A lightweight OCI-compatible container runtime and image manager written in Go. Build, run, and distribute containers with Linux namespace isolation, cgroup resource control, and zero daemon requirements.
# Run a container with Koder Box $ kbox run -d --name web \ -p 8080:80 \ -v ./app:/usr/share/nginx/html \ nginx:alpine # Container started in 38ms # Memory: 4.2 MB RSS # PID: 29451 (no daemon)
Everything you need, built from the ground up.
No background daemon required. Each container runs as a direct child process, simplifying debugging, logging, and resource accounting.
Fully compatible with OCI image and runtime specs. Pull from Docker Hub, GHCR, or any OCI registry without conversion.
Written in Go with a minimal footprint. Native Linux namespaces and cgroup v1/v2 integration deliver fast container starts with predictable resource limits.
Run containers as unprivileged users out of the box with user namespace mapping, no suid binaries, and full seccomp/AppArmor profiles.
Dockerfile-compatible build engine with layer caching, multi-stage builds, and BuildKit-style cache mounts — no separate buildx plugin needed.
Define multi-container stacks with a simple YAML format compatible with Docker Compose files. Network, volume, and dependency management included.
Copy-on-write filesystem using overlayfs or native btrfs/zfs snapshots for instant container cloning and efficient disk usage.
First-class NVIDIA and AMD GPU support for AI/ML workloads with automatic device mapping and driver injection.
Built-in lightweight OCI registry for air-gapped environments and local development — no external dependencies.
CRIU-based live migration and checkpoint/restore for stateful containers with near-zero downtime.
Dockerfile-compatible builds with intelligent layer caching and parallel stage execution.
# Build with layer caching $ kbox build -t myapp:latest . # Step 1/8: FROM node:20-alpine # Step 2/8: COPY package*.json ./ # -> Using cache (hit) # Built in 2.1s (7 layers cached)
Manage multi-container applications with a familiar YAML syntax, fully compatible with Docker Compose.
# stack.yml services: api: image: myapp:latest ports: ["3000:3000"] db: image: postgres:16 volumes: ["pgdata:/var/lib/postgresql/data"]
Built-in OCI registry for local development and air-gapped deployments.
# Start local registry $ kbox registry start --port 5000 # Push image $ kbox push localhost:5000/myapp:v1 # Sign image $ kbox sign localhost:5000/myapp:v1
See how Koder Box stacks up against the competition.
| Feature | Koder Box | Docker | Podman | containerd | LXC |
|---|---|---|---|---|---|
| Daemonless architecture | ✓ | — | ✓ | ✓ | ✓ |
| Rootless by default | ✓ | — | ✓ | Partial | Partial |
| OCI image compatible | ✓ | ✓ | ✓ | ✓ | — |
| Built-in image builder | ✓ | ✓ | ✓ | — | — |
| Built-in compose | ✓ | ✓ | ✓ | — | — |
| Built-in registry | ✓ | — | — | — | — |
| GPU passthrough | ✓ | ✓ | ✓ | ✓ | ✓ |
| Sub-50ms start time | ✓ | — | — | ✓ | ✓ |
For most workflows, yes. Koder Box supports the same CLI commands, Dockerfile syntax, and Compose files. You can alias 'docker' to 'kbox' and existing scripts will work without modification.
Yes. Koder Box implements the CRI (Container Runtime Interface) and can serve as the container runtime for kubelet, replacing containerd or CRI-O in any Kubernetes cluster.
Go provides an excellent balance of performance, safety, and ecosystem maturity for systems programming. Koder Box compiles to a single static binary under 15 MB with CGO disabled — easy to deploy and redistribute on any Linux distribution.
Absolutely. Koder Box pulls from any OCI-compliant registry including Docker Hub, GitHub Container Registry, Amazon ECR, Google Artifact Registry, and private registries.
Yes. Rootless mode is the default and recommended configuration. It uses user namespaces, slirp4netns for networking, and fuse-overlayfs for storage — all battle-tested in production environments.
Containers Without the Overhead