget user (SSH key-based)
  • crond – Executes scheduled maintenance jobs inside the MicroVM
  • dockerd or podman – Container runtime chosen by the image flavor

During boot the entrypoint script prepares /run/sshd, /var/run/sshd, /var/spool/cron, and runtime state for Podman when applicable.

Running the Images Locally

All flavors expect privileged execution. When testing, run with --privileged (or the equivalent in your orchestration system) and map ports as needed for SSH.

Ubuntu with dockerd

docker run --rm -d \
  --name miget-ubuntu-dockerd \
  --privileged \
  -p 2222:22 \
  miget/container-os:latest

Ubuntu with podman

docker run --rm -d \
  --name miget-ubuntu-podman \
  --privileged \
  -p 2223:22 \
  miget/container-os:ubuntu24-podman

Alpine with dockerd

docker run --rm -d \
  --name miget-alpine-dockerd \
  --privileged \
  -p 2224:22 \
  miget/container-os:alpine3.22

Alpine with podman

docker run --rm -d \
  --name miget-alpine-podman \
  --privileged \
  -p 2225:22 \
  miget/container-os:alpine3.22-podman

These commands expose SSH on the host for troubleshooting; docker-in-docker or podman-in-podman operations will use the runtime inside the MicroVM.

Default User and SSH Access

Each image creates a passwordless miget user (UID/GID 1000) with an empty /home/miget/.ssh/authorized_keys. Supply your public key by mounting a file when launching the container:

docker run --rm -d \
  --name miget-ubuntu-dockerd \
  --privileged \
  -p 2222:22 \
  -v $(pwd)/authorized_keys:/home/miget/.ssh/authorized_keys:ro \
  miget/container-os:latest

Permissions on the directory (700) and file (600) are enforced by the image. Connect using:

ssh -p 2222 miget@localhost

Privileged Environment Requirements

All images are intended to run with full privileges. This matches Miget's MicroVM execution model and avoids brittle rootless/container hacks. When running under Kubernetes or Docker, ensure the pod or container is privileged; the workflows expect access to /dev/fuse, iptables, and kernel features commonly restricted in non-privileged contexts.

Contributing

See DEVELOPMENT.md for contributor workflow details, including local development setup, manifest updates, validation, and publishing pipelines.

License

Copyright © 2025 Miget

Licensed under the Apache License, Version 2.0. See LICENSE for details.

About

Minimal, production-ready container operating systems by Miget — built on Ubuntu and Alpine with selectable runtimes (Docker, Podman) for secure, cloud-native workloads.

miget.com

Topics

ubuntu alpine paas cloud-native podman paas-services microvm docker-runtime immutable-os container-os miget linux-base-image

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Release v1.0.0 Latest
Oct 15, 2025

Packages

No packages published

Languages