A Docker and Kubernetes platform built from scratch in Go and Linux β with AI that can containerize any GitHub repo, even if it has no Dockerfile.
Vedocker is a full container platform I built from the ground up β no Docker Engine, no containerd, no Kubernetes underneath. Every layer was implemented directly in Go using Linux kernel primitives: namespaces, cgroups, root filesystems, process isolation, networking, and iptables-based port publishing.
On top of that engine I built a complete platform: image management, a Dockerfile-style build system, AI-assisted repo deployment, a live web dashboard, and a Kubernetes-style orchestration layer with Pods, Deployments, scaling, reconcile logic, and background self-healing.
The core problem Vedocker solves:
How do you take any raw GitHub repository β even one with no Dockerfile, no setup instructions, and no documentation β and turn it into a live running application in one step?
Paste in a GitHub URL. Vedocker inspects the repo, detects whether a Dockerfile exists, builds and runs it if one is present, and if not β uses AI to generate one, validate it, and continue through the build pipeline automatically.
Most developers have used Docker. Very few have built a Docker-style runtime from scratch.
Most developers have heard of Kubernetes. Very few have built a reconcile loop on top of their own container engine.
Vedocker is not a wrapper. It is not a thin CLI over existing infrastructure tooling. The container runtime, image store, build engine, networking layer, daemon API, and orchestration control plane were all implemented manually, from first principles.
| What most developers do | What Vedocker does |
|---|---|
docker run a container |
Implements create, start, stop, exec, logs using Linux primitives |
docker build an image |
Parses Dockerfile instructions, mutates filesystems, registers images |
kubectl apply a deployment |
Writes desired state, creates replicas, runs reconcile loops, self-heals |
| Paste a Dockerfile into CI | Generates the Dockerfile with AI when one doesn't exist |
The heart of Vedocker. Built in Go using Linux kernel APIs β not Docker.
Supported operations:
| Command | Description |
|---|---|
create |
Allocate a new container with isolated namespaces and cgroups |
start |
Launch the container process in its isolated environment |
stop |
Gracefully terminate the container and clean up |
rm |
Remove container state and metadata |
logs |
Stream stdout/stderr from a running or stopped container |
exec |
Run a command inside a live container |
Under the hood:
- PID namespaces β container processes can't see host processes
- Mount namespaces β isolated root filesystem per container
- Network namespaces β separate network stack per container
- cgroups v1/v2 β CPU and memory resource limits
- iptables β port publishing from host to container
Vedocker manages its own image store and metadata β no Docker daemon or registry client required.
| Operation | What it does |
|---|---|
image pull |
Fetch a base image (e.g. alpine:latest) and register locally |
image build |
Build an image from a Dockerfile against the local image store |
image ls |
List all registered images with ID, name, tag, and size |
image inspect |
Show full metadata for an image |
image import |
Import a tarball as an image |
image export |
Export an image to a tarball |
image rm |
Remove an image from the local store |
A real build system that parses Dockerfile instructions and turns source code into runnable images.
Supported instructions:
FROM alpine:latest
WORKDIR /app
COPY . .
RUN apk add --no-cache nodejs npm
ENV NODE_ENV=production
EXPOSE 3000
CMD ["node", "server.js"]Also supports: multiline RUN, glob patterns in COPY, and automatic base image pulling when a FROM image isn't cached locally.
The killer feature. Paste any GitHub URL β Vedocker does the rest.
βββββββββββββββββββββββ
User pastes GitHub URL β Dockerfile exists? β
β ββββββββββββ¬βββββββββββ
βΌ β
Clone repository Yes βββββββΌββββββ No
β β β
βΌ βΌ βΌ
Inspect repo structure Use existing AI analyzes repo
β Dockerfile structure + stack
β β β
βββββββββββββββββββββββββββββββββ β
β Generate Dockerfile
βΌ Validate output
Build image β
β β
βββββββββββββββββββββββββββββββ
β
βΌ
Start container in runtime
β
βΌ
Expose logs + controls in UI
The AI fallback inspects the repository structure, infers the language and framework, generates a working Dockerfile, validates it, and continues directly into the normal build pipeline. No manual intervention required.
A full frontend dashboard (Vite + Go daemon API) that makes the platform feel like a real product.
Docker view:
- Image list, inspect, pull, remove
- Container list, create, start, stop, remove
- Live log streaming
- GitHub repo deploy with real-time build output
Kubernetes view:
- Pod list, apply, delete
- Deployment list, apply, delete, scale
- Live cluster state
- Reconcile and self-heal controls
After building the container runtime, I built a control plane on top of it.
Pod management:
./minicontainer pod apply hello-pod.yaml
./minicontainer pod ls
./minicontainer pod delete hello-podDeployment management:
./minicontainer deploy apply webdeploy.yaml
./minicontainer deploy ls
./minicontainer deploy scale my-app 3
./minicontainer deploy reconcile my-app
./minicontainer deploy reconcile-allHow reconciliation works:
- Desired state is written to local storage when you apply a Deployment
- The reconcile loop compares desired replicas to running replicas
- Missing replicas are created; extra replicas are terminated
- A background loop runs continuously β if a container dies, Vedocker restarts it automatically
- The Kubernetes dashboard reflects live cluster state at all times
This is genuine desired-state management, not manual container management with extra steps.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Layer 8: Frontend (Vite dashboard) β
β Docker view β’ Kubernetes view β’ Repo deploy UI β’ Log stream β
βββββββββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββ
β HTTP
βββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββ
β Layer 5: Daemon + API (minicontainerd) β
β Container routes β’ Image routes β’ Orchestration endpoints β
β Repo deploy flow β’ AI pipeline trigger β’ Kubernetes data β
ββββββββ¬βββββββββββ¬βββββββββββ¬βββββββββββ¬βββββββββββββ¬βββββββββββββ
β β β β β
ββββββββΌβββ ββββββΌβββββ βββββΌββββ ββββββΌβββββ ββββββΌβββββββββββ
βLayer 1 β βLayer 3 β βLayer 4β βLayer 6 β βLayer 7 β
βRuntime β βImages β βBuilderβ βAI Deployβ βOrchestration β
β β β β β β βPipeline β β β
βcreate β βpull β βFROM β βclone β βPod apply β
βstart β βbuild β βCOPY β βinspect β βDeployment β
βstop β βls β βRUN β βdetect β βReplica mgmt β
βexec β βinspect β βENV β βAI gen β βReconcile loop β
βlogs β βimport β βCMD β βvalidate β βSelf-healing β
βrm β βexport β βEXPOSE β βbuild β β β
ββββββββ¬βββ βββββββββββ βββββββββ βββββββββββ βββββββββββββββββ
β
ββββββββΌβββββββββββββββββββββββββββββββββββ
β Layer 2: Networking β
β Network namespaces β’ IP allocation β
β iptables port publishing β’ NAT/egress β
βββββββββββββββββββββββββββββββββββββββββββ
Package layout:
minicontainer/
βββ main.go β CLI entry point
βββ minicontainerd/ β Daemon binary
βββ minicontainer-ui/ β Vite frontend dashboard
βββ cmd/ β CLI command handlers
βββ pkg/
β βββ container/ β Runtime: create, start, stop, exec, logs
β βββ cgroups/ β Resource limits (CPU, memory)
β βββ network/ β Namespace, IP, iptables
β βββ image/ β Image store and metadata
β βββ deploy/ β Deployment desired-state management
β βββ minicontainerd/ β Daemon HTTP server and routes
βββ deployment.go β Deployment controller
βββ pod.go β Pod controller
βββ service.go β Service object
βββ scripts/
βββ bootstrap.sh β Environment setup script
- Linux (Ubuntu 20.04+ recommended)
- Go 1.25+
- Root/sudo access (required for namespaces, cgroups, iptables)
- Node.js 18+ (for the web UI only)
git clone https://github.com/Vedthakar/Vedocker.git
cd Vedocker
# Build everything
make build
# Or build individually
go build -o minicontainer .
go build -o minicontainerd ./pkg/minicontainerd/# Start the background daemon (required for UI and orchestration)
sudo ./minicontainerdcd minicontainer-ui
npm install
npm run dev
# Open http://localhost:5173sudo ./scripts/bootstrap.sh# Pull a base image
sudo ./minicontainer image pull alpine:latest
# Build an image from a Dockerfile
sudo ./minicontainer image build -t my-app:v1 -f Dockerfile .
# List images
sudo ./minicontainer image ls
# Create and start a container
sudo ./minicontainer create my-container my-app:v1 /bin/sh -c "sleep 3600"
sudo ./minicontainer start my-container
# View logs
sudo ./minicontainer logs my-container
# Execute a command inside the container
sudo ./minicontainer exec my-container /bin/sh
# Stop and remove
sudo ./minicontainer stop my-container
sudo ./minicontainer rm my-container# Deploy any GitHub repo (AI generates Dockerfile if missing)
sudo ./minicontainer deploy-repo https://github.com/user/repo# Apply a Pod
sudo ./minicontainer pod apply hello-pod.yaml
# Apply a Deployment with replicas
sudo ./minicontainer deploy apply webdeploy.yaml
# Scale a deployment
sudo ./minicontainer deploy scale my-app 3
# Reconcile (repair missing replicas)
sudo ./minicontainer deploy reconcile my-app
# Reconcile everything
sudo ./minicontainer deploy reconcile-all
# List running pods and deployments
sudo ./minicontainer pod ls
sudo ./minicontainer deploy ls# webdeploy.yaml
name: my-web-app
image: my-app:v1
replicas: 3
ports:
- host: 8080
container: 3000
env:
NODE_ENV: productionUser input (image or GitHub URL)
β Daemon receives request
β Image resolved or built from source
β Container created with isolated namespace + cgroup
β Process launched inside rootfs
β Port published via iptables
β Logs streamed to UI
User pastes GitHub URL
β Daemon clones repository
β Inspect: does a Dockerfile exist?
βββ Yes β proceed to build
βββ No β AI analyzes repo structure
β Infer language + framework
β Generate Dockerfile
β Validate output
β Proceed to build
β Build image
β Start container
β UI shows status, logs, controls
User applies Deployment YAML
β Desired state written to storage (replicas: 3)
β Reconcile loop runs
β Actual state checked (running containers)
β Delta calculated (need 3, have 0 β create 3)
β Replicas created on the custom runtime
β Background loop watches continuously
β Container dies β loop detects β replica recreated
For anyone reading this as a portfolio piece:
| Skill Area | What Vedocker shows |
|---|---|
| Systems programming | Go + Linux kernel APIs β namespaces, cgroups, proc lifecycle |
| Networking | Network namespaces, IP allocation, iptables NAT, port publishing |
| Infrastructure design | Layered platform architecture from runtime to control plane |
| Orchestration | Desired-state management, reconcile loops, self-healing |
| AI integration | LLM-powered Dockerfile generation as a practical product fallback |
| Full-stack | Go backend daemon + Vite frontend + REST API |
| Product thinking | Solving a real problem (any repo β running app) through systems engineering |
| Feature | Status |
|---|---|
| From-scratch container runtime | β |
| Custom image store (pull, build, import, export) | β |
| Dockerfile-lite build engine | β |
| GitHub repo deployment | β |
| AI-generated Dockerfile fallback | β |
| Daemon + Docker-style web UI | β |
| Pod management | β |
| Deployment management + scaling | β |
| Background reconcile loop + self-healing | β |
| Kubernetes dashboard | β |
| Service object + state management | β |
Fully robust multi-replica Service proxying and load balancing is deferred β it requires a deeper redesign of the runtime networking model. This is an intentional boundary, not hidden incomplete behavior.